diff --git a/.github/workflows/nightly_build.yaml b/.github/workflows/nightly_build.yaml index 3011faea84..affe408835 100644 --- a/.github/workflows/nightly_build.yaml +++ b/.github/workflows/nightly_build.yaml @@ -25,7 +25,7 @@ jobs: with: cosign-release: v2.2.3 - name: Install regctl - uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main + uses: regclient/actions/regctl-installer@ce5fd131e371ffcdd7508b478cb223b3511a9183 # main - name: Build images run: make images - name: Log in to GHCR diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index f21b323b91..f3c7f2db86 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -134,7 +134,7 @@ jobs: with: go-version-file: 'go.mod' - name: Install regctl - uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main + uses: regclient/actions/regctl-installer@ce5fd131e371ffcdd7508b478cb223b3511a9183 # main - name: Download archived images uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: @@ -146,7 +146,7 @@ jobs: - name: Build artifacts run: ./.github/workflows/scripts/build_artifacts.sh ${{ runner.os }} - name: Archive artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: binaries-linux path: ./artifacts/ @@ -186,7 +186,7 @@ jobs: - name: Export images run: tar -czvf images.tar.gz *-image.tar - name: Archive images - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: images path: images.tar.gz @@ -215,7 +215,7 @@ jobs: docker save spire-server-windows:latest-local spire-agent-windows:latest-local oidc-discovery-provider-windows:latest-local -o images-windows.tar gzip images-windows.tar - name: Archive images - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: images-windows path: images-windows.tar.gz @@ -268,7 +268,7 @@ jobs: with: go-version-file: 'go.mod' - name: Install regctl - uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main + uses: regclient/actions/regctl-installer@ce5fd131e371ffcdd7508b478cb223b3511a9183 # main - name: Load cached deps uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: @@ -328,7 +328,7 @@ jobs: with: go-version-file: 'go.mod' - name: Install regctl - uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main + uses: regclient/actions/regctl-installer@ce5fd131e371ffcdd7508b478cb223b3511a9183 # main - name: Load cached deps uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: @@ -584,7 +584,7 @@ jobs: - name: Build artifacts run: ./.github/workflows/scripts/build_artifacts.sh ${{ runner.os }} - name: Archive artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: binaries-windows path: ./artifacts/ diff --git a/.github/workflows/release_build.yaml b/.github/workflows/release_build.yaml index b73f90eb87..16e52acf40 100644 --- a/.github/workflows/release_build.yaml +++ b/.github/workflows/release_build.yaml @@ -125,7 +125,7 @@ jobs: with: go-version-file: 'go.mod' - name: Install regctl - uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main + uses: regclient/actions/regctl-installer@ce5fd131e371ffcdd7508b478cb223b3511a9183 # main - name: Download archived images uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: @@ -137,7 +137,7 @@ jobs: - name: Build artifacts run: ./.github/workflows/scripts/build_artifacts.sh ${{ runner.os }} - name: Archive artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: binaries-linux path: ./artifacts/ @@ -172,7 +172,7 @@ jobs: - name: Export images run: tar -czvf images.tar.gz *-image.tar - name: Archive images - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: images path: images.tar.gz @@ -200,7 +200,7 @@ jobs: docker save spire-server-windows:latest-local spire-agent-windows:latest-local oidc-discovery-provider-windows:latest-local -o images-windows.tar gzip images-windows.tar - name: Archive images - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: images-windows path: images-windows.tar.gz @@ -260,7 +260,7 @@ jobs: with: go-version-file: 'go.mod' - name: Install regctl - uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main + uses: regclient/actions/regctl-installer@ce5fd131e371ffcdd7508b478cb223b3511a9183 # main - name: Load cached deps uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: @@ -320,7 +320,7 @@ jobs: with: go-version-file: 'go.mod' - name: Install regctl - uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main + uses: regclient/actions/regctl-installer@ce5fd131e371ffcdd7508b478cb223b3511a9183 # main - name: Load cached deps uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: @@ -540,7 +540,7 @@ jobs: path: ./bin/ key: ${{ runner.os }}-executables-${{ hashFiles('**/*.exe') }} - name: Archive artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: binaries-windows path: ./artifacts/ @@ -593,7 +593,7 @@ jobs: with: cosign-release: v2.2.3 - name: Install regctl - uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc # main + uses: regclient/actions/regctl-installer@ce5fd131e371ffcdd7508b478cb223b3511a9183 # main - name: Download archived images uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: diff --git a/.github/workflows/scripts/find_k8s.sh b/.github/workflows/scripts/find_k8s.sh index 4a60c1fe17..7019221ae0 100755 --- a/.github/workflows/scripts/find_k8s.sh +++ b/.github/workflows/scripts/find_k8s.sh @@ -23,6 +23,13 @@ declare -A tags_map for element in "${tags_sorted[@]}"; do + # Skip 1.32.1 until either a new version of kind is released the problem + # with the kindest/node:1.32.1 image is fixed. See upstream kind issue: + # https://github.com/kubernetes-sigs/kind/issues/3853 + if [[ "$element" == "v1.32.1" ]]; then + continue + fi + # Element is in this form: "X.XX.YY" # If not, continue num_dots=$(echo "$element" | grep -o '\.' | wc -l) diff --git a/.go-version b/.go-version index 27ddcc14da..ca8ec414e7 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.23.4 +1.23.5 diff --git a/.golangci.yml b/.golangci.yml index 9306540caf..eb1854716b 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -14,18 +14,28 @@ linters: - bodyclose - durationcheck - errorlint + - gofmt - goimports - revive - gosec - misspell - nakedret + - nilerr - unconvert - unparam + - intrange - whitespace - gocritic + - copyloopvar + - wastedassign - nolintlint linters-settings: + govet: + enable: + - nilness + - sortslice + - unusedwrite revive: # minimal confidence for issues, default is 0.8 confidence: 0.0 diff --git a/CODEOWNERS b/CODEOWNERS index fd22b2d626..95f85ba8d5 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,27 +1,27 @@ -* @evan2645 @amartinezfayo @azdagron @MarcosDY @rturner3 +* @evan2645 @amartinezfayo @sorindumitru @MarcosDY @rturner3 ########################################## # Maintainers ########################################## # Evan Gilman -# VMware, Inc +# SPIRL, Inc. # @evan2645 # Agustin Martínez Fayó # Hewlett-Packard Enterprise # @amartinezfayo -# Andrew Harding -# VMware, Inc -# @azdagron +# Sorin Dumitru +# Bloomberg L.P. +# @sorindumitru # Marcos Yacob # Hewlett-Packard Enterprise # @MarcosDY # Ryan Turner -# Uber Technologies, Inc +# Cielara AI # @rturner3 ########################################## @@ -29,5 +29,5 @@ ########################################## # Umair Khan -# Hewlett-Packard Enterprise +# Stacklet, Inc. # @umairmkhan diff --git a/cmd/spire-agent/cli/api/api_test.go b/cmd/spire-agent/cli/api/api_test.go index 9a9fa8ec25..b4f274ca83 100644 --- a/cmd/spire-agent/cli/api/api_test.go +++ b/cmd/spire-agent/cli/api/api_test.go @@ -15,9 +15,9 @@ import ( "github.com/mitchellh/cli" "github.com/spiffe/go-spiffe/v2/proto/spiffe/workload" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/spiffe/spire/cmd/spire-server/cli/common" commoncli "github.com/spiffe/spire/pkg/common/cli" "github.com/spiffe/spire/pkg/common/x509util" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/fakes/fakeworkloadapi" "github.com/spiffe/spire/test/spiretest" "github.com/spiffe/spire/test/testca" @@ -416,9 +416,10 @@ func TestValidateJWTCommand(t *testing.T) { Claims: &structpb.Struct{ Fields: map[string]*structpb.Value{ "aud": { - Kind: &structpb.Value_ListValue{ListValue: &structpb.ListValue{ - Values: []*structpb.Value{{Kind: &structpb.Value_StringValue{StringValue: "foo"}}}, - }, + Kind: &structpb.Value_ListValue{ + ListValue: &structpb.ListValue{ + Values: []*structpb.Value{{Kind: &structpb.Value_StringValue{StringValue: "foo"}}}, + }, }, }, }, @@ -504,7 +505,7 @@ func setupTest(t *testing.T, newCmd func(env *commoncli.Env, clientMaker workloa }, newWorkloadClient) test := &apiTest{ - addr: common.GetAddr(addr), + addr: clitest.GetAddr(addr), stdin: stdin, stdout: stdout, stderr: stderr, @@ -538,7 +539,7 @@ func (s *apiTest) afterTest(t *testing.T) { } func (s *apiTest) args(extra ...string) []string { - return append([]string{common.AddrArg, s.addr}, extra...) + return append([]string{clitest.AddrArg, s.addr}, extra...) } func assertOutputBasedOnFormat(t *testing.T, format, stdoutString, expectedStdoutJSON string, expectedStdoutPretty ...string) { diff --git a/cmd/spire-agent/cli/api/common.go b/cmd/spire-agent/cli/api/common.go index 6b319a6799..ec28bc8bd2 100644 --- a/cmd/spire-agent/cli/api/common.go +++ b/cmd/spire-agent/cli/api/common.go @@ -28,7 +28,7 @@ func newWorkloadClient(ctx context.Context, addr net.Addr, timeout time.Duration if err != nil { return nil, err } - conn, err := util.GRPCDialContext(ctx, target) + conn, err := util.NewGRPCClient(target) if err != nil { return nil, err } diff --git a/cmd/spire-agent/cli/healthcheck/healthcheck.go b/cmd/spire-agent/cli/healthcheck/healthcheck.go index 99181d3a36..67d677ddc7 100644 --- a/cmd/spire-agent/cli/healthcheck/healthcheck.go +++ b/cmd/spire-agent/cli/healthcheck/healthcheck.go @@ -79,7 +79,7 @@ func (c *healthCheckCommand) run() error { if err != nil { return err } - conn, err := util.GRPCDialContext(context.Background(), target) + conn, err := util.NewGRPCClient(target) if err != nil { return err } diff --git a/cmd/spire-agent/cli/run/run_test.go b/cmd/spire-agent/cli/run/run_test.go index 29ab95b732..9591e214e6 100644 --- a/cmd/spire-agent/cli/run/run_test.go +++ b/cmd/spire-agent/cli/run/run_test.go @@ -123,8 +123,6 @@ func TestDownloadTrustBundle(t *testing.T) { } for _, testCase := range cases { - testCase := testCase - t.Run(testCase.msg, func(t *testing.T) { testServer := httptest.NewServer(http.HandlerFunc( func(w http.ResponseWriter, r *http.Request) { @@ -629,8 +627,6 @@ func TestMergeInput(t *testing.T) { cases = append(cases, mergeInputCasesOS()...) for _, testCase := range cases { - testCase := testCase - fileInput := &Config{Agent: &agentConfig{}} cliInput := &agentConfig{} @@ -1042,8 +1038,6 @@ func TestNewAgentConfig(t *testing.T) { } cases = append(cases, newAgentConfigCasesOS(t)...) for _, testCase := range cases { - testCase := testCase - input := defaultValidConfig() testCase.input(input) @@ -1206,8 +1200,6 @@ func TestWarnOnUnknownConfig(t *testing.T) { } for _, testCase := range cases { - testCase := testCase - c, err := ParseFile(filepath.Join(testFileDir, testCase.confFile), false) require.NoError(t, err) diff --git a/cmd/spire-server/cli/agent/agent_test.go b/cmd/spire-server/cli/agent/agent_test.go index 6110a88bfd..4182239769 100644 --- a/cmd/spire-server/cli/agent/agent_test.go +++ b/cmd/spire-server/cli/agent/agent_test.go @@ -12,8 +12,8 @@ import ( agentv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/agent/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" "github.com/spiffe/spire/cmd/spire-server/cli/agent" - "github.com/spiffe/spire/cmd/spire-server/cli/common" commoncli "github.com/spiffe/spire/pkg/common/cli" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/require" "google.golang.org/grpc" @@ -92,10 +92,13 @@ func TestBan(t *testing.T) { expectStderr: "Error: a SPIFFE ID is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-spiffeID", "spiffe://example.org/spire/agent/agent1", + }, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: " + clitest.AddrError, }, { name: "server error", @@ -152,10 +155,13 @@ func TestEvict(t *testing.T) { expectedStderr: "Error: a SPIFFE ID is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-spiffeID", "spiffe://example.org/spire/agent/agent1", + }, expectedReturnCode: 1, - expectedStderr: common.AddrError, + expectedStderr: "Error: " + clitest.AddrError, }, { name: "server error", @@ -221,9 +227,9 @@ func TestCount(t *testing.T) { }, { name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + args: []string{clitest.AddrArg, clitest.AddrValue}, expectedReturnCode: 1, - expectedStderr: common.AddrError, + expectedStderr: "Error: " + clitest.AddrError, }, { name: "Count by expiresBefore: month out of range", @@ -448,9 +454,9 @@ func TestList(t *testing.T) { }, { name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + args: []string{clitest.AddrArg, clitest.AddrValue}, expectedReturnCode: 1, - expectedStderr: common.AddrError, + expectedStderr: "Error: " + clitest.AddrError, }, { name: "List by expiresBefore: month out of range", @@ -740,10 +746,13 @@ func TestShow(t *testing.T) { expectedStderr: "Error: rpc error: code = Internal desc = internal server error\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-spiffeID", "spiffe://example.org/spire/agent/agent1", + }, expectedReturnCode: 1, - expectedStderr: common.AddrError, + expectedStderr: "Error: " + clitest.AddrError, }, { name: "show selectors", @@ -801,7 +810,7 @@ func setupTest(t *testing.T, newClient func(*commoncli.Env) cli.Command) *agentT stdin: stdin, stdout: stdout, stderr: stderr, - args: []string{common.AddrArg, common.GetAddr(addr)}, + args: []string{clitest.AddrArg, clitest.GetAddr(addr)}, server: server, client: client, } diff --git a/cmd/spire-server/cli/authoritycommon/test/authoritycommontest.go b/cmd/spire-server/cli/authoritycommon/test/authoritycommontest.go index 2a78598f4e..e9e9460734 100644 --- a/cmd/spire-server/cli/authoritycommon/test/authoritycommontest.go +++ b/cmd/spire-server/cli/authoritycommon/test/authoritycommontest.go @@ -7,16 +7,14 @@ import ( "github.com/mitchellh/cli" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" - "github.com/spiffe/spire/cmd/spire-server/cli/common" commoncli "github.com/spiffe/spire/pkg/common/cli" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/require" "google.golang.org/grpc" ) -var ( - AvailableFormats = []string{"pretty", "json"} -) +var AvailableFormats = []string{"pretty", "json"} type localAuthorityTest struct { Stdin *bytes.Buffer @@ -55,7 +53,7 @@ func SetupTest(t *testing.T, newClient func(*commoncli.Env) cli.Command) *localA Stdin: stdin, Stdout: stdout, Stderr: stderr, - Args: []string{common.AddrArg, common.GetAddr(addr)}, + Args: []string{clitest.AddrArg, clitest.GetAddr(addr)}, Server: server, Client: client, } diff --git a/cmd/spire-server/cli/bundle/common.go b/cmd/spire-server/cli/bundle/common.go index a9335a37b7..26a3f52cb8 100644 --- a/cmd/spire-server/cli/bundle/common.go +++ b/cmd/spire-server/cli/bundle/common.go @@ -2,7 +2,6 @@ package bundle import ( "bytes" - "crypto" "crypto/x509" "encoding/json" "encoding/pem" @@ -17,7 +16,7 @@ import ( "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" "github.com/spiffe/spire/cmd/spire-server/util" - "github.com/zeebo/errs" + "github.com/spiffe/spire/pkg/common/jwtutil" ) const ( @@ -78,7 +77,7 @@ func printBundle(out io.Writer, bundle *types.Bundle) error { docBytes, err := b.Marshal() if err != nil { - return errs.Wrap(err) + return err } var o bytes.Buffer @@ -87,7 +86,7 @@ func printBundle(out io.Writer, bundle *types.Bundle) error { } if _, err := fmt.Fprintln(out, o.String()); err != nil { - return errs.Wrap(err) + return err } return nil @@ -103,7 +102,7 @@ func bundleFromProto(bundleProto *types.Bundle) (*spiffebundle.Bundle, error) { if err != nil { return nil, err } - jwtAuthorities, err := jwtKeysFromProto(bundleProto.JwtAuthorities) + jwtAuthorities, err := jwtutil.JWTKeysFromProto(bundleProto.JwtAuthorities) if err != nil { return nil, err } @@ -132,20 +131,6 @@ func x509CertificatesFromProto(proto []*types.X509Certificate) ([]*x509.Certific return certs, nil } -// jwtKeysFromProto converts JWT keys from the given []*types.JWTKey to map[string]crypto.PublicKey. -// The key ID of the public key is used as the key in the returned map. -func jwtKeysFromProto(proto []*types.JWTKey) (map[string]crypto.PublicKey, error) { - keys := make(map[string]crypto.PublicKey) - for i, publicKey := range proto { - jwtSigningKey, err := x509.ParsePKIXPublicKey(publicKey.PublicKey) - if err != nil { - return nil, fmt.Errorf("unable to parse JWT signing key %d: %w", i, err) - } - keys[publicKey.KeyId] = jwtSigningKey - } - return keys, nil -} - func printBundleWithFormat(out io.Writer, bundle *types.Bundle, format string, header bool) error { if bundle == nil { return errors.New("no bundle provided") diff --git a/cmd/spire-server/cli/bundle/common_test.go b/cmd/spire-server/cli/bundle/common_test.go index 08bbd926a5..722b414f05 100644 --- a/cmd/spire-server/cli/bundle/common_test.go +++ b/cmd/spire-server/cli/bundle/common_test.go @@ -9,9 +9,9 @@ import ( "github.com/mitchellh/cli" bundlev1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/bundle/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" - "github.com/spiffe/spire/cmd/spire-server/cli/common" common_cli "github.com/spiffe/spire/pkg/common/cli" "github.com/spiffe/spire/pkg/common/pemutil" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/require" "google.golang.org/grpc" @@ -203,7 +203,7 @@ func setupTest(t *testing.T, newClient func(*common_cli.Env) cli.Command) *bundl cert1: cert1, cert2: cert2, key1Pkix: key1Pkix, - addr: common.GetAddr(addr), + addr: clitest.GetAddr(addr), stdin: stdin, stdout: stdout, stderr: stderr, @@ -241,7 +241,7 @@ func (s *bundleTest) afterTest(t *testing.T) { } func (s *bundleTest) args(extra ...string) []string { - return append([]string{common.AddrArg, s.addr}, extra...) + return append([]string{clitest.AddrArg, s.addr}, extra...) } type fakeBundleServer struct { diff --git a/cmd/spire-server/cli/common/common_windows.go b/cmd/spire-server/cli/common/common_windows.go deleted file mode 100644 index 2cc3dd87c4..0000000000 --- a/cmd/spire-server/cli/common/common_windows.go +++ /dev/null @@ -1,25 +0,0 @@ -//go:build windows - -package common - -import ( - "net" - - "github.com/spiffe/spire/pkg/common/namedpipe" -) - -var ( - AddrArg = "-namedPipeName" - AddrError = "Error: connection error: desc = \"transport: error while dialing: open \\\\\\\\.\\\\pipe\\\\does-not-exist: The system cannot find the file specified.\"\n" - AddrOutputUsage = ` - -namedPipeName string - Pipe name of the SPIRE Server API named pipe (default "\\spire-server\\private\\api") - -output value - Desired output format (pretty, json); default: pretty. -` - AddrValue = "\\does-not-exist" -) - -func GetAddr(addr net.Addr) string { - return namedpipe.GetPipeName(addr.String()) -} diff --git a/cmd/spire-server/cli/entry/show_test.go b/cmd/spire-server/cli/entry/show_test.go index d2fee9b325..84cd90854d 100644 --- a/cmd/spire-server/cli/entry/show_test.go +++ b/cmd/spire-server/cli/entry/show_test.go @@ -445,7 +445,7 @@ func getEntries(count int) []*types.Entry { } e := []*types.Entry{} - for i := 0; i < count; i++ { + for i := range count { e = append(e, entries[i]) } diff --git a/cmd/spire-server/cli/entry/util_test.go b/cmd/spire-server/cli/entry/util_test.go index 3148e80366..24dfdd9ee3 100644 --- a/cmd/spire-server/cli/entry/util_test.go +++ b/cmd/spire-server/cli/entry/util_test.go @@ -10,8 +10,8 @@ import ( "github.com/mitchellh/cli" entryv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/entry/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" - "github.com/spiffe/spire/cmd/spire-server/cli/common" common_cli "github.com/spiffe/spire/pkg/common/cli" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/spiretest" "github.com/spiffe/spire/test/util" "github.com/stretchr/testify/assert" @@ -45,7 +45,6 @@ func TestParseEntryJSON(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { p := testCase.testDataPath @@ -155,7 +154,7 @@ func (e *entryTest) afterTest(t *testing.T) { } func (e *entryTest) args(extra ...string) []string { - return append([]string{common.AddrArg, e.addr}, extra...) + return append([]string{clitest.AddrArg, e.addr}, extra...) } type fakeEntryServer struct { @@ -242,7 +241,7 @@ func setupTest(t *testing.T, newClient func(*common_cli.Env) cli.Command) *entry }) test := &entryTest{ - addr: common.GetAddr(addr), + addr: clitest.GetAddr(addr), stdin: stdin, stdout: stdout, stderr: stderr, diff --git a/cmd/spire-server/cli/federation/common_test.go b/cmd/spire-server/cli/federation/common_test.go index 6438fd2937..f9b8954647 100644 --- a/cmd/spire-server/cli/federation/common_test.go +++ b/cmd/spire-server/cli/federation/common_test.go @@ -11,9 +11,9 @@ import ( "github.com/spiffe/go-spiffe/v2/spiffeid" trustdomainv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/trustdomain/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" - "github.com/spiffe/spire/cmd/spire-server/cli/common" common_cli "github.com/spiffe/spire/pkg/common/cli" "github.com/spiffe/spire/pkg/common/pemutil" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/fakes/fakeserverca" "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/require" @@ -124,7 +124,7 @@ func (c *cmdTest) afterTest(t *testing.T) { } func (c *cmdTest) args(extra ...string) []string { - return append([]string{common.AddrArg, c.addr}, extra...) + return append([]string{clitest.AddrArg, c.addr}, extra...) } type fakeServer struct { @@ -222,7 +222,7 @@ func setupTest(t *testing.T, newClient func(*common_cli.Env) cli.Command) *cmdTe }) test := &cmdTest{ - addr: common.GetAddr(addr), + addr: clitest.GetAddr(addr), stdin: stdin, stdout: stdout, stderr: stderr, @@ -241,7 +241,7 @@ func createBundle(t *testing.T, trustDomain string) (*types.Bundle, string) { td := spiffeid.RequireTrustDomainFromString(trustDomain) bundlePath := path.Join(t.TempDir(), "bundle.pem") ca := fakeserverca.New(t, td, &fakeserverca.Options{}) - require.NoError(t, os.WriteFile(bundlePath, pemutil.EncodeCertificates(ca.Bundle()), 0600)) + require.NoError(t, os.WriteFile(bundlePath, pemutil.EncodeCertificates(ca.Bundle()), 0o600)) return &types.Bundle{ TrustDomain: td.Name(), @@ -253,13 +253,13 @@ func createBundle(t *testing.T, trustDomain string) (*types.Bundle, string) { func createCorruptedBundle(t *testing.T) string { bundlePath := path.Join(t.TempDir(), "bundle.pem") - require.NoError(t, os.WriteFile(bundlePath, []byte("corrupted-bundle"), 0600)) + require.NoError(t, os.WriteFile(bundlePath, []byte("corrupted-bundle"), 0o600)) return bundlePath } func createJSONDataFile(t *testing.T, data string) string { jsonDataFilePath := path.Join(t.TempDir(), "bundle.pem") - require.NoError(t, os.WriteFile(jsonDataFilePath, []byte(data), 0600)) + require.NoError(t, os.WriteFile(jsonDataFilePath, []byte(data), 0o600)) return jsonDataFilePath } diff --git a/cmd/spire-server/cli/healthcheck/healthcheck_test.go b/cmd/spire-server/cli/healthcheck/healthcheck_test.go index 2ce86dbab6..d801624bbc 100644 --- a/cmd/spire-server/cli/healthcheck/healthcheck_test.go +++ b/cmd/spire-server/cli/healthcheck/healthcheck_test.go @@ -6,8 +6,8 @@ import ( "testing" "github.com/mitchellh/cli" - "github.com/spiffe/spire/cmd/spire-server/cli/common" common_cli "github.com/spiffe/spire/pkg/common/cli" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/suite" "google.golang.org/grpc" @@ -58,24 +58,24 @@ func (s *HealthCheckSuite) TestBadFlags() { } func (s *HealthCheckSuite) TestFailsIfEndpointDoesNotExist() { - code := s.cmd.Run([]string{common.AddrArg, common.AddrValue}) + code := s.cmd.Run([]string{clitest.AddrArg, clitest.AddrValue}) s.NotEqual(0, code, "exit code") s.Equal("", s.stdout.String(), "stdout") - spiretest.AssertHasPrefix(s.T(), s.stderr.String(), common.AddrError) + spiretest.AssertHasPrefix(s.T(), s.stderr.String(), "Error: server is unhealthy: unable to determine health\n") } func (s *HealthCheckSuite) TestFailsIfEndpointDoesNotExistVerbose() { - code := s.cmd.Run([]string{common.AddrArg, common.AddrValue, "-verbose"}) + code := s.cmd.Run([]string{clitest.AddrArg, clitest.AddrValue, "-verbose"}) s.NotEqual(0, code, "exit code") - s.Equal("", s.stdout.String(), "stdout") - spiretest.AssertHasPrefix(s.T(), s.stderr.String(), common.AddrError) + s.Equal("Checking server health...\n", s.stdout.String(), "stdout") + spiretest.AssertHasPrefix(s.T(), s.stderr.String(), "Failed to check health: "+clitest.AddrError) } func (s *HealthCheckSuite) TestSucceedsIfServingStatusServing() { addr := spiretest.StartGRPCServer(s.T(), func(srv *grpc.Server) { grpc_health_v1.RegisterHealthServer(srv, withStatus(grpc_health_v1.HealthCheckResponse_SERVING)) }) - code := s.cmd.Run([]string{common.AddrArg, common.GetAddr(addr)}) + code := s.cmd.Run([]string{clitest.AddrArg, clitest.GetAddr(addr)}) s.Equal(0, code, "exit code") s.Equal("Server is healthy.\n", s.stdout.String(), "stdout") s.Equal("", s.stderr.String(), "stderr") @@ -85,7 +85,7 @@ func (s *HealthCheckSuite) TestSucceedsIfServingStatusServingVerbose() { addr := spiretest.StartGRPCServer(s.T(), func(srv *grpc.Server) { grpc_health_v1.RegisterHealthServer(srv, withStatus(grpc_health_v1.HealthCheckResponse_SERVING)) }) - code := s.cmd.Run([]string{common.AddrArg, common.GetAddr(addr), "-verbose"}) + code := s.cmd.Run([]string{clitest.AddrArg, clitest.GetAddr(addr), "-verbose"}) s.Equal(0, code, "exit code") s.Equal(`Checking server health... Server is healthy. @@ -97,7 +97,7 @@ func (s *HealthCheckSuite) TestFailsIfServiceStatusOther() { addr := spiretest.StartGRPCServer(s.T(), func(srv *grpc.Server) { grpc_health_v1.RegisterHealthServer(srv, withStatus(grpc_health_v1.HealthCheckResponse_NOT_SERVING)) }) - code := s.cmd.Run([]string{common.AddrArg, common.GetAddr(addr), "-verbose"}) + code := s.cmd.Run([]string{clitest.AddrArg, clitest.GetAddr(addr), "-verbose"}) s.NotEqual(0, code, "exit code") s.Equal(`Checking server health... `, s.stdout.String(), "stdout") diff --git a/cmd/spire-server/cli/jwt/mint_test.go b/cmd/spire-server/cli/jwt/mint_test.go index 5ee4f57636..62e3caf301 100644 --- a/cmd/spire-server/cli/jwt/mint_test.go +++ b/cmd/spire-server/cli/jwt/mint_test.go @@ -16,9 +16,9 @@ import ( "github.com/go-jose/go-jose/v4/jwt" svidv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/svid/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" - "github.com/spiffe/spire/cmd/spire-server/cli/common" common_cli "github.com/spiffe/spire/pkg/common/cli" "github.com/spiffe/spire/pkg/common/pemutil" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -35,7 +35,7 @@ qNV3lKIL59N7G2B4ojbhfSNneSIIpP448uPxUnaunaQZ+/m7+x9oobIp availableFormats = []string{"pretty", "json"} expectedUsage = `Usage of jwt mint: -audience value - Audience claim that will be included in the SVID. Can be used more than once.` + common.AddrOutputUsage + + Audience claim that will be included in the SVID. Can be used more than once.` + clitest.AddrOutputUsage + ` -spiffeID string SPIFFE ID of the JWT-SVID -ttl duration @@ -325,7 +325,7 @@ func TestMintRun(t *testing.T) { BaseDir: dir, }) - args := []string{common.AddrArg, common.GetAddr(addr)} + args := []string{clitest.AddrArg, clitest.GetAddr(addr)} if tt.spiffeID != "" { args = append(args, "-spiffeID", tt.spiffeID) } diff --git a/cmd/spire-server/cli/localauthority/jwt/jwt_activate_test.go b/cmd/spire-server/cli/localauthority/jwt/jwt_activate_test.go index 1fdbd67811..6d13b49911 100644 --- a/cmd/spire-server/cli/localauthority/jwt/jwt_activate_test.go +++ b/cmd/spire-server/cli/localauthority/jwt/jwt_activate_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/jwt" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -57,10 +57,13 @@ func TestJWTActivate(t *testing.T) { expectStderr: "Error: an authority ID is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-authorityID", "prepared-id", + }, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not activate JWT authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/localauthority/jwt/jwt_prepare_test.go b/cmd/spire-server/cli/localauthority/jwt/jwt_prepare_test.go index b5b2dce04b..352d71ff16 100644 --- a/cmd/spire-server/cli/localauthority/jwt/jwt_prepare_test.go +++ b/cmd/spire-server/cli/localauthority/jwt/jwt_prepare_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/jwt" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -48,9 +48,9 @@ func TestJWTPrepare(t *testing.T) { }, { name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + args: []string{clitest.AddrArg, clitest.AddrValue}, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not prepare JWT authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/localauthority/jwt/jwt_revoke_test.go b/cmd/spire-server/cli/localauthority/jwt/jwt_revoke_test.go index 66e3c821f9..588e659cbb 100644 --- a/cmd/spire-server/cli/localauthority/jwt/jwt_revoke_test.go +++ b/cmd/spire-server/cli/localauthority/jwt/jwt_revoke_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/jwt" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -53,10 +53,13 @@ func TestJWTRevoke(t *testing.T) { expectStderr: "Error: an authority ID is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-authorityID", "prepared-id", + }, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not revoke JWT authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/localauthority/jwt/jwt_show_test.go b/cmd/spire-server/cli/localauthority/jwt/jwt_show_test.go index 0f68971a9e..19838b6b94 100644 --- a/cmd/spire-server/cli/localauthority/jwt/jwt_show_test.go +++ b/cmd/spire-server/cli/localauthority/jwt/jwt_show_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/jwt" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -101,9 +101,9 @@ func TestJWTShow(t *testing.T) { }, { name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + args: []string{clitest.AddrArg, clitest.AddrValue}, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/localauthority/jwt/jwt_taint_test.go b/cmd/spire-server/cli/localauthority/jwt/jwt_taint_test.go index ec765ea4fb..999a897898 100644 --- a/cmd/spire-server/cli/localauthority/jwt/jwt_taint_test.go +++ b/cmd/spire-server/cli/localauthority/jwt/jwt_taint_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/jwt" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -53,10 +53,13 @@ func TestJWTTaint(t *testing.T) { expectStderr: "Error: an authority ID is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-authorityID", "prepared-id", + }, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not taint JWT authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/localauthority/x509/x509_activate_test.go b/cmd/spire-server/cli/localauthority/x509/x509_activate_test.go index 25332acbfa..fa12fc10b4 100644 --- a/cmd/spire-server/cli/localauthority/x509/x509_activate_test.go +++ b/cmd/spire-server/cli/localauthority/x509/x509_activate_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/x509" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -59,10 +59,13 @@ func TestX509Activate(t *testing.T) { expectStderr: "Error: an authority ID is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-authorityID", "prepared-id", + }, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not activate X.509 authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/localauthority/x509/x509_prepare_test.go b/cmd/spire-server/cli/localauthority/x509/x509_prepare_test.go index 0a6c65cf65..ef1681d520 100644 --- a/cmd/spire-server/cli/localauthority/x509/x509_prepare_test.go +++ b/cmd/spire-server/cli/localauthority/x509/x509_prepare_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/x509" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -49,9 +49,9 @@ func TestX509Prepare(t *testing.T) { }, { name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + args: []string{clitest.AddrArg, clitest.AddrValue}, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not prepare X.509 authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/localauthority/x509/x509_revoke_test.go b/cmd/spire-server/cli/localauthority/x509/x509_revoke_test.go index babe525b44..16bedd9f09 100644 --- a/cmd/spire-server/cli/localauthority/x509/x509_revoke_test.go +++ b/cmd/spire-server/cli/localauthority/x509/x509_revoke_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/x509" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -54,10 +54,13 @@ func TestX509Revoke(t *testing.T) { expectStderr: "Error: an authority ID is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-authorityID", "prepared-id", + }, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not revoke X.509 authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/localauthority/x509/x509_show_test.go b/cmd/spire-server/cli/localauthority/x509/x509_show_test.go index 738f052baf..747ddd8132 100644 --- a/cmd/spire-server/cli/localauthority/x509/x509_show_test.go +++ b/cmd/spire-server/cli/localauthority/x509/x509_show_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/x509" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -110,9 +110,9 @@ func TestX509Show(t *testing.T) { }, { name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + args: []string{clitest.AddrArg, clitest.AddrValue}, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not get X.509 authorities: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/localauthority/x509/x509_taint_test.go b/cmd/spire-server/cli/localauthority/x509/x509_taint_test.go index 3582720c35..4d6b5173f8 100644 --- a/cmd/spire-server/cli/localauthority/x509/x509_taint_test.go +++ b/cmd/spire-server/cli/localauthority/x509/x509_taint_test.go @@ -7,8 +7,8 @@ import ( "github.com/gogo/status" localauthorityv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/localauthority/v1" authoritycommon_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/localauthority/x509" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -54,10 +54,13 @@ func TestX509Taint(t *testing.T) { expectStderr: "Error: an authority ID is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-authorityID", "prepared-id", + }, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not taint X.509 authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/logger/mocks_test.go b/cmd/spire-server/cli/logger/mocks_test.go index 69a5db83bb..e4d45f4528 100644 --- a/cmd/spire-server/cli/logger/mocks_test.go +++ b/cmd/spire-server/cli/logger/mocks_test.go @@ -1,18 +1,17 @@ package logger_test import ( + "bytes" + "context" "io" "testing" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/spiretest" - "bytes" - "context" - "github.com/mitchellh/cli" loggerv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/logger/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" - "github.com/spiffe/spire/cmd/spire-server/cli/common" commoncli "github.com/spiffe/spire/pkg/common/cli" "google.golang.org/grpc" ) @@ -55,7 +54,7 @@ func setupCliTest(t *testing.T, server *mockLoggerService, newClient func(*commo stdin: stdin, stdout: stdout, stderr: stderr, - args: []string{common.AddrArg, common.GetAddr(addr)}, + args: []string{clitest.AddrArg, clitest.GetAddr(addr)}, server: server, client: client, } diff --git a/cmd/spire-server/cli/logger/printers_test.go b/cmd/spire-server/cli/logger/printers_test.go index 2d98f31918..2e9460630e 100644 --- a/cmd/spire-server/cli/logger/printers_test.go +++ b/cmd/spire-server/cli/logger/printers_test.go @@ -53,7 +53,6 @@ Launch Level : info expectedError: errors.New("internal error: unexpected type *types.Entry returned; please report this as a bug"), }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { tt.env = &commoncli.Env{ Stdout: &tt.outWriter, diff --git a/cmd/spire-server/cli/run/run_test.go b/cmd/spire-server/cli/run/run_test.go index de917cbb4b..76698ff117 100644 --- a/cmd/spire-server/cli/run/run_test.go +++ b/cmd/spire-server/cli/run/run_test.go @@ -470,8 +470,6 @@ func TestMergeInput(t *testing.T) { cases = append(cases, mergeInputCasesOS(t)...) for _, testCase := range cases { - testCase := testCase - fileInput := &Config{Server: &serverConfig{}} testCase.fileInput(fileInput) @@ -1213,8 +1211,6 @@ func TestNewServerConfig(t *testing.T) { cases = append(cases, newServerConfigCasesOS(t)...) for _, testCase := range cases { - testCase := testCase - input := defaultValidConfig() testCase.input(input) @@ -1337,7 +1333,6 @@ func TestValidateConfig(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { conf := defaultValidConfig() testCase.applyConf(conf) @@ -1550,8 +1545,6 @@ func TestWarnOnUnknownConfig(t *testing.T) { } for _, testCase := range cases { - testCase := testCase - c, err := ParseFile(filepath.Join(testFileDir, testCase.confFile), false) require.NoError(t, err) @@ -1759,7 +1752,6 @@ func TestHasCompatibleTTLs(t *testing.T) { } for _, testCase := range cases { - testCase := testCase if testCase.caTTL == 0 { testCase.caTTL = credtemplate.DefaultX509CATTL } diff --git a/cmd/spire-server/cli/token/generate_test.go b/cmd/spire-server/cli/token/generate_test.go index a5414ea843..cf369b3796 100644 --- a/cmd/spire-server/cli/token/generate_test.go +++ b/cmd/spire-server/cli/token/generate_test.go @@ -9,8 +9,8 @@ import ( "github.com/mitchellh/cli" agentv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/agent/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" - "github.com/spiffe/spire/cmd/spire-server/cli/common" common_cli "github.com/spiffe/spire/pkg/common/cli" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/require" "google.golang.org/grpc" @@ -116,7 +116,7 @@ type tokenTest struct { } func (t *tokenTest) args(extra ...string) []string { - return append([]string{common.AddrArg, t.addr}, extra...) + return append([]string{clitest.AddrArg, t.addr}, extra...) } func setupTest(t *testing.T) *tokenTest { @@ -137,7 +137,7 @@ func setupTest(t *testing.T) *tokenTest { }) return &tokenTest{ - addr: common.GetAddr(addr), + addr: clitest.GetAddr(addr), stderr: stderr, stdin: stdin, stdout: stdout, diff --git a/cmd/spire-server/cli/upstreamauthority/revoke_test.go b/cmd/spire-server/cli/upstreamauthority/revoke_test.go index 8692590816..a61a1dcd30 100644 --- a/cmd/spire-server/cli/upstreamauthority/revoke_test.go +++ b/cmd/spire-server/cli/upstreamauthority/revoke_test.go @@ -6,8 +6,8 @@ import ( "github.com/gogo/status" authority_common_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/upstreamauthority" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -49,10 +49,13 @@ func TestRevoke(t *testing.T) { expectStderr: "Error: the Subject Key ID of the X.509 upstream authority is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-subjectKeyID", "subject-key-id", + }, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not revoke X.509 upstream authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/upstreamauthority/taint_test.go b/cmd/spire-server/cli/upstreamauthority/taint_test.go index 55337065ca..b3cd42e3c4 100644 --- a/cmd/spire-server/cli/upstreamauthority/taint_test.go +++ b/cmd/spire-server/cli/upstreamauthority/taint_test.go @@ -6,8 +6,8 @@ import ( "github.com/gogo/status" authority_common_test "github.com/spiffe/spire/cmd/spire-server/cli/authoritycommon/test" - "github.com/spiffe/spire/cmd/spire-server/cli/common" "github.com/spiffe/spire/cmd/spire-server/cli/upstreamauthority" + "github.com/spiffe/spire/test/clitest" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" ) @@ -49,10 +49,13 @@ func TestTaint(t *testing.T) { expectStderr: "Error: the Subject Key ID of the X.509 upstream authority is required\n", }, { - name: "wrong UDS path", - args: []string{common.AddrArg, common.AddrValue}, + name: "wrong UDS path", + args: []string{ + clitest.AddrArg, clitest.AddrValue, + "-subjectKeyID", "subject-key-id", + }, expectReturnCode: 1, - expectStderr: common.AddrError, + expectStderr: "Error: could not taint X.509 upstream authority: " + clitest.AddrError, }, { name: "server error", diff --git a/cmd/spire-server/cli/x509/mint_test.go b/cmd/spire-server/cli/x509/mint_test.go index caddc67cb8..6cc1a64be2 100644 --- a/cmd/spire-server/cli/x509/mint_test.go +++ b/cmd/spire-server/cli/x509/mint_test.go @@ -22,9 +22,9 @@ import ( bundlev1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/bundle/v1" svidv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/svid/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" - "github.com/spiffe/spire/cmd/spire-server/cli/common" common_cli "github.com/spiffe/spire/pkg/common/cli" "github.com/spiffe/spire/pkg/common/pemutil" + "github.com/spiffe/spire/test/clitest" "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -34,7 +34,7 @@ import ( var ( expectedUsage = `Usage of x509 mint: -dns value - DNS name that will be included in SVID. Can be used more than once.` + common.AddrOutputUsage + + DNS name that will be included in SVID. Can be used more than once.` + clitest.AddrOutputUsage + ` -spiffeID string SPIFFE ID of the X509-SVID -ttl duration @@ -297,7 +297,7 @@ Root CAs: return testKey, nil }) - args := []string{common.AddrArg, common.GetAddr(addr)} + args := []string{clitest.AddrArg, clitest.GetAddr(addr)} if tt.spiffeID != "" { args = append(args, "-spiffeID", tt.spiffeID) } diff --git a/cmd/spire-server/util/util.go b/cmd/spire-server/util/util.go index 22b48c7ac9..e27019202b 100644 --- a/cmd/spire-server/util/util.go +++ b/cmd/spire-server/util/util.go @@ -2,11 +2,9 @@ package util import ( "context" - "crypto" "crypto/x509" "flag" "fmt" - "net" "strings" "github.com/spiffe/go-spiffe/v2/bundle/spiffebundle" @@ -20,6 +18,7 @@ import ( trustdomainv1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/trustdomain/v1" api_types "github.com/spiffe/spire-api-sdk/proto/spire/api/types" common_cli "github.com/spiffe/spire/pkg/common/cli" + "github.com/spiffe/spire/pkg/common/jwtutil" "github.com/spiffe/spire/pkg/common/pemutil" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" @@ -33,13 +32,12 @@ const ( FormatSPIFFE = "spiffe" ) -func Dial(addr net.Addr) (*grpc.ClientConn, error) { - return grpc.Dial(addr.String(), //nolint: staticcheck // It is going to be resolved on #5152 +func NewGRPCClient(addr string) (*grpc.ClientConn, error) { + return grpc.NewClient( + addr, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer), - grpc.WithBlock(), //nolint: staticcheck // It is going to be resolved on #5152 - grpc.FailOnNonTempDialError(true), //nolint: staticcheck // It is going to be resolved on #5152 - grpc.WithReturnConnectionError()) //nolint: staticcheck // It is going to be resolved on #5152 + ) } type ServerClient interface { @@ -54,8 +52,8 @@ type ServerClient interface { NewHealthClient() grpc_health_v1.HealthClient } -func NewServerClient(addr net.Addr) (ServerClient, error) { - conn, err := Dial(addr) +func NewServerClient(addr string) (ServerClient, error) { + conn, err := NewGRPCClient(addr) if err != nil { return nil, err } @@ -157,12 +155,7 @@ func (a *Adapter) Run(args []string) int { return 1 } - addr, err := a.getAddr() - if err != nil { - fmt.Fprintln(a.env.Stderr, "Error: "+err.Error()) - return 1 - } - + addr := a.getGRPCAddr() client, err := NewServerClient(addr) if err != nil { fmt.Fprintln(a.env.Stderr, "Error: "+err.Error()) @@ -252,7 +245,7 @@ func protoFromSpiffeBundle(bundle *spiffebundle.Bundle) (*api_types.Bundle, erro X509Authorities: protoFromX509Certificates(bundle.X509Authorities()), } - jwtAuthorities, err := protoFromJWTKeys(bundle.JWTAuthorities()) + jwtAuthorities, err := jwtutil.ProtoFromJWTKeys(bundle.JWTAuthorities()) if err != nil { return nil, err } @@ -280,21 +273,3 @@ func protoFromX509Certificates(certs []*x509.Certificate) []*api_types.X509Certi return resp } - -// protoFromJWTKeys converts JWT keys from the given map[string]crypto.PublicKey to []*types.JWTKey -func protoFromJWTKeys(keys map[string]crypto.PublicKey) ([]*api_types.JWTKey, error) { - var resp []*api_types.JWTKey - - for kid, key := range keys { - pkixBytes, err := x509.MarshalPKIXPublicKey(key) - if err != nil { - return nil, err - } - resp = append(resp, &api_types.JWTKey{ - PublicKey: pkixBytes, - KeyId: kid, - }) - } - - return resp, nil -} diff --git a/cmd/spire-server/util/util_posix.go b/cmd/spire-server/util/util_posix.go index a86da5c8e6..c2de9d6641 100644 --- a/cmd/spire-server/util/util_posix.go +++ b/cmd/spire-server/util/util_posix.go @@ -6,8 +6,7 @@ import ( "context" "flag" "net" - - "github.com/spiffe/spire/pkg/common/util" + "strings" ) type adapterOS struct { @@ -18,13 +17,23 @@ func (a *Adapter) addOSFlags(flags *flag.FlagSet) { flags.StringVar(&a.socketPath, "socketPath", DefaultSocketPath, "Path to the SPIRE Server API socket") } -func (a *Adapter) getAddr() (net.Addr, error) { - if a.adapterOS.socketPath == "" { +func (a *Adapter) getGRPCAddr() string { + if a.socketPath == "" { a.socketPath = DefaultSocketPath } - return util.GetUnixAddrWithAbsPath(a.socketPath) + + // When grpc-go deprecated grpc.DialContext() in favor of grpc.NewClient(), + // they made a breaking change to always use the DNS resolver, even when overriding the context dialer. + // This is problematic for clients that do not use DNS for address resolution and don't set a resolver in the address. + // As a workaround, use the passthrough resolver to prevent using the DNS resolver. + // More context can be found in this issue: https://github.com/grpc/grpc-go/issues/1786#issuecomment-2114124036 + return "unix:" + a.socketPath } func dialer(ctx context.Context, addr string) (net.Conn, error) { - return (&net.Dialer{}).DialContext(ctx, "unix", addr) + // This is an ugly workaround to circumvent grpc-go needing us to provide the resolver in the address + // in order to bypass DNS lookup, which is not relevant in the case of CLI invocation. + // More context can be found in this issue: https://github.com/grpc/grpc-go/issues/1786#issuecomment-2114124036 + socketPathAddr := strings.TrimPrefix(addr, "unix:") + return (&net.Dialer{}).DialContext(ctx, "unix", socketPathAddr) } diff --git a/cmd/spire-server/util/util_windows.go b/cmd/spire-server/util/util_windows.go index be31ad7aaa..298ae739f6 100644 --- a/cmd/spire-server/util/util_windows.go +++ b/cmd/spire-server/util/util_windows.go @@ -6,6 +6,7 @@ import ( "context" "flag" "net" + "strings" "github.com/Microsoft/go-winio" "github.com/spiffe/spire/pkg/common/namedpipe" @@ -20,12 +21,21 @@ func (a *Adapter) addOSFlags(flags *flag.FlagSet) { } func dialer(ctx context.Context, addr string) (net.Conn, error) { - return winio.DialPipeContext(ctx, addr) + // This is an ugly workaround to circumvent grpc-go needing us to provide the resolver in the address + // in order to bypass DNS lookup, which is not relevant in the case of CLI invocation. + npipeAddr := strings.TrimPrefix(addr, "passthrough:") + return winio.DialPipeContext(ctx, npipeAddr) } -func (a *Adapter) getAddr() (net.Addr, error) { - if a.adapterOS.namedPipeName == "" { - a.adapterOS.namedPipeName = DefaultNamedPipeName +func (a *Adapter) getGRPCAddr() string { + if a.namedPipeName == "" { + a.namedPipeName = DefaultNamedPipeName } - return namedpipe.AddrFromName(a.namedPipeName), nil + + // When grpc-go deprecated grpc.DialContext() in favor of grpc.NewClient(), + // they made a breaking change to always use the DNS resolver, even when overriding the context dialer. + // This is problematic for clients that do not use DNS for address resolution and don't set a resolver in the address. + // As a workaround, use the passthrough resolver to prevent using the DNS resolver. + // More context can be found in this issue: https://github.com/grpc/grpc-go/issues/1786#issuecomment-2114124036 + return "passthrough:" + namedpipe.AddrFromName(a.namedPipeName).String() } diff --git a/doc/docker_images.md b/doc/docker_images.md index cc1f53b903..c508f1be13 100644 --- a/doc/docker_images.md +++ b/doc/docker_images.md @@ -30,7 +30,7 @@ $ docker run \ --user 1000:1000 \ -p 8081:8081 \ -v /path/to/server/config:/etc/spire/server \ - ghcr.io/spiffe/spire-server:v1.6.0 \ + ghcr.io/spiffe/spire-server:1.6.1 \ -config /etc/spire/server/server.conf ``` diff --git a/doc/plugin_agent_svidstore_gcp_secretmanager.md b/doc/plugin_agent_svidstore_gcp_secretmanager.md index 4ec741f4f0..bfa3cee997 100644 --- a/doc/plugin_agent_svidstore_gcp_secretmanager.md +++ b/doc/plugin_agent_svidstore_gcp_secretmanager.md @@ -71,3 +71,4 @@ Selectors are used on `storable` entries to describe metadata that is needed by | `gcp_secretmanager:projectid` | `gcp_secretmanager:projectid:some-project` | x | The Google Cloud project ID which the plugin will use Secret Manager | | `gcp_secretmanager:role` | `gcp_secretmanager:role:roles/secretmanager.viewer` | - | The Google Cloud role id for IAM policy (serviceaccount required when set) | | `gcp_secretmanager:serviceaccount` | `gcp_secretmanager:serviceaccount:test-secret@test-proj.iam.gserviceaccount.com` | - | The Google Cloud Service account for IAM policy (role required when set) | +| `gcp_secretmanager:regions` | `gcp_secretmanager:regions:europe-north1,europe-west1` | - | List of Google Cloud Region to create the secret in, this is immutable and cannot be changed (Omit to use automatic region selection) | diff --git a/doc/telemetry/telemetry_config.md b/doc/telemetry/telemetry_config.md index b7584de4f5..85cc99d16e 100644 --- a/doc/telemetry/telemetry_config.md +++ b/doc/telemetry/telemetry_config.md @@ -16,20 +16,21 @@ You may use all, some, or none of the collectors. The following collectors suppo ## Telemetry configuration syntax -| Configuration | Type | Description | Default | -|-----------------------|---------------|---------------------------------------------------------------|--------------------------| -| `InMem` | `InMem` | In-memory configuration | running | -| `Prometheus` | `Prometheus` | Prometheus configuration | | -| `DogStatsd` | `[]DogStatsd` | List of DogStatsd configurations | | -| `Statsd` | `[]Statsd` | List of Statsd configurations | | -| `M3` | `[]M3` | List of M3 configurations | | -| `MetricPrefix` | `string` | Prefix to add to all emitted metrics | spire_server/spire_agent | -| `EnableHostnameLabel` | `bool` | Enable adding hostname to labels | true | -| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | -| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | -| `BlockedPrefixes` | `[]string` | A list of metric prefixes to block, with '.' as the separator | | -| `AllowedLabels` | `[]string` | A list of metric labels to allow, with '.' as the separator | | -| `BlockedLabels` | `[]string` | A list of metric labels to block, with '.' as the separator | | +| Configuration | Type | Description | Default | +|--------------------------|---------------|---------------------------------------------------------------|--------------------------| +| `InMem` | `InMem` | In-memory configuration | running | +| `Prometheus` | `Prometheus` | Prometheus configuration | | +| `DogStatsd` | `[]DogStatsd` | List of DogStatsd configurations | | +| `Statsd` | `[]Statsd` | List of Statsd configurations | | +| `M3` | `[]M3` | List of M3 configurations | | +| `MetricPrefix` | `string` | Prefix to add to all emitted metrics | spire_server/spire_agent | +| `EnableTrustDomainLabel` | `bool` | Enable optional trust domain label for all metrics | false | +| `EnableHostnameLabel` | `bool` | Enable adding hostname to labels | true | +| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | +| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | +| `BlockedPrefixes` | `[]string` | A list of metric prefixes to block, with '.' as the separator | | +| `AllowedLabels` | `[]string` | A list of metric labels to allow, with '.' as the separator | | +| `BlockedLabels` | `[]string` | A list of metric labels to block, with '.' as the separator | | ### `Prometheus` @@ -79,7 +80,6 @@ telemetry { ] InMem {} - AllowedLabels = [] BlockedLabels = [] AllowedPrefixes = [] diff --git a/go.sum b/go.sum index e64159e76b..822cc750b8 100644 --- a/go.sum +++ b/go.sum @@ -1,315 +1,2233 @@ -module github.com/spiffe/spire - -go 1.23.5 - -require ( - cloud.google.com/go/iam v1.3.0 - cloud.google.com/go/kms v1.20.4 - cloud.google.com/go/secretmanager v1.14.2 - cloud.google.com/go/security v1.18.2 - cloud.google.com/go/storage v1.50.0 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 - github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 - github.com/GoogleCloudPlatform/cloudsql-proxy v1.37.4 - github.com/Keyfactor/ejbca-go-client-sdk v1.0.2 - github.com/Masterminds/sprig/v3 v3.3.0 - github.com/Microsoft/go-winio v0.6.2 - github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 - github.com/aws/aws-sdk-go-v2 v1.36.0 - github.com/aws/aws-sdk-go-v2/config v1.29.0 - github.com/aws/aws-sdk-go-v2/credentials v1.17.53 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 - github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.5.1 - github.com/aws/aws-sdk-go-v2/service/acmpca v1.37.0 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.202.1 - github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 - github.com/aws/aws-sdk-go-v2/service/kms v1.37.8 - github.com/aws/aws-sdk-go-v2/service/organizations v1.37.0 - github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.16.0 - github.com/aws/aws-sdk-go-v2/service/s3 v1.75.1 - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.0 - github.com/aws/aws-sdk-go-v2/service/sts v1.33.8 - github.com/aws/smithy-go v1.22.2 - github.com/blang/semver/v4 v4.0.0 - github.com/cenkalti/backoff/v4 v4.3.0 - github.com/docker/docker v27.5.1+incompatible - github.com/envoyproxy/go-control-plane/envoy v1.32.3 - github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa - github.com/go-jose/go-jose/v4 v4.0.4 - github.com/go-sql-driver/mysql v1.8.1 - github.com/godbus/dbus/v5 v5.1.0 - github.com/gofrs/uuid/v5 v5.3.0 - github.com/gogo/status v1.1.1 - github.com/google/btree v1.1.3 - github.com/google/go-cmp v0.6.0 - github.com/google/go-containerregistry v0.20.3 - github.com/google/go-tpm v0.9.3 - github.com/google/go-tpm-tools v0.4.4 - github.com/googleapis/gax-go/v2 v2.14.1 - github.com/gorilla/handlers v1.5.2 - github.com/hashicorp/go-hclog v1.6.3 - github.com/hashicorp/go-metrics v0.5.4 - github.com/hashicorp/go-plugin v1.6.3 - github.com/hashicorp/hcl v1.0.1-vault-7 - github.com/hashicorp/vault/api v1.15.0 - github.com/hashicorp/vault/sdk v0.14.1 - github.com/imdario/mergo v0.3.16 - github.com/imkira/go-observer v1.0.3 - github.com/jackc/pgx/v5 v5.7.2 - github.com/jinzhu/gorm v1.9.16 - github.com/lib/pq v1.10.9 - github.com/mattn/go-sqlite3 v1.14.24 - github.com/mitchellh/cli v1.1.5 - github.com/open-policy-agent/opa v0.70.0 - github.com/prometheus/client_golang v1.20.5 - github.com/shirou/gopsutil/v4 v4.24.12 - github.com/sigstore/cosign/v2 v2.4.1 - github.com/sigstore/rekor v1.3.9 - github.com/sigstore/sigstore v1.8.12 - github.com/sirupsen/logrus v1.9.3 - github.com/spiffe/go-spiffe/v2 v2.5.0 - github.com/spiffe/spire-api-sdk v1.2.5-0.20240916165922-16526993814a - github.com/spiffe/spire-plugin-sdk v1.4.4-0.20240701180828-594312f4444d - github.com/stretchr/testify v1.10.0 - github.com/uber-go/tally/v4 v4.1.16 - github.com/valyala/fastjson v1.6.4 - golang.org/x/crypto v0.32.0 - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - golang.org/x/net v0.34.0 - golang.org/x/sync v0.10.0 - golang.org/x/sys v0.29.0 - golang.org/x/time v0.9.0 - google.golang.org/api v0.219.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47 - google.golang.org/grpc v1.70.0 - google.golang.org/protobuf v1.36.4 - k8s.io/api v0.32.1 - k8s.io/apimachinery v0.32.1 - k8s.io/client-go v0.32.1 - k8s.io/kube-aggregator v0.32.1 - k8s.io/mount-utils v0.32.1 - sigs.k8s.io/controller-runtime v0.20.1 -) - -require ( - cel.dev/expr v0.19.0 // indirect - cloud.google.com/go v0.116.0 // indirect - cloud.google.com/go/auth v0.14.0 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect - cloud.google.com/go/compute/metadata v0.6.0 // indirect - cloud.google.com/go/longrunning v0.6.2 // indirect - cloud.google.com/go/monitoring v1.21.2 // indirect - dario.cat/mergo v1.0.1 // indirect - filippo.io/edwards25519 v1.1.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect - github.com/DataDog/datadog-go v3.2.0+incompatible // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 // indirect - github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.3.0 // indirect - github.com/OneOfOne/xxhash v1.2.8 // indirect - github.com/agnivade/levenshtein v1.2.0 // indirect - github.com/armon/go-radix v1.0.0 // indirect - github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.30 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.30 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.30 // indirect - github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 // indirect - github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.11 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.11 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.24.10 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.9 // indirect - github.com/beorn7/perks v1.0.1 // indirect - github.com/bgentry/speakeasy v0.1.0 // indirect - github.com/blang/semver v3.5.1+incompatible // indirect - github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect - github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect - github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect - github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect - github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v27.5.0+incompatible // indirect - github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker-credential-helpers v0.8.2 // indirect - github.com/docker/go-connections v0.5.0 // indirect - github.com/docker/go-units v0.5.0 // indirect - github.com/dustin/go-humanize v1.0.1 // indirect - github.com/ebitengine/purego v0.8.1 // indirect - github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect - github.com/evanphx/json-patch/v5 v5.9.0 // indirect - github.com/fatih/color v1.17.0 // indirect - github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/go-chi/chi v4.1.2+incompatible // indirect - github.com/go-ini/ini v1.67.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect - github.com/go-logr/logr v1.4.2 // indirect - github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-ole/go-ole v1.2.6 // indirect - github.com/go-openapi/analysis v0.23.0 // indirect - github.com/go-openapi/errors v0.22.0 // indirect - github.com/go-openapi/jsonpointer v0.21.0 // indirect - github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/loads v0.22.0 // indirect - github.com/go-openapi/runtime v0.28.0 // indirect - github.com/go-openapi/spec v0.21.0 // indirect - github.com/go-openapi/strfmt v0.23.0 // indirect - github.com/go-openapi/swag v0.23.0 // indirect - github.com/go-openapi/validate v0.24.0 // indirect - github.com/gobwas/glob v0.2.3 // indirect - github.com/gogo/googleapis v0.0.0-20180223154316-0cd9801be74a // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/mock v1.6.0 // indirect - github.com/golang/protobuf v1.5.4 // indirect - github.com/golang/snappy v0.0.4 // indirect - github.com/google/certificate-transparency-go v1.2.1 // indirect - github.com/google/flatbuffers v23.5.26+incompatible // indirect - github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect - github.com/google/go-configfs-tsm v0.2.2 // indirect - github.com/google/go-sev-guest v0.9.3 // indirect - github.com/google/go-tdx-guest v0.3.1 // indirect - github.com/google/gofuzz v1.2.0 // indirect - github.com/google/logger v1.1.1 // indirect - github.com/google/s2a-go v0.1.9 // indirect - github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect - github.com/gorilla/mux v1.8.1 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect - github.com/hashicorp/errwrap v1.1.0 // indirect - github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.7 // indirect - github.com/hashicorp/go-rootcerts v1.0.2 // indirect - github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect - github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect - github.com/hashicorp/go-sockaddr v1.0.6 // indirect - github.com/hashicorp/golang-lru v1.0.2 // indirect - github.com/hashicorp/yamux v0.1.1 // indirect - github.com/huandu/xstrings v1.5.0 // indirect - github.com/in-toto/in-toto-golang v0.9.0 // indirect - github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/jackc/pgpassfile v1.0.0 // indirect - github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect - github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect - github.com/jinzhu/inflection v1.0.0 // indirect - github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect - github.com/josharian/intern v1.0.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.11 // indirect - github.com/kylelemons/godebug v1.1.0 // indirect - github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect - github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect - github.com/magiconair/properties v1.8.7 // indirect - github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect - github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moby/docker-image-spec v1.3.1 // indirect - github.com/moby/sys/mountinfo v0.7.2 // indirect - github.com/moby/sys/userns v0.1.0 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect - github.com/oklog/run v1.1.0 // indirect - github.com/oklog/ulid v1.3.1 // indirect - github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0 // indirect - github.com/opentracing/opentracing-go v1.2.0 // indirect - github.com/pborman/uuid v1.2.1 // indirect - github.com/pelletier/go-toml/v2 v2.2.2 // indirect - github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect - github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/posener/complete v1.2.3 // indirect - github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect - github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.55.0 // indirect - github.com/prometheus/procfs v0.15.1 // indirect - github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect - github.com/ryanuber/go-glob v1.0.0 // indirect - github.com/sagikazarmark/locafero v0.4.0 // indirect - github.com/sagikazarmark/slog-shim v0.1.0 // indirect - github.com/sassoftware/relic v7.2.1+incompatible // indirect - github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect - github.com/shibumi/go-pathspec v1.3.0 // indirect - github.com/shopspring/decimal v1.4.0 // indirect - github.com/sigstore/protobuf-specs v0.3.3 // indirect - github.com/sigstore/timestamp-authority v1.2.2 // indirect - github.com/sourcegraph/conc v0.3.0 // indirect - github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect - github.com/spf13/cobra v1.8.1 // indirect - github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.19.0 // indirect - github.com/subosito/gotenv v1.6.0 // indirect - github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect - github.com/tchap/go-patricia/v2 v2.3.1 // indirect - github.com/theupdateframework/go-tuf v0.7.0 // indirect - github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect - github.com/tklauser/go-sysconf v0.3.12 // indirect - github.com/tklauser/numcpus v0.6.1 // indirect - github.com/transparency-dev/merkle v0.0.2 // indirect - github.com/twmb/murmur3 v1.1.8 // indirect - github.com/vbatts/tar-split v0.11.6 // indirect - github.com/x448/float16 v0.8.4 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/yashtewari/glob-intersection v0.2.0 // indirect - github.com/yusufpapurcu/wmi v1.2.4 // indirect - github.com/zeebo/errs v1.4.0 // indirect - go.mongodb.org/mongo-driver v1.14.0 // indirect - go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.32.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect - go.opentelemetry.io/otel v1.33.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect - go.opentelemetry.io/otel/metric v1.33.0 // indirect - go.opentelemetry.io/otel/sdk v1.33.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.32.0 // indirect - go.opentelemetry.io/otel/trace v1.33.0 // indirect - go.uber.org/atomic v1.11.0 // indirect - go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.27.0 // indirect - golang.org/x/mod v0.22.0 // indirect - golang.org/x/oauth2 v0.25.0 // indirect - golang.org/x/term v0.28.0 // indirect - golang.org/x/text v0.21.0 // indirect - google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 // indirect - gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect - k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect - sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect - sigs.k8s.io/yaml v1.4.0 // indirect -) \ No newline at end of file +cel.dev/expr v0.19.0 h1:lXuo+nDhpyJSpWxpPVi5cPUwzKb+dsdOiw6IreM5yt0= +cel.dev/expr v0.19.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= +cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= +cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= +cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= +cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= +cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= +cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= +cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= +cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= +cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= +cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= +cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= +cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U= +cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= +cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= +cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU= +cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= +cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= +cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= +cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= +cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= +cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= +cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= +cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= +cloud.google.com/go/accesscontextmanager v1.4.0/go.mod h1:/Kjh7BBu/Gh83sv+K60vN9QE5NJcd80sU33vIe2IFPE= +cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= +cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= +cloud.google.com/go/aiplatform v1.27.0/go.mod h1:Bvxqtl40l0WImSb04d0hXFU7gDOiq9jQmorivIiWcKg= +cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= +cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4= +cloud.google.com/go/apigateway v1.3.0/go.mod h1:89Z8Bhpmxu6AmUxuVRg/ECRGReEdiP3vQtk4Z1J9rJk= +cloud.google.com/go/apigateway v1.4.0/go.mod h1:pHVY9MKGaH9PQ3pJ4YLzoj6U5FUDeDFBllIz7WmzJoc= +cloud.google.com/go/apigeeconnect v1.3.0/go.mod h1:G/AwXFAKo0gIXkPTVfZDd2qA1TxBXJ3MgMRBQkIi9jc= +cloud.google.com/go/apigeeconnect v1.4.0/go.mod h1:kV4NwOKqjvt2JYR0AoIWo2QGfoRtn/pkS3QlHp0Ni04= +cloud.google.com/go/apigeeregistry v0.4.0/go.mod h1:EUG4PGcsZvxOXAdyEghIdXwAEi/4MEaoqLMLDMIwKXY= +cloud.google.com/go/apikeys v0.4.0/go.mod h1:XATS/yqZbaBK0HOssf+ALHp8jAlNHUgyfprvNcBIszU= +cloud.google.com/go/appengine v1.4.0/go.mod h1:CS2NhuBuDXM9f+qscZ6V86m1MIIqPj3WC/UoEuR1Sno= +cloud.google.com/go/appengine v1.5.0/go.mod h1:TfasSozdkFI0zeoxW3PTBLiNqRmzraodCWatWI9Dmak= +cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4= +cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0= +cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ= +cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk= +cloud.google.com/go/artifactregistry v1.8.0/go.mod h1:w3GQXkJX8hiKN0v+at4b0qotwijQbYUqF2GWkZzAhC0= +cloud.google.com/go/artifactregistry v1.9.0/go.mod h1:2K2RqvA2CYvAeARHRkLDhMDJ3OXy26h3XW+3/Jh2uYc= +cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o= +cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s= +cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0= +cloud.google.com/go/asset v1.9.0/go.mod h1:83MOE6jEJBMqFKadM9NLRcs80Gdw76qGuHn8m3h8oHQ= +cloud.google.com/go/asset v1.10.0/go.mod h1:pLz7uokL80qKhzKr4xXGvBQXnzHn5evJAEAtZiIb0wY= +cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= +cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= +cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= +cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= +cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= +cloud.google.com/go/auth v0.14.0 h1:A5C4dKV/Spdvxcl0ggWwWEzzP7AZMJSEIgrkngwhGYM= +cloud.google.com/go/auth v0.14.0/go.mod h1:CYsoRL1PdiDuqeQpZE0bP2pnPrGqFcOkI0nldEQis+A= +cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= +cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= +cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= +cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= +cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= +cloud.google.com/go/automl v1.8.0/go.mod h1:xWx7G/aPEe/NP+qzYXktoBSDfjO+vnKMGgsApGJJquM= +cloud.google.com/go/baremetalsolution v0.3.0/go.mod h1:XOrocE+pvK1xFfleEnShBlNAXf+j5blPPxrhjKgnIFc= +cloud.google.com/go/baremetalsolution v0.4.0/go.mod h1:BymplhAadOO/eBa7KewQ0Ppg4A4Wplbn+PsFKRLo0uI= +cloud.google.com/go/batch v0.3.0/go.mod h1:TR18ZoAekj1GuirsUsR1ZTKN3FC/4UDnScjT8NXImFE= +cloud.google.com/go/batch v0.4.0/go.mod h1:WZkHnP43R/QCGQsZ+0JyG4i79ranE2u8xvjq/9+STPE= +cloud.google.com/go/beyondcorp v0.2.0/go.mod h1:TB7Bd+EEtcw9PCPQhCJtJGjk/7TC6ckmnSFS+xwTfm4= +cloud.google.com/go/beyondcorp v0.3.0/go.mod h1:E5U5lcrcXMsCuoDNyGrpyTm/hn7ne941Jz2vmksAxW8= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= +cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= +cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= +cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= +cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= +cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= +cloud.google.com/go/billing v1.7.0/go.mod h1:q457N3Hbj9lYwwRbnlD7vUpyjq6u5U1RAOArInEiD5Y= +cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM= +cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI= +cloud.google.com/go/binaryauthorization v1.3.0/go.mod h1:lRZbKgjDIIQvzYQS1p99A7/U1JqvqeZg0wiI5tp6tg0= +cloud.google.com/go/binaryauthorization v1.4.0/go.mod h1:tsSPQrBd77VLplV70GUhBf/Zm3FsKmgSqgm4UmiDItk= +cloud.google.com/go/certificatemanager v1.3.0/go.mod h1:n6twGDvcUBFu9uBgt4eYvvf3sQ6My8jADcOVwHmzadg= +cloud.google.com/go/certificatemanager v1.4.0/go.mod h1:vowpercVFyqs8ABSmrdV+GiFf2H/ch3KyudYQEMM590= +cloud.google.com/go/channel v1.8.0/go.mod h1:W5SwCXDJsq/rg3tn3oG0LOxpAo6IMxNa09ngphpSlnk= +cloud.google.com/go/channel v1.9.0/go.mod h1:jcu05W0my9Vx4mt3/rEHpfxc9eKi9XwsdDL8yBMbKUk= +cloud.google.com/go/cloudbuild v1.3.0/go.mod h1:WequR4ULxlqvMsjDEEEFnOG5ZSRSgWOywXYDb1vPE6U= +cloud.google.com/go/cloudbuild v1.4.0/go.mod h1:5Qwa40LHiOXmz3386FrjrYM93rM/hdRr7b53sySrTqA= +cloud.google.com/go/clouddms v1.3.0/go.mod h1:oK6XsCDdW4Ib3jCCBugx+gVjevp2TMXFtgxvPSee3OM= +cloud.google.com/go/clouddms v1.4.0/go.mod h1:Eh7sUGCC+aKry14O1NRljhjyrr0NFC0G2cjwX0cByRk= +cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY= +cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI= +cloud.google.com/go/cloudtasks v1.7.0/go.mod h1:ImsfdYWwlWNJbdgPIIGJWC+gemEGTBK/SunNQQNCAb4= +cloud.google.com/go/cloudtasks v1.8.0/go.mod h1:gQXUIwCSOI4yPVK7DgTVFiiP0ZW/eQkydWzwVMdHxrI= +cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= +cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= +cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= +cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= +cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= +cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= +cloud.google.com/go/compute v1.12.0/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= +cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= +cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARyZtRXDJ8GE= +cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= +cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= +cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= +cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= +cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= +cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= +cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= +cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= +cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= +cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= +cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg= +cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= +cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= +cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= +cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= +cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= +cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= +cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE= +cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= +cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= +cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= +cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= +cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE= +cloud.google.com/go/dataform v0.5.0/go.mod h1:GFUYRe8IBa2hcomWplodVmUx/iTL0FrsauObOM3Ipr0= +cloud.google.com/go/datafusion v1.4.0/go.mod h1:1Zb6VN+W6ALo85cXnM1IKiPw+yQMKMhB9TsTSRDo/38= +cloud.google.com/go/datafusion v1.5.0/go.mod h1:Kz+l1FGHB0J+4XF2fud96WMmRiq/wj8N9u007vyXZ2w= +cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I= +cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ= +cloud.google.com/go/dataplex v1.3.0/go.mod h1:hQuRtDg+fCiFgC8j0zV222HvzFQdRd+SVX8gdmFcZzA= +cloud.google.com/go/dataplex v1.4.0/go.mod h1:X51GfLXEMVJ6UN47ESVqvlsRplbLhcsAt0kZCCKsU0A= +cloud.google.com/go/dataproc v1.7.0/go.mod h1:CKAlMjII9H90RXaMpSxQ8EU6dQx6iAYNPcYPOkSbi8s= +cloud.google.com/go/dataproc v1.8.0/go.mod h1:5OW+zNAH0pMpw14JVrPONsxMQYMBqJuzORhIBfBn9uI= +cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo= +cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/datastore v1.10.0/go.mod h1:PC5UzAmDEkAmkfaknstTYbNpgE49HAgW2J1gcgUfmdM= +cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo= +cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ= +cloud.google.com/go/datastream v1.4.0/go.mod h1:h9dpzScPhDTs5noEMQVWP8Wx8AFBRyS0s8KWPx/9r0g= +cloud.google.com/go/datastream v1.5.0/go.mod h1:6TZMMNPwjUqZHBKPQ1wwXpb0d5VDVPl2/XoS5yi88q4= +cloud.google.com/go/deploy v1.4.0/go.mod h1:5Xghikd4VrmMLNaF6FiRFDlHb59VM59YoDQnOUdsH/c= +cloud.google.com/go/deploy v1.5.0/go.mod h1:ffgdD0B89tToyW/U/D2eL0jN2+IEV/3EMuXHA0l4r+s= +cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4= +cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0= +cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8= +cloud.google.com/go/dialogflow v1.18.0/go.mod h1:trO7Zu5YdyEuR+BhSNOqJezyFQ3aUzz0njv7sMx/iek= +cloud.google.com/go/dialogflow v1.19.0/go.mod h1:JVmlG1TwykZDtxtTXujec4tQ+D8SBFMoosgy+6Gn0s0= +cloud.google.com/go/dialogflow v1.29.0/go.mod h1:b+2bzMe+k1s9V+F2jbJwpHPzrnIyHihAdRFMtn2WXuM= +cloud.google.com/go/dlp v1.6.0/go.mod h1:9eyB2xIhpU0sVwUixfBubDoRwP+GjeUoxxeueZmqvmM= +cloud.google.com/go/dlp v1.7.0/go.mod h1:68ak9vCiMBjbasxeVD17hVPxDEck+ExiHavX8kiHG+Q= +cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU= +cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU= +cloud.google.com/go/documentai v1.9.0/go.mod h1:FS5485S8R00U10GhgBC0aNGrJxBP8ZVpEeJ7PQDZd6k= +cloud.google.com/go/documentai v1.10.0/go.mod h1:vod47hKQIPeCfN2QS/jULIvQTugbmdc0ZvxxfQY1bg4= +cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y= +cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg= +cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk= +cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w= +cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= +cloud.google.com/go/essentialcontacts v1.3.0/go.mod h1:r+OnHa5jfj90qIfZDO/VztSFqbQan7HV75p8sA+mdGI= +cloud.google.com/go/essentialcontacts v1.4.0/go.mod h1:8tRldvHYsmnBCHdFpvU+GL75oWiBKl80BiqlFh9tp+8= +cloud.google.com/go/eventarc v1.7.0/go.mod h1:6ctpF3zTnaQCxUjHUdcfgcA1A2T309+omHZth7gDfmc= +cloud.google.com/go/eventarc v1.8.0/go.mod h1:imbzxkyAU4ubfsaKYdQg04WS1NvncblHEup4kvF+4gw= +cloud.google.com/go/filestore v1.3.0/go.mod h1:+qbvHGvXU1HaKX2nD0WEPo92TP/8AQuCVEBXNY9z0+w= +cloud.google.com/go/filestore v1.4.0/go.mod h1:PaG5oDfo9r224f8OYXURtAsY+Fbyq/bLYoINEK8XQAI= +cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= +cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk= +cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg= +cloud.google.com/go/functions v1.8.0/go.mod h1:RTZ4/HsQjIqIYP9a9YPbU+QFoQsAlYgrwOXJWHn1POY= +cloud.google.com/go/functions v1.9.0/go.mod h1:Y+Dz8yGguzO3PpIjhLTbnqV1CWmgQ5UwtlpzoyquQ08= +cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM= +cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA= +cloud.google.com/go/gaming v1.7.0/go.mod h1:LrB8U7MHdGgFG851iHAfqUdLcKBdQ55hzXy9xBJz0+w= +cloud.google.com/go/gaming v1.8.0/go.mod h1:xAqjS8b7jAVW0KFYeRUxngo9My3f33kFmua++Pi+ggM= +cloud.google.com/go/gkebackup v0.2.0/go.mod h1:XKvv/4LfG829/B8B7xRkk8zRrOEbKtEam6yNfuQNH60= +cloud.google.com/go/gkebackup v0.3.0/go.mod h1:n/E671i1aOQvUxT541aTkCwExO/bTer2HDlj4TsBRAo= +cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o= +cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A= +cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0= +cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0= +cloud.google.com/go/gkemulticloud v0.3.0/go.mod h1:7orzy7O0S+5kq95e4Hpn7RysVA7dPs8W/GgfUtsPbrA= +cloud.google.com/go/gkemulticloud v0.4.0/go.mod h1:E9gxVBnseLWCk24ch+P9+B2CoDFJZTyIgLKSalC7tuI= +cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= +cloud.google.com/go/gsuiteaddons v1.3.0/go.mod h1:EUNK/J1lZEZO8yPtykKxLXI6JSVN2rg9bN8SXOa0bgM= +cloud.google.com/go/gsuiteaddons v1.4.0/go.mod h1:rZK5I8hht7u7HxFQcFei0+AtfS9uSushomRlg+3ua1o= +cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= +cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= +cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= +cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc= +cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= +cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= +cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= +cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= +cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= +cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= +cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= +cloud.google.com/go/ids v1.2.0/go.mod h1:5WXvp4n25S0rA/mQWAg1YEEBBq6/s+7ml1RDCW1IrcY= +cloud.google.com/go/iot v1.3.0/go.mod h1:r7RGh2B61+B8oz0AGE+J72AhA0G7tdXItODWsaA2oLs= +cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0iV+g= +cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= +cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= +cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= +cloud.google.com/go/kms v1.20.4 h1:CJ0hMpOg1ANN9tx/a/GPJ+Uxudy8k6f3fvGFuTHiE5A= +cloud.google.com/go/kms v1.20.4/go.mod h1:gPLsp1r4FblUgBYPOcvI/bUPpdMg2Jm1ZVKU4tQUfcc= +cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= +cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= +cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= +cloud.google.com/go/language v1.8.0/go.mod h1:qYPVHf7SPoNNiCL2Dr0FfEFNil1qi3pQEyygwpgVKB8= +cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= +cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= +cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= +cloud.google.com/go/logging v1.12.0 h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk= +cloud.google.com/go/logging v1.12.0/go.mod h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM= +cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= +cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= +cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= +cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= +cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= +cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= +cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= +cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= +cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= +cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= +cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM= +cloud.google.com/go/memcache v1.6.0/go.mod h1:XS5xB0eQZdHtTuTF9Hf8eJkKtR3pVRCcvJwtm68T3rA= +cloud.google.com/go/memcache v1.7.0/go.mod h1:ywMKfjWhNtkQTxrWxCkCFkoPjLHPW6A7WOTVI8xy3LY= +cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY= +cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s= +cloud.google.com/go/metastore v1.7.0/go.mod h1:s45D0B4IlsINu87/AsWiEVYbLaIMeUSoxlKKDqBGFS8= +cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U12uf7wHqSI= +cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk= +cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= +cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU= +cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= +cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= +cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= +cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= +cloud.google.com/go/networkconnectivity v1.7.0/go.mod h1:RMuSbkdbPwNMQjB5HBWD5MpTBnNm39iAVpC3TmsExt8= +cloud.google.com/go/networkmanagement v1.4.0/go.mod h1:Q9mdLLRn60AsOrPc8rs8iNV6OHXaGcDdsIQe1ohekq8= +cloud.google.com/go/networkmanagement v1.5.0/go.mod h1:ZnOeZ/evzUdUsnvRt792H0uYEnHQEMaz+REhhzJRcf4= +cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ= +cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU= +cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY= +cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34= +cloud.google.com/go/notebooks v1.4.0/go.mod h1:4QPMngcwmgb6uw7Po99B2xv5ufVoIQ7nOGDyL4P8AgA= +cloud.google.com/go/notebooks v1.5.0/go.mod h1:q8mwhnP9aR8Hpfnrc5iN5IBhrXUy8S2vuYs+kBJ/gu0= +cloud.google.com/go/optimization v1.1.0/go.mod h1:5po+wfvX5AQlPznyVEZjGJTMr4+CAkJf2XSTQOOl9l4= +cloud.google.com/go/optimization v1.2.0/go.mod h1:Lr7SOHdRDENsh+WXVmQhQTrzdu9ybg0NecjHidBq6xs= +cloud.google.com/go/orchestration v1.3.0/go.mod h1:Sj5tq/JpWiB//X/q3Ngwdl5K7B7Y0KZ7bfv0wL6fqVA= +cloud.google.com/go/orchestration v1.4.0/go.mod h1:6W5NLFWs2TlniBphAViZEVhrXRSMgUGDfW7vrWKvsBk= +cloud.google.com/go/orgpolicy v1.4.0/go.mod h1:xrSLIV4RePWmP9P3tBl8S93lTmlAxjm06NSm2UTmKvE= +cloud.google.com/go/orgpolicy v1.5.0/go.mod h1:hZEc5q3wzwXJaKrsx5+Ewg0u1LxJ51nNFlext7Tanwc= +cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs= +cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg= +cloud.google.com/go/osconfig v1.9.0/go.mod h1:Yx+IeIZJ3bdWmzbQU4fxNl8xsZ4amB+dygAwFPlvnNo= +cloud.google.com/go/osconfig v1.10.0/go.mod h1:uMhCzqC5I8zfD9zDEAfvgVhDS8oIjySWh+l4WK6GnWw= +cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E= +cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU= +cloud.google.com/go/oslogin v1.6.0/go.mod h1:zOJ1O3+dTU8WPlGEkFSh7qeHPPSoxrcMbbK1Nm2iX70= +cloud.google.com/go/oslogin v1.7.0/go.mod h1:e04SN0xO1UNJ1M5GP0vzVBFicIe4O53FOfcixIqTyXo= +cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0= +cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA= +cloud.google.com/go/policytroubleshooter v1.3.0/go.mod h1:qy0+VwANja+kKrjlQuOzmlvscn4RNsAc0e15GGqfMxg= +cloud.google.com/go/policytroubleshooter v1.4.0/go.mod h1:DZT4BcRw3QoO8ota9xw/LKtPa8lKeCByYeKTIf/vxdE= +cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0= +cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= +cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= +cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= +cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= +cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= +cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk= +cloud.google.com/go/recaptchaenterprise/v2 v2.3.0/go.mod h1:O9LwGCjrhGHBQET5CA7dd5NwwNQUErSgEDit1DLNTdo= +cloud.google.com/go/recaptchaenterprise/v2 v2.4.0/go.mod h1:Am3LHfOuBstrLrNCBrlI5sbwx9LBg3te2N6hGvHn2mE= +cloud.google.com/go/recaptchaenterprise/v2 v2.5.0/go.mod h1:O8LzcHXN3rz0j+LBC91jrwI3R+1ZSZEWrfL7XHgNo9U= +cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg= +cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4= +cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg= +cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c= +cloud.google.com/go/recommender v1.7.0/go.mod h1:XLHs/W+T8olwlGOgfQenXBTbIseGclClff6lhFVe9Bs= +cloud.google.com/go/recommender v1.8.0/go.mod h1:PkjXrTT05BFKwxaUxQmtIlrtj0kph108r02ZZQ5FE70= +cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y= +cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A= +cloud.google.com/go/redis v1.9.0/go.mod h1:HMYQuajvb2D0LvMgZmLDZW8V5aOC/WxstZHiy4g8OiA= +cloud.google.com/go/redis v1.10.0/go.mod h1:ThJf3mMBQtW18JzGgh41/Wld6vnDDc/F/F35UolRZPM= +cloud.google.com/go/resourcemanager v1.3.0/go.mod h1:bAtrTjZQFJkiWTPDb1WBjzvc6/kifjj4QBYuKCCoqKA= +cloud.google.com/go/resourcemanager v1.4.0/go.mod h1:MwxuzkumyTX7/a3n37gmsT3py7LIXwrShilPh3P1tR0= +cloud.google.com/go/resourcesettings v1.3.0/go.mod h1:lzew8VfESA5DQ8gdlHwMrqZs1S9V87v3oCnKCWoOuQU= +cloud.google.com/go/resourcesettings v1.4.0/go.mod h1:ldiH9IJpcrlC3VSuCGvjR5of/ezRrOxFtpJoJo5SmXg= +cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4= +cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY= +cloud.google.com/go/retail v1.10.0/go.mod h1:2gDk9HsL4HMS4oZwz6daui2/jmKvqShXKQuB2RZ+cCc= +cloud.google.com/go/retail v1.11.0/go.mod h1:MBLk1NaWPmh6iVFSz9MeKG/Psyd7TAgm6y/9L2B4x9Y= +cloud.google.com/go/run v0.2.0/go.mod h1:CNtKsTA1sDcnqqIFR3Pb5Tq0usWxJJvsWOCPldRU3Do= +cloud.google.com/go/run v0.3.0/go.mod h1:TuyY1+taHxTjrD0ZFk2iAR+xyOXEA0ztb7U3UNA0zBo= +cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s= +cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI= +cloud.google.com/go/scheduler v1.6.0/go.mod h1:SgeKVM7MIwPn3BqtcBntpLyrIJftQISRrYB5ZtT+KOk= +cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJegEWKxRsn44= +cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= +cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= +cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= +cloud.google.com/go/secretmanager v1.14.2 h1:2XscWCfy//l/qF96YE18/oUaNJynAx749Jg3u0CjQr8= +cloud.google.com/go/secretmanager v1.14.2/go.mod h1:Q18wAPMM6RXLC/zVpWTlqq2IBSbbm7pKBlM3lCKsmjw= +cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= +cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= +cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= +cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q= +cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= +cloud.google.com/go/security v1.18.2 h1:9Nzp9LGjiDvHqy7X7Q9GrS5lIHN0bI8RvDjkrl4ILO0= +cloud.google.com/go/security v1.18.2/go.mod h1:3EwTcYw8554iEtgK8VxAjZaq2unFehcsgFIF9nOvQmU= +cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= +cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= +cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= +cloud.google.com/go/securitycenter v1.16.0/go.mod h1:Q9GMaLQFUD+5ZTabrbujNWLtSLZIZF7SAR0wWECrjdk= +cloud.google.com/go/servicecontrol v1.4.0/go.mod h1:o0hUSJ1TXJAmi/7fLJAedOovnujSEvjKCAFNXPQ1RaU= +cloud.google.com/go/servicecontrol v1.5.0/go.mod h1:qM0CnXHhyqKVuiZnGKrIurvVImCs8gmqWsDoqe9sU1s= +cloud.google.com/go/servicedirectory v1.4.0/go.mod h1:gH1MUaZCgtP7qQiI+F+A+OpeKF/HQWgtAddhTbhL2bs= +cloud.google.com/go/servicedirectory v1.5.0/go.mod h1:QMKFL0NUySbpZJ1UZs3oFAmdvVxhhxB6eJ/Vlp73dfg= +cloud.google.com/go/servicedirectory v1.6.0/go.mod h1:pUlbnWsLH9c13yGkxCmfumWEPjsRs1RlmJ4pqiNjVL4= +cloud.google.com/go/servicedirectory v1.7.0/go.mod h1:5p/U5oyvgYGYejufvxhgwjL8UVXjkuw7q5XcG10wx1U= +cloud.google.com/go/servicemanagement v1.4.0/go.mod h1:d8t8MDbezI7Z2R1O/wu8oTggo3BI2GKYbdG4y/SJTco= +cloud.google.com/go/servicemanagement v1.5.0/go.mod h1:XGaCRe57kfqu4+lRxaFEAuqmjzF0r+gWHjWqKqBvKFo= +cloud.google.com/go/serviceusage v1.3.0/go.mod h1:Hya1cozXM4SeSKTAgGXgj97GlqUvF5JaoXacR1JTP/E= +cloud.google.com/go/serviceusage v1.4.0/go.mod h1:SB4yxXSaYVuUBYUml6qklyONXNLt83U0Rb+CXyhjEeU= +cloud.google.com/go/shell v1.3.0/go.mod h1:VZ9HmRjZBsjLGXusm7K5Q5lzzByZmJHf1d0IWHEN5X4= +cloud.google.com/go/shell v1.4.0/go.mod h1:HDxPzZf3GkDdhExzD/gs8Grqk+dmYcEjGShZgYa9URw= +cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos= +cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= +cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= +cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0= +cloud.google.com/go/speech v1.9.0/go.mod h1:xQ0jTcmnRFFM2RfX/U+rk6FQNUF6DQlydUSyoooSpco= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= +cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= +cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= +cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= +cloud.google.com/go/storage v1.50.0 h1:3TbVkzTooBvnZsk7WaAQfOsNrdoM8QHusXA1cpk6QJs= +cloud.google.com/go/storage v1.50.0/go.mod h1:l7XeiD//vx5lfqE3RavfmU9yvk5Pp0Zhcv482poyafY= +cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= +cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= +cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= +cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= +cloud.google.com/go/talent v1.3.0/go.mod h1:CmcxwJ/PKfRgd1pBjQgU6W3YBwiewmUzQYH5HHmSCmM= +cloud.google.com/go/talent v1.4.0/go.mod h1:ezFtAgVuRf8jRsvyE6EwmbTK5LKciD4KVnHuDEFmOOA= +cloud.google.com/go/texttospeech v1.4.0/go.mod h1:FX8HQHA6sEpJ7rCMSfXuzBcysDAuWusNNNvN9FELDd8= +cloud.google.com/go/texttospeech v1.5.0/go.mod h1:oKPLhR4n4ZdQqWKURdwxMy0uiTS1xU161C8W57Wkea4= +cloud.google.com/go/tpu v1.3.0/go.mod h1:aJIManG0o20tfDQlRIej44FcwGGl/cD0oiRyMKG19IQ= +cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227X2Xg= +cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28= +cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= +cloud.google.com/go/trace v1.11.2 h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI= +cloud.google.com/go/trace v1.11.2/go.mod h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io= +cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= +cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= +cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk= +cloud.google.com/go/video v1.9.0/go.mod h1:0RhNKFRF5v92f8dQt0yhaHrEuH95m068JYOvLZYnJSw= +cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= +cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4= +cloud.google.com/go/videointelligence v1.8.0/go.mod h1:dIcCn4gVDdS7yte/w+koiXn5dWVplOZkE+xwG9FgK+M= +cloud.google.com/go/videointelligence v1.9.0/go.mod h1:29lVRMPDYHikk3v8EdPSaL8Ku+eMzDljjuvRs105XoU= +cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0= +cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo= +cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo= +cloud.google.com/go/vision/v2 v2.4.0/go.mod h1:VtI579ll9RpVTrdKdkMzckdnwMyX2JILb+MhPqRbPsY= +cloud.google.com/go/vision/v2 v2.5.0/go.mod h1:MmaezXOOE+IWa+cS7OhRRLK2cNv1ZL98zhqFFZaaH2E= +cloud.google.com/go/vmmigration v1.2.0/go.mod h1:IRf0o7myyWFSmVR1ItrBSFLFD/rJkfDCUTO4vLlJvsE= +cloud.google.com/go/vmmigration v1.3.0/go.mod h1:oGJ6ZgGPQOFdjHuocGcLqX4lc98YQ7Ygq8YQwHh9A7g= +cloud.google.com/go/vmwareengine v0.1.0/go.mod h1:RsdNEf/8UDvKllXhMz5J40XxDrNJNN4sagiox+OI208= +cloud.google.com/go/vpcaccess v1.4.0/go.mod h1:aQHVbTWDYUR1EbTApSVvMq1EnT57ppDmQzZ3imqIk4w= +cloud.google.com/go/vpcaccess v1.5.0/go.mod h1:drmg4HLk9NkZpGfCmZ3Tz0Bwnm2+DKqViEpeEpOq0m8= +cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE= +cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= +cloud.google.com/go/webrisk v1.6.0/go.mod h1:65sW9V9rOosnc9ZY7A7jsy1zoHS5W9IAXv6dGqhMQMc= +cloud.google.com/go/webrisk v1.7.0/go.mod h1:mVMHgEYH0r337nmt1JyLthzMr6YxwN1aAIEc2fTcq7A= +cloud.google.com/go/websecurityscanner v1.3.0/go.mod h1:uImdKm2wyeXQevQJXeh8Uun/Ym1VqworNDlBXQevGMo= +cloud.google.com/go/websecurityscanner v1.4.0/go.mod h1:ebit/Fp0a+FWu5j4JOmJEV8S8CzdTkAS77oDsiSqYWQ= +cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= +cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= +cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= +cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= +cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2 h1:BnG6pr9TTr6CYlrJznYUDj6V7xldD1W+1iXPum0wT/w= +cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2/go.mod h1:pK23AUVXuNzzTpfMCA06sxZGeVQ/75FdVtW249de9Uo= +cuelang.org/go v0.9.2 h1:pfNiry2PdRBr02G/aKm5k2vhzmqbAOoaB4WurmEbWvs= +cuelang.org/go v0.9.2/go.mod h1:qpAYsLOf7gTM1YdEg6cxh553uZ4q9ZDWlPbtZr9q1Wk= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjqpY4C7H15HjRPEenkS4SAn3Jy2eRRjkjZbGR30TOg= +github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d/go.mod h1:XNqJ7hv2kY++g8XEHREpi+JqZo3+0l+CH2egBVN4yqM= +github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.14.0 h1:kcnfY4vljxXliXDBrA9K9lwF8IoEZ4Up6Eg9kWTIm28= +github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.14.0/go.mod h1:tlqp9mUGbsP+0z3Q+c0Q5MgSdq/OMwQhm5bffR3Q3ss= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= +github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0 h1:g0EZJwz7xkXQiZAI5xi9f3WWFYBlX1CPTrR+NDToRkQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.0/go.mod h1:XCW7KnZet0Opnr7HccfUw1PLc4CjHqpcaxW8DHklNkQ= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1 h1:1mvYtZfWQAnwNah/C+Z+Jb9rQH95LPE2vlmMuWAHJk8= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.1/go.mod h1:75I/mXtme1JyWFtz8GocPHVFyH421IBoZErnO16dd0k= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1 h1:Bk5uOhSAenHyR5P61D/NzeQCv+4fEVV8mOkJ82NqpWw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.1/go.mod h1:QZ4pw3or1WPmRBxf0cHd1tknzrT54WPBOQoGutCPvSU= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0/go.mod h1:Pu5Zksi2KrU7LPbZbNINx6fuVrUp/ffvpxdDj+i8LeE= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0 h1:/Di3vB4sNeQ+7A8efjUVENvyB945Wruvstucqp7ZArg= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute v1.0.0/go.mod h1:gM3K25LQlsET3QR+4V74zxCsFAy0r6xMNN9n80SZn+4= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.0.0 h1:lMW1lD/17LUA5z1XTURo7LcVG2ICBPlyMHjIUrcFZNQ= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.0.0/go.mod h1:ceIuwmxDWptoW3eCqSXlnPsZFKh4X+R38dWPv7GS9Vs= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0 h1:pPvTJ1dY0sA35JOeFq6TsY2xj6Z85Yo23Pj4wCCvu4o= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0/go.mod h1:mLfWfj8v3jfWKsL9G4eoBoXVcsqcIUTapmdKy7uGOp0= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 h1:QM6sE5k2ZT/vI5BEe0r7mqjsUSnhVBFbOsVkEuaEfiA= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0/go.mod h1:243D9iHbcQXoFUtgHJwL7gl2zx1aDuDMjvBZVGr2uW0= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0 h1:7rKG7UmnrxX4N53TFhkYqjc+kVUZuw0fL8I3Fh+Ld9E= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0/go.mod h1:Wjo+24QJVhhl/L7jy6w9yzFF2yDOf3cKECAa8ecf9vE= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 h1:eXnN9kaS8TiDwXjoie3hMRLuwdUBUMW9KRgOqB3mCaw= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0/go.mod h1:XIpam8wumeZ5rVMuhdDQLMfIPDf1WO3IzrCRO3e3e3o= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= +github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= +github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= +github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= +github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0= +github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= +github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= +github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4= +github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.37.4 h1:9tYmgu3dUmM8lcVAl4RVt7tlfOrcGZraqBUaWF13480= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.37.4/go.mod h1:x8nDiJmhU8lv6OhnFU96L6Y6Jyztme1Nr9Ibf3FXtp0= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 h1:UQ0AhxogsIRZDkElkblfnwjc3IaltCm2HUMvezQaL7s= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1/go.mod h1:jyqM3eLpJ3IbIFDTKVz2rF9T/xWGW0rIriGwnz8l9Tk= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.48.1 h1:oTX4vsorBZo/Zdum6OKPA4o7544hm6smoRv1QjpTwGo= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.48.1/go.mod h1:0wEl7vrAD8mehJyohS9HZy+WyEOaQO2mJx86Cvh93kM= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 h1:8nn+rsCvTq9axyEh382S0PFLBeaFwNsT43IrPWzctRU= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1/go.mod h1:viRWSEhtMZqz1rhwmOVKkWl6SwmVowfL9O2YR5gI2PE= +github.com/Keyfactor/ejbca-go-client-sdk v1.0.2 h1:pPnXCFfIFAwCjJrg1BtYlzoF8oHQ52sPOMs/uZ9uvZA= +github.com/Keyfactor/ejbca-go-client-sdk v1.0.2/go.mod h1:4Sv/KGVgRV4VXKko1ajfTaJwqJ5Aiw0VrDI9S7IcQ1g= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= +github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= +github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= +github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= +github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= +github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= +github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc= +github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E= +github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= +github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY= +github.com/agnivade/levenshtein v1.2.0/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= +github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= +github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo= +github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= +github.com/alibabacloud-go/cr-20160607 v1.0.1 h1:WEnP1iPFKJU74ryUKh/YDPHoxMZawqlPajOymyNAkts= +github.com/alibabacloud-go/cr-20160607 v1.0.1/go.mod h1:QHeKZtZ3F3FOE+/uIXCBAp8POwnUYekpLwr1dtQa5r0= +github.com/alibabacloud-go/cr-20181201 v1.0.10 h1:B60f6S1imsgn2fgC6X6FrVNrONDrbCT0NwYhsJ0C9/c= +github.com/alibabacloud-go/cr-20181201 v1.0.10/go.mod h1:VN9orB/w5G20FjytoSpZROqu9ZqxwycASmGqYUJSoDc= +github.com/alibabacloud-go/darabonba-openapi v0.2.1 h1:WyzxxKvhdVDlwpAMOHgAiCJ+NXa6g5ZWPFEzaK/ewwY= +github.com/alibabacloud-go/darabonba-openapi v0.2.1/go.mod h1:zXOqLbpIqq543oioL9IuuZYOQgHQ5B8/n5OPrnko8aY= +github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA= +github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc= +github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8= +github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= +github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY= +github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= +github.com/alibabacloud-go/tea v1.2.1 h1:rFF1LnrAdhaiPmKwH5xwYOKlMh66CqRwPUTzIK74ask= +github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA= +github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA= +github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw= +github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0= +github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= +github.com/aliyun/credentials-go v1.3.2 h1:L4WppI9rctC8PdlMgyTkF8bBsy9pyKQEzBD1bHMRl+g= +github.com/aliyun/credentials-go v1.3.2/go.mod h1:tlpz4uys4Rn7Ik4/piGRrTbXy2uLKvePgQJJduE+Y5c= +github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9orim59UnfUTLRjMpd09C5uEVQ6RPGeCaVI= +github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg= +github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= +github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= +github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.36.0 h1:b1wM5CcE65Ujwn565qcwgtOTT1aT4ADOHHgglKjG7fk= +github.com/aws/aws-sdk-go-v2 v1.36.0/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8 h1:zAxi9p3wsZMIaVCdoiQp2uZ9k1LsZvmAnoTBeZPXom0= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8/go.mod h1:3XkePX5dSaxveLAYY7nsbsZZrKxCyEuE5pM4ziFxyGg= +github.com/aws/aws-sdk-go-v2/config v1.29.0 h1:Vk/u4jof33or1qAQLdofpjKV7mQQT7DcUpnYx8kdmxY= +github.com/aws/aws-sdk-go-v2/config v1.29.0/go.mod h1:iXAZK3Gxvpq3tA+B9WaDYpZis7M8KFgdrDPMmHrgbJM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.53 h1:lwrVhiEDW5yXsuVKlFVUnR2R50zt2DklhOyeLETqDuE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.53/go.mod h1:CkqM1bIw/xjEpBMhBnvqUXYZbpCFuj6dnCAyDk2AtAY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis= +github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.5.1 h1:yg6nrV33ljY6CppoRnnsKLqIZ5ExNdQOGRBGNfc56Yw= +github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.5.1/go.mod h1:hGdIV5nndhIclFFvI1apVfQWn9ZKqedykZ1CtLZd03E= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.30 h1:+7AzSGNhHoY53di13lvztf9Dyd/9ofzoYGBllkWp3a0= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.30/go.mod h1:Jxd/FrCny99yURiQiMywgXvBhd7tmgdv6KdlUTNzMSo= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.30 h1:Ex06eY6I5rO7IX0HalGfa5nGjpBoOsS1Qm3xfjkuszs= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.30/go.mod h1:AvyEMA9QcX59kFhVizBpIBpEMThUTXssuJe+emBdcGM= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.30 h1:yQSv0NQ4CRHoki6AcV/Ldoa4/QCMJauZkF23qznBCPQ= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.30/go.mod h1:jH3z32wDrsducaYX26xnl41ksYFWqjHphIciwIANZkc= +github.com/aws/aws-sdk-go-v2/service/acmpca v1.37.0 h1:E4Mlk1RSHDCHKL5ezsRFfefgHSoUfdJ31o+EnmeJ/0Y= +github.com/aws/aws-sdk-go-v2/service/acmpca v1.37.0/go.mod h1:3Mqoz+x3LiNshgQpHgaG9aZxbpE+ZHIPw0O24tjz0qY= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.202.1 h1:ZKPtOeXBAC9VJ/hGP08LEsB9ysrHg+JfgmsOO1LxZCw= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.202.1/go.mod h1:Mg4njpSAJdHx3l1ra4/2qyxsdbs4hjfDNzgbn/UrPas= +github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7 h1:3iaT/LnGV6jNtbBkvHZDlzz7Ky3wMHDJAyFtGd5GUJI= +github.com/aws/aws-sdk-go-v2/service/ecr v1.24.7/go.mod h1:mtzCLxk6M+KZbkJdq3cUH9GCrudw8qCy5C3EHO+5vLc= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6 h1:h+r5/diSwztgKgxUrntt6AOI5lBYY0ZJv+yzeulGZSU= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.21.6/go.mod h1:7+5MHFC52LC85xKCjCuWDHmIncOOvWnll10OT9EAN/g= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 h1:hfkzDZHBp9jAT4zcd5mtqckpU4E3Ax0LQaEWWk1VgN8= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.1/go.mod h1:u36ahDtZcQHGmVm/r+0L1sfKX4fzLEMdCqiKRKkUMVM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.4 h1:iwk7v5+lUtA0cIQcQM6EyCXtQJZ9MGIWWaf0JKud5UE= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.4/go.mod h1:o9mSr0x1NwImSmP9q38aTUhjYwcDm277YUURBjXcC2I= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.11 h1:5JKQ2J3BBW4ovy6A/5Lwx9SpA6IzgH8jB3bquGZ1NUw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.11/go.mod h1:VShCk7rfCzK/b9U1aSkzLwcOoaDlYna16482QqEavis= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.11 h1:P8qJcYGVDswlMkVFhMi7SJmlf0jNA0JRbvE/q2PuXD8= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.11/go.mod h1:9yp5x5vYwyhnZZ9cKLBxZmrJTGv99C9iVmG7AKeUvdc= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.8 h1:KbLZjYqhQ9hyB4HwXiheiflTlYQa0+Fz0Ms/rh5f3mk= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.8/go.mod h1:ANs9kBhK4Ghj9z1W+bsr3WsNaPF71qkgd6eE6Ekol/Y= +github.com/aws/aws-sdk-go-v2/service/organizations v1.37.0 h1:VlfFFYSLuS7MPNyF7wf1gANoLQLhEj+Kq7ifVzl7gog= +github.com/aws/aws-sdk-go-v2/service/organizations v1.37.0/go.mod h1:5ThtlWQYo2b4sghzFmzDelaJtsW7hOct5MnpbaG8ZeU= +github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.16.0 h1:6g52Jw3Kkcwapx0Zw0Sb2685agYB13/c/cI0Ug/eMvA= +github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.16.0/go.mod h1:Icyb01vb5rarCy2O62IWhC+uuUswzYy5CkDwLA1w+bY= +github.com/aws/aws-sdk-go-v2/service/s3 v1.75.1 h1:hbTWOPUgAnPpk5+G1jZjYnq4eKCAePwRJEqLN1Tj7Bg= +github.com/aws/aws-sdk-go-v2/service/s3 v1.75.1/go.mod h1:Mo2xdnRzOyZQkGHEbhOgooG0eIV+GqS/g8LU4B5iftI= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.0 h1:POvqkPd+H/B6No9py/7c//RRVbSp75wtN8nsd/LGHw0= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.0/go.mod h1:G2a06OQdRNbG8bfvdYSFpA9CBuaTQrmnrIyGuU6OgXU= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.10 h1:DyZUj3xSw3FR3TXSwDhPhuZkkT14QHBiacdbUVcD0Dg= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.10/go.mod h1:Ro744S4fKiCCuZECXgOi760TiYylUM8ZBf6OGiZzJtY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.9 h1:I1TsPEs34vbpOnR81GIcAq4/3Ud+jRHVGwx6qLQUHLs= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.9/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.8 h1:pqEJQtlKWvnv3B6VRt60ZmsHy3SotlEBvfUBPB1KVcM= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.8/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw= +github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= +github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= +github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= +github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/bufbuild/protocompile v0.10.0 h1:+jW/wnLMLxaCEG8AX9lD0bQ5v9h1RUiMKOBOT5ll9dM= +github.com/bufbuild/protocompile v0.10.0/go.mod h1:G9qQIQo0xZ6Uyj6CMNz0saGmx2so+KONo8/KrELABiY= +github.com/buildkite/agent/v3 v3.81.0 h1:JVfkng2XnsXesFXwiFwLJFkuzVu4zvoJCvedfoIXD6E= +github.com/buildkite/agent/v3 v3.81.0/go.mod h1:edJeyycODRxaFvpT22rDGwaQ5oa4eB8GjtbjgX5VpFw= +github.com/buildkite/go-pipeline v0.13.1 h1:Y9p8pQIwPtauVwNrcmTDH6+XK7jE1nLuvWVaK8oymA8= +github.com/buildkite/go-pipeline v0.13.1/go.mod h1:2HHqlSFTYgHFhzedJu0LhLs9n5c9XkYnHiQFVN5HE4U= +github.com/buildkite/interpolate v0.1.3 h1:OFEhqji1rNTRg0u9DsSodg63sjJQEb1uWbENq9fUOBM= +github.com/buildkite/interpolate v0.1.3/go.mod h1:UNVe6A+UfiBNKbhAySrBbZFZFxQ+DXr9nWen6WVt/A8= +github.com/buildkite/roko v1.2.0 h1:hbNURz//dQqNl6Eo9awjQOVOZwSDJ8VEbBDxSfT9rGQ= +github.com/buildkite/roko v1.2.0/go.mod h1:23R9e6nHxgedznkwwfmqZ6+0VJZJZ2Sg/uVcp2cP46I= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= +github.com/cactus/go-statsd-client/v5 v5.0.0/go.mod h1:COEvJ1E+/E2L4q6QE5CkjWPi4eeDw9maJBMIuMPBZbY= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4= +github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= +github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= +github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME= +github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= +github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg= +github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc= +github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= +github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= +github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ= +github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8= +github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= +github.com/coreos/go-oidc/v3 v3.12.0 h1:sJk+8G2qq94rDI6ehZ71Bol3oUHy63qNYmkiSjrc/Jo= +github.com/coreos/go-oidc/v3 v3.12.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc= +github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= +github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= +github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd h1:83Wprp6ROGeiHFAP8WJdI2RoxALQYgdllERc3N5N2DM= +github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= +github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg= +github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw= +github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= +github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= +github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54 h1:SG7nF6SRlWhcT7cNTs5R6Hk4V2lcmLz2NsG2VnInyNo= +github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= +github.com/digitorus/pkcs7 v0.0.0-20230713084857-e76b763bdc49/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= +github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 h1:ge14PCmCvPjpMQMIAH7uKg0lrtNSOdpYsRXlwk3QbaE= +github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= +github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 h1:lxmTCgmHE1GUYL7P0MlNa00M67axePTq+9nBSGddR8I= +github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y= +github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= +github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/docker/cli v27.5.0+incompatible h1:aMphQkcGtpHixwwhAXJT1rrK/detk2JIvDaFkLctbGM= +github.com/docker/cli v27.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= +github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v27.5.1+incompatible h1:4PYU5dnBYqRQi0294d1FBECqT9ECWeQAIfE8q4YnPY8= +github.com/docker/docker v27.5.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= +github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= +github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= +github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/ebitengine/purego v0.8.1 h1:sdRKd6plj7KYW33EH5As6YKfe8m9zbN9JMrOjNVF/BE= +github.com/ebitengine/purego v0.8.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/proto v1.12.1 h1:6n/Z2pZAnBwuhU66Gs8160B8rrrYKo7h2F2sCOnNceE= +github.com/emicklei/proto v1.12.1/go.mod h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= +github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= +github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= +github.com/envoyproxy/go-control-plane v0.13.4 h1:zEqyPVyku6IvWCFwux4x9RxkLOMUL+1vC9xUFv5l2/M= +github.com/envoyproxy/go-control-plane v0.13.4/go.mod h1:kDfuBlDVsSj2MjrLEtRWtHlsWIFcGyB2RMO44Dc5GZA= +github.com/envoyproxy/go-control-plane/envoy v1.32.3 h1:hVEaommgvzTjTd4xCaFd+kEQ2iYBtGxP6luyLrx6uOk= +github.com/envoyproxy/go-control-plane/envoy v1.32.3/go.mod h1:F6hWupPfh75TBXGKA++MCT/CZHFq5r9/uwt/kQYkZfE= +github.com/envoyproxy/go-control-plane/ratelimit v0.1.0 h1:/G9QYbddjL25KvtKTv3an9lx6VBE2cnb8wp1vEGNYGI= +github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= +github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= +github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM= +github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= +github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y= +github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= +github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= +github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= +github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= +github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= +github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= +github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= +github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= +github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= +github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w= +github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= +github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= +github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ= +github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc= +github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= +github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= +github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= +github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= +github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= +github.com/go-piv/piv-go v1.11.0 h1:5vAaCdRTFSIW4PeqMbnsDlUZ7odMYWnHBDGdmtU/Zhg= +github.com/go-piv/piv-go v1.11.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM= +github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= +github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= +github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/gofrs/uuid/v5 v5.3.0 h1:m0mUMr+oVYUdxpMLgSYCZiXe7PuVPnI94+OMeVBNedk= +github.com/gofrs/uuid/v5 v5.3.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8= +github.com/gogo/googleapis v0.0.0-20180223154316-0cd9801be74a h1:dR8+Q0uO5S2ZBcs2IH6VBKYwSxPo2vYCYq0ot0mu7xA= +github.com/gogo/googleapis v0.0.0-20180223154316-0cd9801be74a/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/gogo/status v1.1.1 h1:DuHXlSFHNKqTQ+/ACf5Vs6r4X/dH2EgIzR9Vr+H65kg= +github.com/gogo/status v1.1.1/go.mod h1:jpG3dM5QPcqu19Hg8lkUhBFBa3TcLs1DG7+2Jqci7oU= +github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c= +github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= +github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA= +github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= +github.com/golang/glog v1.2.3 h1:oDTdz9f5VGVVNGu/Q7UXKWYsD0873HXLHdJUNBsSEKM= +github.com/golang/glog v1.2.3/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= +github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/certificate-transparency-go v1.2.1 h1:4iW/NwzqOqYEEoCBEFP+jPbBXbLqMpq3CifMyOnDUME= +github.com/google/certificate-transparency-go v1.2.1/go.mod h1:bvn/ytAccv+I6+DGkqpvSsEdiVGramgaSC6RD3tEmeE= +github.com/google/flatbuffers v23.5.26+incompatible h1:M9dgRyhJemaM4Sw8+66GHBu8ioaQmyPLg1b8VwK5WJg= +github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= +github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= +github.com/google/go-attestation v0.5.0 h1:jXtAWT2sw2Yu8mYU0BC7FDidR+ngxFPSE+pl6IUu3/0= +github.com/google/go-attestation v0.5.0/go.mod h1:0Tik9y3rzV649Jcr7evbljQHQAsIlJucyqQjYDBqktU= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98= +github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= +github.com/google/go-containerregistry v0.20.3 h1:oNx7IdTI936V8CQRveCjaxOiegWwvM7kqkbXTpyiovI= +github.com/google/go-containerregistry v0.20.3/go.mod h1:w00pIgBRDVUDFM6bq+Qx8lwNWK+cxgCuX1vd3PIBDNI= +github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= +github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA= +github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= +github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/go-sev-guest v0.9.3 h1:GOJ+EipURdeWFl/YYdgcCxyPeMgQUWlI056iFkBD8UU= +github.com/google/go-sev-guest v0.9.3/go.mod h1:hc1R4R6f8+NcJwITs0L90fYWTsBpd1Ix+Gur15sqHDs= +github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= +github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE= +github.com/google/go-tpm v0.9.3 h1:+yx0/anQuGzi+ssRqeD6WpXjW2L/V0dItUayO0i9sRc= +github.com/google/go-tpm v0.9.3/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= +github.com/google/go-tpm-tools v0.4.4 h1:oiQfAIkc6xTy9Fl5NKTeTJkBTlXdHsxAofmQyxBKY98= +github.com/google/go-tpm-tools v0.4.4/go.mod h1:T8jXkp2s+eltnCDIsXR84/MTcVU9Ja7bh3Mit0pa4AY= +github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= +github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= +github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= +github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= +github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= +github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= +github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= +github.com/google/tink/go v1.7.0 h1:6Eox8zONGebBFcCBqkVmt60LaWZa6xg1cl/DwAh/J1w= +github.com/google/tink/go v1.7.0/go.mod h1:GAUOd+QE3pgj9q8VKIGTCP33c/B7eb4NhxLcgTJZStM= +github.com/google/trillian v1.7.1 h1:+zX8jLM3524bAMPS+VxaDIDgsMv3/ty6DuLWerHXcek= +github.com/google/trillian v1.7.1/go.mod h1:E1UMAHqpZCA8AQdrKdWmHmtUfSeiD0sDWD1cv00Xa+c= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= +github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= +github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= +github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= +github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= +github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= +github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= +github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= +github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= +github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= +github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q= +github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= +github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= +github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= +github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= +github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v0.15.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= +github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-metrics v0.5.4 h1:8mmPiIJkTPPEbAiV97IxdAGNdRdaWwVap1BU6elejKY= +github.com/hashicorp/go-metrics v0.5.4/go.mod h1:CG5yz4NZ/AI/aQt9Ucm/vdBnbh7fvmv4lxZ350i+QQI= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-plugin v1.4.0/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= +github.com/hashicorp/go-plugin v1.6.3 h1:xgHB+ZUSYeuJi96WtxEjzi23uh7YQpznjGh0U0UUrwg= +github.com/hashicorp/go-plugin v1.6.3/go.mod h1:MRobyh+Wc/nYy1V4KAXUiYfzxoYhs7V1mlH1Z7iY2h0= +github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= +github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= +github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= +github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= +github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= +github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/hcl v1.0.1-vault-7 h1:ag5OxFVy3QYTFTJODRzTKVZ6xvdfLLCA1cy/Y6xGI0I= +github.com/hashicorp/hcl v1.0.1-vault-7/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= +github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA= +github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8= +github.com/hashicorp/vault/sdk v0.14.1 h1:QTgsrcYLGt5c2iZKwdHW6EmqPIr1Q0XEIQ1ifZZ94Ms= +github.com/hashicorp/vault/sdk v0.14.1/go.mod h1:Ylscj97cLKhoVal3MqLSCYBfBSzWcNOOaMxaNd+O20g= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= +github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= +github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM= +github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= +github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/imkira/go-observer v1.0.3 h1:l45TYAEeAB4L2xF6PR2gRLn2NE5tYhudh33MLmC7B80= +github.com/imkira/go-observer v1.0.3/go.mod h1:zLzElv2cGTHufQG17IEILJMPDg32TD85fFgKyFv00wU= +github.com/in-toto/attestation v1.1.0 h1:oRWzfmZPDSctChD0VaQV7MJrywKOzyNrtpENQFq//2Q= +github.com/in-toto/attestation v1.1.0/go.mod h1:DB59ytd3z7cIHgXxwpSX2SABrU6WJUKg/grpdgHVgVs= +github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU= +github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= +github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= +github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= +github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= +github.com/jackc/pgx/v5 v5.7.2 h1:mLoDLV6sonKlvjIEsV56SkWNCnuNv531l94GaIzO+XI= +github.com/jackc/pgx/v5 v5.7.2/go.mod h1:ncY89UGWxg82EykZUwSpUKEfccBGGYq1xjrOpsbsfGQ= +github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= +github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= +github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= +github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E= +github.com/jellydator/ttlcache/v3 v3.3.0 h1:BdoC9cE81qXfrxeb9eoJi9dWrdhSuwXMAnHTbnBm4Wc= +github.com/jellydator/ttlcache/v3 v3.3.0/go.mod h1:bj2/e0l4jRnQdrnSTaGTsh4GSXvMjQcy41i7th0GVGw= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= +github.com/jhump/protoreflect v1.16.0 h1:54fZg+49widqXYQ0b+usAFHbMkBGR4PpXrsHc8+TBDg= +github.com/jhump/protoreflect v1.16.0/go.mod h1:oYPd7nPvcBw/5wlDfm/AVmU9zH9BgqGCI469pGxfj/8= +github.com/jinzhu/gorm v1.9.16 h1:+IyIjPEABKRpsu/F8OvDPy9fyQlgsg2luMV2ZIH5i5o= +github.com/jinzhu/gorm v1.9.16/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs= +github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= +github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= +github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M= +github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= +github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY= +github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= +github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= +github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4= +github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= +github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= +github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= +github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= +github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus= +github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM= +github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= +github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= +github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/mitchellh/cli v1.1.5 h1:OxRIeJXpAMztws/XHlN2vu6imG5Dpq+j61AzAX5fLng= +github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2cLtRR4= +github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= +github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= +github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= +github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= +github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= +github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= +github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= +github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= +github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= +github.com/mozillazg/docker-credential-acr-helper v0.4.0 h1:Uoh3Z9CcpEDnLiozDx+D7oDgRq7X+R296vAqAumnOcw= +github.com/mozillazg/docker-credential-acr-helper v0.4.0/go.mod h1:2kiicb3OlPytmlNC9XGkLvVC+f0qTiJw3f/mhmeeQBg= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 h1:Up6+btDp321ZG5/zdSLo48H9Iaq0UQGthrhWC6pCxzE= +github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481/go.mod h1:yKZQO8QE2bHlgozqWDiRVqTFlLQSj30K/6SAK8EeYFw= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= +github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= +github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= +github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= +github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/oleiade/reflections v1.1.0 h1:D+I/UsXQB4esMathlt0kkZRJZdUDmhv5zGi/HOwYTWo= +github.com/oleiade/reflections v1.1.0/go.mod h1:mCxx0QseeVCHs5Um5HhJeCKVC7AwS8kO67tky4rdisA= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= +github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/open-policy-agent/opa v0.70.0 h1:B3cqCN2iQAyKxK6+GI+N40uqkin+wzIrM7YA60t9x1U= +github.com/open-policy-agent/opa v0.70.0/go.mod h1:Y/nm5NY0BX0BqjBriKUiV81sCl8XOjjvqQG7dXrggtI= +github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= +github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= +github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= +github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= +github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= +github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= +github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= +github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= +github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo= +github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= +github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw= +github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= +github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf h1:014O62zIzQwvoD7Ekj3ePDF5bv9Xxy0w6AZk0qYbjUk= +github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E= +github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= +github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= +github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= +github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= +github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A= +github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= +github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= +github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= +github.com/secure-systems-lab/go-securesystemslib v0.9.0 h1:rf1HIbL64nUpEIZnjLZ3mcNEL9NBPB0iuVjyxvq3LZc= +github.com/secure-systems-lab/go-securesystemslib v0.9.0/go.mod h1:DVHKMcZ+V4/woA/peqr+L0joiRXbPpQ042GgJckkFgw= +github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= +github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= +github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI= +github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE= +github.com/shirou/gopsutil/v4 v4.24.12 h1:qvePBOk20e0IKA1QXrIIU+jmk+zEiYVVx06WjBRlZo4= +github.com/shirou/gopsutil/v4 v4.24.12/go.mod h1:DCtMPAad2XceTeIAbGyVfycbYQNBGk2P8cvDi7/VN9o= +github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= +github.com/sigstore/cosign/v2 v2.4.1 h1:b8UXEfJFks3hmTwyxrRNrn6racpmccUycBHxDMkEPvU= +github.com/sigstore/cosign/v2 v2.4.1/go.mod h1:GvzjBeUKigI+XYnsoVQDmMAsMMc6engxztRSuxE+x9I= +github.com/sigstore/fulcio v1.6.3 h1:Mvm/bP6ELHgazqZehL8TANS1maAkRoM23CRAdkM4xQI= +github.com/sigstore/fulcio v1.6.3/go.mod h1:5SDgLn7BOUVLKe1DwOEX3wkWFu5qEmhUlWm+SFf0GH8= +github.com/sigstore/protobuf-specs v0.3.3 h1:RMZQgXTD/pF7KW6b5NaRLYxFYZ/wzx44PQFXN2PEo5g= +github.com/sigstore/protobuf-specs v0.3.3/go.mod h1:vIhZ6Uor1a38+wvRrKcqL2PtYNlgoIW9lhzYzkyy4EU= +github.com/sigstore/rekor v1.3.9 h1:sUjRpKVh/hhgqGMs0t+TubgYsksArZ6poLEC3MsGAzU= +github.com/sigstore/rekor v1.3.9/go.mod h1:xThNUhm6eNEmkJ/SiU/FVU7pLY2f380fSDZFsdDWlcM= +github.com/sigstore/sigstore v1.8.12 h1:S8xMVZbE2z9ZBuQUEG737pxdLjnbOIcFi5v9UFfkJFc= +github.com/sigstore/sigstore v1.8.12/go.mod h1:+PYQAa8rfw0QdPpBcT+Gl3egKD9c+TUgAlF12H3Nmjo= +github.com/sigstore/sigstore-go v0.6.1 h1:tGkkv1oDIER+QYU5MrjqlttQOVDWfSkmYwMqkJhB/cg= +github.com/sigstore/sigstore-go v0.6.1/go.mod h1:Xe5GHmUeACRFbomUWzVkf/xYCn8xVifb9DgqJrV2dIw= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.12 h1:EC3UmIaa7nV9sCgSpVevmvgvTYTkMqyrRbj5ojPp7tE= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.12/go.mod h1:aw60vs3crnQdM/DYH+yF2P0MVKtItwAX34nuaMrY7Lk= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.12 h1:FPpliDTywSy0woLHMAdmTSZ5IS/lVBZ0dY0I+2HmnSY= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.12/go.mod h1:NkPiz4XA0JcBSXzJUrjMj7Xi7oSTew1Ip3Zmt56mHlw= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.12 h1:kweBChR6M9FEvmxN3BMEcl7SNnwxTwKF7THYFKLOE5U= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.12/go.mod h1:6+d+A6oYt1W5OgtzgEVb21V7tAZ/C2Ihtzc5MNJbayY= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.12 h1:jvY1B9bjP+tKzdKDyuq5K7O19CG2IKzGJNTy5tuL2Gs= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.12/go.mod h1:2uEeOb8xE2RC6OvzxKux1wkS39Zv8gA27z92m49xUTc= +github.com/sigstore/timestamp-authority v1.2.2 h1:X4qyutnCQqJ0apMewFyx+3t7Tws00JQ/JonBiu3QvLE= +github.com/sigstore/timestamp-authority v1.2.2/go.mod h1:nEah4Eq4wpliDjlY342rXclGSO7Kb9hoRrl9tqLW13A= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= +github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= +github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= +github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= +github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= +github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= +github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= +github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= +github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= +github.com/spiffe/go-spiffe/v2 v2.1.6/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk= +github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE= +github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= +github.com/spiffe/spire-api-sdk v1.2.5-0.20240916165922-16526993814a h1:z4A5TA8JKmXQirhOfSv45mjo1DEtmpWH/VJW+uidGQA= +github.com/spiffe/spire-api-sdk v1.2.5-0.20240916165922-16526993814a/go.mod h1:4uuhFlN6KBWjACRP3xXwrOTNnvaLp1zJs8Lribtr4fI= +github.com/spiffe/spire-plugin-sdk v1.4.4-0.20240701180828-594312f4444d h1:Upcyq8u1aWFHTQSEskwxBE2PehobpY+M21LXXDS/mPw= +github.com/spiffe/spire-plugin-sdk v1.4.4-0.20240701180828-594312f4444d/go.mod h1:GA6o2PVLwyJdevT6KKt5ZXCY/ziAPna13y/seGk49Ik= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= +github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= +github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs= +github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48= +github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= +github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= +github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg= +github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= +github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= +github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= +github.com/theupdateframework/go-tuf/v2 v2.0.1 h1:11p9tXpq10KQEujxjcIjDSivMKCMLguls7erXHZnxJQ= +github.com/theupdateframework/go-tuf/v2 v2.0.1/go.mod h1:baB22nBHeHBCeuGZcIlctNq4P61PcOdyARlplg5xmLA= +github.com/tink-crypto/tink-go-awskms/v2 v2.1.0 h1:N9UxlsOzu5mttdjhxkDLbzwtEecuXmlxZVo/ds7JKJI= +github.com/tink-crypto/tink-go-awskms/v2 v2.1.0/go.mod h1:PxSp9GlOkKL9rlybW804uspnHuO9nbD98V/fDX4uSis= +github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0 h1:3B9i6XBXNTRspfkTC0asN5W0K6GhOSgcujNiECNRNb0= +github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0/go.mod h1:jY5YN2BqD/KSCHM9SqZPIpJNG/u3zwfLXHgws4x2IRw= +github.com/tink-crypto/tink-go/v2 v2.3.0 h1:4/TA0lw0lA/iVKBL9f8R5eP7397bfc4antAMXF5JRhs= +github.com/tink-crypto/tink-go/v2 v2.3.0/go.mod h1:kfPOtXIadHlekBTeBtJrHWqoGL+Fm3JQg0wtltPuxLU= +github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= +github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= +github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= +github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= +github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFAEVmqU= +github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI= +github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk= +github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY= +github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= +github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= +github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= +github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= +github.com/twmb/murmur3 v1.1.8 h1:8Yt9taO/WN3l08xErzjeschgZU2QSrwm1kclYq+0aRg= +github.com/twmb/murmur3 v1.1.8/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= +github.com/uber-go/tally/v4 v4.1.16 h1:by2hveWRh/cUReButk6ns1sHK/hiKry7BuOV6iY16XI= +github.com/uber-go/tally/v4 v4.1.16/go.mod h1:RW5DgqsyEPs0lA4b0YNf4zKj7DveKHd73hnO6zVlyW0= +github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ= +github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= +github.com/vbatts/tar-split v0.11.6 h1:4SjTW5+PU11n6fZenf2IPoV8/tz3AaYHMWjf23envGs= +github.com/vbatts/tar-split v0.11.6/go.mod h1:dqKNtesIOr2j2Qv3W/cHjnvk9I8+G7oAkFDFN6TCBEI= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= +github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= +github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= +github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= +github.com/zalando/go-keyring v0.2.3 h1:v9CUu9phlABObO4LPWycf+zwMG7nlbb3t/B5wa97yms= +github.com/zalando/go-keyring v0.2.3/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= +github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= +github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM= +github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= +go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= +go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/detectors/gcp v1.32.0 h1:P78qWqkLSShicHmAzfECaTgvslqHxblNE9j62Ws1NK8= +go.opentelemetry.io/contrib/detectors/gcp v1.32.0/go.mod h1:TVqo0Sda4Cv8gCIixd7LuLwW4EylumVWfhjZJjDD4DU= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= +go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= +go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= +go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU= +go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= +go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= +go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= +go.step.sm/crypto v0.57.0 h1:YjoRQDaJYAxHLVwjst0Bl0xcnoKzVwuHCJtEo2VSHYU= +go.step.sm/crypto v0.57.0/go.mod h1:+Lwp5gOVPaTa3H/Ul/TzGbxQPXZZcKIUGMS0lG6n9Go= +go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= +golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= +golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= +golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= +google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= +google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= +google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= +google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= +google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= +google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= +google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= +google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= +google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= +google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= +google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= +google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= +google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.77.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= +google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= +google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= +google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g= +google.golang.org/api v0.90.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= +google.golang.org/api v0.93.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= +google.golang.org/api v0.95.0/go.mod h1:eADj+UBuxkh5zlrSntJghuNeg8HwQ1w5lTKkuqaETEI= +google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.99.0/go.mod h1:1YOf74vkVndF7pG6hIHuINsM7eWwpVTAfNMNiL91A08= +google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= +google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo= +google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= +google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= +google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= +google.golang.org/api v0.219.0 h1:nnKIvxKs/06jWawp2liznTBnMRQBEPpGo7I+oEypTX0= +google.golang.org/api v0.219.0/go.mod h1:K6OmjGm+NtLrIkHxv1U3a0qIf/0JOvAHd5O/6AoyKYE= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20180518175338-11a468237815/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= +google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= +google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= +google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220722212130-b98a9ff5e252/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE= +google.golang.org/genproto v0.0.0-20220801145646-83ce21fca29f/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= +google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220829144015-23454907ede3/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220913154956-18f8339a66a5/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220914142337-ca0e39ece12f/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220915135415-7fd63a7952de/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220916172020-2692e8806bfa/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220919141832-68c03719ef51/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw= +google.golang.org/genproto v0.0.0-20220926165614-551eb538f295/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= +google.golang.org/genproto v0.0.0-20220926220553-6981cbe3cfce/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= +google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqwhZAwq4wsRUaVG555sVgsNmIjRtO7t/JH29U= +google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= +google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= +google.golang.org/genproto v0.0.0-20221024153911-1573dae28c9c/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= +google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= +google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo= +google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221117204609-8f9c96812029/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE= +google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= +google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= +google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 h1:GVIKPyP/kLIyVOgOnTwFOrvQaQUzOzGMCxgFUOEmm24= +google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422/go.mod h1:b6h1vNKhxaSoEI+5jc3PJUCustfli/mRab7295pY7rw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47 h1:91mG8dNTpkC0uChJUQ9zCiRqx3GEEFOWaRZ0mI6Oj2I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250124145028-65684f501c47/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= +google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= +google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= +google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= +google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= +google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/validator.v2 v2.0.0-20200605151824-2b28d334fa05/go.mod h1:o4V0GXN9/CAmCsvJ0oXYZvrZOe7syiDZSN1GWGZTGzc= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= +gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= +k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= +k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-aggregator v0.32.1 h1:cztPyIHbo6tgrhYHDqmdmvxUufJKuxgAC/vog7yeWek= +k8s.io/kube-aggregator v0.32.1/go.mod h1:sXjL5T8FO/rlBzTbBhahw9V5Nnr1UtzZHKTj9WxQCOU= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/mount-utils v0.32.1 h1:RJOD6xXzEJT/OOJoG1KstfVa8ZXJJPlHb+t2MoulPHM= +k8s.io/mount-utils v0.32.1/go.mod h1:Kun5c2svjAPx0nnvJKYQWhfeNW+O0EpzHgRhDcYoSY0= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE= +sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/release-utils v0.8.4 h1:4QVr3UgbyY/d9p74LBhg0njSVQofUsAZqYOzVZBhdBw= +sigs.k8s.io/release-utils v0.8.4/go.mod h1:m1bHfscTemQp+z+pLCZnkXih9n0+WukIUU70n6nFnU0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= +software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k= +software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= \ No newline at end of file diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go index 550369201f..9b1f9e2857 100644 --- a/pkg/agent/agent.go +++ b/pkg/agent/agent.go @@ -77,6 +77,7 @@ func (a *Agent) Run(ctx context.Context) error { FileConfig: a.c.Telemetry, Logger: a.c.Log.WithField(telemetry.SubsystemName, telemetry.Telemetry), ServiceName: telemetry.SpireAgent, + TrustDomain: a.c.TrustDomain.Name(), }) if err != nil { return err @@ -172,7 +173,7 @@ func (a *Agent) Run(ctx context.Context) error { endpoints.ListenAndServe, metrics.ListenAndServe, catalog.ReconfigureTask(a.c.Log.WithField(telemetry.SubsystemName, "reconfigurer"), cat), - util.SerialRun(a.waitForTestDial, healthChecker.ListenAndServe), + healthChecker.ListenAndServe, } if a.c.AdminBindAddress != nil { @@ -386,14 +387,6 @@ func (a *Agent) newAdminEndpoints(metrics telemetry.Metrics, mgr manager.Manager return admin_api.New(config) } -// waitForTestDial calls health.WaitForTestDial to wait for a connection to the -// SPIRE Agent API socket. This function always returns nil, even if -// health.WaitForTestDial exited due to a timeout. -func (a *Agent) waitForTestDial(ctx context.Context) error { - health.WaitForTestDial(ctx, a.c.BindAddress) - return nil -} - // CheckHealth is used as a top-level health check for the agent. func (a *Agent) CheckHealth() health.State { err := a.checkWorkloadAPI() diff --git a/pkg/agent/api/debug/v1/service_test.go b/pkg/agent/api/debug/v1/service_test.go index afeeced626..ce3a540f6b 100644 --- a/pkg/agent/api/debug/v1/service_test.go +++ b/pkg/agent/api/debug/v1/service_test.go @@ -189,7 +189,6 @@ func TestGetInfo(t *testing.T) { err: "failed to verify agent SVID: x509svid: could not get leaf SPIFFE ID: certificate contains no URI SAN", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t) defer test.Cleanup() @@ -277,7 +276,7 @@ func setupServiceTest(t *testing.T) *serviceTest { } server := grpctest.StartServer(t, registerFn) test.done = server.Stop - test.client = debugv1.NewDebugClient(server.Dial(t)) + test.client = debugv1.NewDebugClient(server.NewGRPCClient(t)) return test } diff --git a/pkg/agent/api/delegatedidentity/v1/service_test.go b/pkg/agent/api/delegatedidentity/v1/service_test.go index ca3a9aef3a..6cdc659ab0 100644 --- a/pkg/agent/api/delegatedidentity/v1/service_test.go +++ b/pkg/agent/api/delegatedidentity/v1/service_test.go @@ -168,10 +168,11 @@ func TestSubscribeToX509SVIDs(t *testing.T) { identities[0], }, updates: []*cache.WorkloadUpdate{ - {Identities: []cache.Identity{ - identities[0], - identities[1], - }, + { + Identities: []cache.Identity{ + identities[0], + identities[1], + }, Bundle: bundle, }, }, @@ -238,7 +239,8 @@ func TestSubscribeToX509SVIDs(t *testing.T) { }, Bundle: bundle, FederatedBundles: map[spiffeid.TrustDomain]*spiffebundle.Bundle{ - federatedBundle1.TrustDomain(): federatedBundle1}, + federatedBundle1.TrustDomain(): federatedBundle1, + }, }, }, expectResp: &delegatedidentityv1.SubscribeToX509SVIDsResponse{ @@ -269,7 +271,8 @@ func TestSubscribeToX509SVIDs(t *testing.T) { }, Bundle: bundle, FederatedBundles: map[spiffeid.TrustDomain]*spiffebundle.Bundle{ - federatedBundle1.TrustDomain(): federatedBundle1}, + federatedBundle1.TrustDomain(): federatedBundle1, + }, }, }, expectResp: &delegatedidentityv1.SubscribeToX509SVIDsResponse{ @@ -301,7 +304,8 @@ func TestSubscribeToX509SVIDs(t *testing.T) { Bundle: bundle, FederatedBundles: map[spiffeid.TrustDomain]*spiffebundle.Bundle{ federatedBundle1.TrustDomain(): federatedBundle1, - federatedBundle2.TrustDomain(): federatedBundle2}, + federatedBundle2.TrustDomain(): federatedBundle2, + }, }, }, expectResp: &delegatedidentityv1.SubscribeToX509SVIDsResponse{ @@ -315,13 +319,14 @@ func TestSubscribeToX509SVIDs(t *testing.T) { X509SvidKey: pkcs8FromSigner(t, x509SVID1.PrivateKey), }, }, - FederatesWith: []string{federatedBundle1.TrustDomain().IDString(), - federatedBundle2.TrustDomain().IDString()}, + FederatesWith: []string{ + federatedBundle1.TrustDomain().IDString(), + federatedBundle2.TrustDomain().IDString(), + }, }, expectMetrics: generateSubscribeToX509SVIDMetrics(), }, } { - tt := tt t.Run(tt.testName, func(t *testing.T) { metrics := fakemetrics.New() params := testParams{ @@ -370,7 +375,6 @@ func TestSubscribeToX509Bundles(t *testing.T) { expectResp []*delegatedidentityv1.SubscribeToX509BundlesResponse cacheUpdates map[spiffeid.TrustDomain]*cache.Bundle }{ - { testName: "Attest error", attestErr: errors.New("ohno"), @@ -423,7 +427,6 @@ func TestSubscribeToX509Bundles(t *testing.T) { }, }, } { - tt := tt t.Run(tt.testName, func(t *testing.T) { params := testParams{ CA: ca, @@ -663,7 +666,6 @@ func TestFetchJWTSVIDs(t *testing.T) { }, }, } { - tt := tt t.Run(tt.testName, func(t *testing.T) { params := testParams{ CA: ca, @@ -711,7 +713,6 @@ func TestSubscribeToJWTBundles(t *testing.T) { expectResp []*delegatedidentityv1.SubscribeToJWTBundlesResponse cacheUpdates map[spiffeid.TrustDomain]*cache.Bundle }{ - { testName: "Attest error", attestErr: errors.New("ohno"), @@ -764,7 +765,6 @@ func TestSubscribeToJWTBundles(t *testing.T) { }, }, } { - tt := tt t.Run(tt.testName, func(t *testing.T) { params := testParams{ CA: ca, @@ -844,7 +844,7 @@ func runTest(t *testing.T, params testParams, fn func(ctx context.Context, clien ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() - conn, _ := grpc.DialContext(ctx, "unix:"+addr.String(), grpc.WithTransportCredentials(insecure.NewCredentials())) //nolint: staticcheck // It is going to be resolved on #5152 + conn, _ := grpc.NewClient("unix:"+addr.String(), grpc.WithTransportCredentials(insecure.NewCredentials())) t.Cleanup(func() { conn.Close() }) fn(ctx, delegatedidentityv1.NewDelegatedIdentityClient(conn)) diff --git a/pkg/agent/api/health/v1/service_test.go b/pkg/agent/api/health/v1/service_test.go index e7feb51f41..93a0988ea0 100644 --- a/pkg/agent/api/health/v1/service_test.go +++ b/pkg/agent/api/health/v1/service_test.go @@ -26,9 +26,7 @@ import ( "google.golang.org/grpc/status" ) -var ( - td = spiffeid.RequireTrustDomainFromString("example.org") -) +var td = spiffeid.RequireTrustDomainFromString("example.org") func TestServiceCheck(t *testing.T) { ca := testca.New(t, td) @@ -84,7 +82,6 @@ func TestServiceCheck(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { log, logHook := test.NewNullLogger() @@ -106,7 +103,7 @@ func TestServiceCheck(t *testing.T) { }), ) - client := grpc_health_v1.NewHealthClient(server.Dial(t)) + client := grpc_health_v1.NewHealthClient(server.NewGRPCClient(t)) resp, err := client.Check(context.Background(), &grpc_health_v1.HealthCheckRequest{ Service: tt.service, }) diff --git a/pkg/agent/attestor/node/node.go b/pkg/agent/attestor/node/node.go index c7d0cdca3e..74e9d08390 100644 --- a/pkg/agent/attestor/node/node.go +++ b/pkg/agent/attestor/node/node.go @@ -28,7 +28,6 @@ import ( "github.com/spiffe/spire/pkg/common/tlspolicy" "github.com/spiffe/spire/pkg/common/util" "github.com/spiffe/spire/pkg/common/x509util" - "github.com/zeebo/errs" "google.golang.org/grpc" "google.golang.org/grpc/credentials" ) @@ -101,7 +100,7 @@ func (a *attestor) Attest(ctx context.Context) (res *AttestationResult, err erro // This is a bizarre case where we have an SVID but were unable to // load a bundle from the cache which suggests some tampering with the // cache on disk. - return nil, errs.New("SVID loaded but no bundle in cache") + return nil, errors.New("SVID loaded but no bundle in cache") default: log.WithField(telemetry.SPIFFEID, svid[0].URIs[0].String()).Info("SVID loaded") } @@ -228,7 +227,7 @@ func (a *attestor) newSVID(ctx context.Context, key keymanager.Key, bundle *spif defer counter.Done(&err) telemetry_common.AddAttestorType(counter, a.c.NodeAttestor.Name()) - conn, err := a.serverConn(ctx, bundle) + conn, err := a.serverConn(bundle) if err != nil { return nil, nil, false, fmt.Errorf("create attestation client: %w", err) } @@ -252,9 +251,9 @@ func (a *attestor) newSVID(ctx context.Context, key keymanager.Key, bundle *spif return newSVID, newBundle, reattestable, nil } -func (a *attestor) serverConn(ctx context.Context, bundle *spiffebundle.Bundle) (*grpc.ClientConn, error) { +func (a *attestor) serverConn(bundle *spiffebundle.Bundle) (*grpc.ClientConn, error) { if bundle != nil { - return client.DialServer(ctx, client.DialServerConfig{ + return client.NewServerGRPCClient(client.ServerClientConfig{ Address: a.c.ServerAddress, TrustDomain: a.c.TrustDomain, GetBundle: bundle.X509Authorities, @@ -265,7 +264,7 @@ func (a *attestor) serverConn(ctx context.Context, bundle *spiffebundle.Bundle) if !a.c.InsecureBootstrap { // We shouldn't get here since loadBundle() should fail if the bundle // is empty, but just in case... - return nil, errs.New("no bundle and not doing insecure bootstrap") + return nil, errors.New("no bundle and not doing insecure bootstrap") } // Insecure bootstrapping. Do not verify the server chain but rather do a @@ -279,7 +278,7 @@ func (a *attestor) serverConn(ctx context.Context, bundle *spiffebundle.Bundle) if len(rawCerts) == 0 { // This is not really possible without a catastrophic bug // creeping into the TLS stack. - return errs.New("server chain is unexpectedly empty") + return errors.New("server chain is unexpectedly empty") } expectedServerID, err := idutil.ServerID(a.c.TrustDomain) @@ -292,18 +291,17 @@ func (a *attestor) serverConn(ctx context.Context, bundle *spiffebundle.Bundle) return err } if len(serverCert.URIs) != 1 || serverCert.URIs[0].String() != expectedServerID.String() { - return errs.New("expected server SPIFFE ID %q; got %q", expectedServerID, serverCert.URIs) + return fmt.Errorf("expected server SPIFFE ID %q; got %q", expectedServerID, serverCert.URIs) } return nil }, } - return grpc.DialContext(ctx, a.c.ServerAddress, //nolint: staticcheck // It is going to be resolved on #5152 + return grpc.NewClient( + a.c.ServerAddress, grpc.WithDefaultServiceConfig(roundRobinServiceConfig), grpc.WithDisableServiceConfig(), - grpc.FailOnNonTempDialError(true), //nolint: staticcheck // It is going to be resolved on #5152 grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)), - grpc.WithReturnConnectionError(), //nolint: staticcheck // It is going to be resolved on #5152 ) } diff --git a/pkg/agent/attestor/node/node_test.go b/pkg/agent/attestor/node/node_test.go index 1cec8ad028..33bb29bc87 100644 --- a/pkg/agent/attestor/node/node_test.go +++ b/pkg/agent/attestor/node/node_test.go @@ -281,8 +281,6 @@ func TestAttestor(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase - t.Run(testCase.name, func(t *testing.T) { require := require.New(t) @@ -527,7 +525,6 @@ func TestIsSVIDExpired(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.Desc, func(t *testing.T) { isExpired := attestor.IsSVIDExpired(tt.SVID, func() time.Time { return now }) require.Equal(t, tt.ExpectExpired, isExpired) diff --git a/pkg/agent/attestor/workload/workload.go b/pkg/agent/attestor/workload/workload.go index 3525c47f50..1ff65b42c5 100644 --- a/pkg/agent/attestor/workload/workload.go +++ b/pkg/agent/attestor/workload/workload.go @@ -66,7 +66,7 @@ func (wla *attestor) Attest(ctx context.Context, pid int) ([]*common.Selector, e // Collect the results selectors := []*common.Selector{} - for i := 0; i < len(plugins); i++ { + for range plugins { select { case s := <-sChan: selectors = append(selectors, s...) diff --git a/pkg/agent/client/client.go b/pkg/agent/client/client.go index 009bc4dfcf..ec3409408e 100644 --- a/pkg/agent/client/client.go +++ b/pkg/agent/client/client.go @@ -103,8 +103,8 @@ type client struct { connections *nodeConn m sync.Mutex - // Constructor used for testing purposes. - dialContext func(ctx context.Context, target string, opts ...grpc.DialOption) (*grpc.ClientConn, error) + // dialOpts optionally sets gRPC dial options + dialOpts []grpc.DialOption } // New creates a new client struct with the configuration provided @@ -233,7 +233,7 @@ func (c *client) RenewSVID(ctx context.Context, csr []byte) (*X509SVID, error) { ctx, cancel := context.WithTimeout(ctx, rpcTimeout) defer cancel() - agentClient, connection, err := c.newAgentClient(ctx) + agentClient, connection, err := c.newAgentClient() if err != nil { return nil, err } @@ -308,7 +308,7 @@ func (c *client) NewJWTSVID(ctx context.Context, entryID string, audience []stri ctx, cancel := context.WithTimeout(ctx, rpcTimeout) defer cancel() - svidClient, connection, err := c.newSVIDClient(ctx) + svidClient, connection, err := c.newSVIDClient() if err != nil { return nil, err } @@ -357,8 +357,8 @@ func (c *client) release(conn *nodeConn) { } } -func (c *client) dial(ctx context.Context) (*grpc.ClientConn, error) { - return DialServer(ctx, DialServerConfig{ +func (c *client) newServerGRPCClient() (*grpc.ClientConn, error) { + return NewServerGRPCClient(ServerClientConfig{ Address: c.c.Addr, TrustDomain: c.c.TrustDomain, GetBundle: func() []*x509.Certificate { @@ -375,13 +375,13 @@ func (c *client) dial(ctx context.Context) (*grpc.ClientConn, error) { } return agentCert }, - TLSPolicy: c.c.TLSPolicy, - dialContext: c.dialContext, + TLSPolicy: c.c.TLSPolicy, + dialOpts: c.dialOpts, }) } func (c *client) fetchEntries(ctx context.Context) ([]*types.Entry, error) { - entryClient, connection, err := c.newEntryClient(ctx) + entryClient, connection, err := c.newEntryClient() if err != nil { return nil, err } @@ -400,7 +400,7 @@ func (c *client) fetchEntries(ctx context.Context) ([]*types.Entry, error) { } func (c *client) syncEntries(ctx context.Context, cachedEntries map[string]*common.RegistrationEntry) (SyncEntriesStats, error) { - entryClient, connection, err := c.newEntryClient(ctx) + entryClient, connection, err := c.newEntryClient() if err != nil { return SyncEntriesStats{}, err } @@ -580,7 +580,7 @@ func (c *client) streamAndSyncEntries(ctx context.Context, entryClient entryv1.E } func (c *client) fetchBundles(ctx context.Context, federatedBundles []string) ([]*types.Bundle, error) { - bundleClient, connection, err := c.newBundleClient(ctx) + bundleClient, connection, err := c.newBundleClient() if err != nil { return nil, err } @@ -621,7 +621,7 @@ func (c *client) fetchBundles(ctx context.Context, federatedBundles []string) ([ } func (c *client) fetchSVIDs(ctx context.Context, params []*svidv1.NewX509SVIDParams) ([]*types.X509SVID, error) { - svidClient, connection, err := c.newSVIDClient(ctx) + svidClient, connection, err := c.newSVIDClient() if err != nil { return nil, err } @@ -653,44 +653,44 @@ func (c *client) fetchSVIDs(ctx context.Context, params []*svidv1.NewX509SVIDPar return svids, nil } -func (c *client) newEntryClient(ctx context.Context) (entryv1.EntryClient, *nodeConn, error) { - conn, err := c.getOrOpenConn(ctx) +func (c *client) newEntryClient() (entryv1.EntryClient, *nodeConn, error) { + conn, err := c.getOrOpenConn() if err != nil { return nil, nil, err } return entryv1.NewEntryClient(conn.Conn()), conn, nil } -func (c *client) newBundleClient(ctx context.Context) (bundlev1.BundleClient, *nodeConn, error) { - conn, err := c.getOrOpenConn(ctx) +func (c *client) newBundleClient() (bundlev1.BundleClient, *nodeConn, error) { + conn, err := c.getOrOpenConn() if err != nil { return nil, nil, err } return bundlev1.NewBundleClient(conn.Conn()), conn, nil } -func (c *client) newSVIDClient(ctx context.Context) (svidv1.SVIDClient, *nodeConn, error) { - conn, err := c.getOrOpenConn(ctx) +func (c *client) newSVIDClient() (svidv1.SVIDClient, *nodeConn, error) { + conn, err := c.getOrOpenConn() if err != nil { return nil, nil, err } return svidv1.NewSVIDClient(conn.Conn()), conn, nil } -func (c *client) newAgentClient(ctx context.Context) (agentv1.AgentClient, *nodeConn, error) { - conn, err := c.getOrOpenConn(ctx) +func (c *client) newAgentClient() (agentv1.AgentClient, *nodeConn, error) { + conn, err := c.getOrOpenConn() if err != nil { return nil, nil, err } return agentv1.NewAgentClient(conn.Conn()), conn, nil } -func (c *client) getOrOpenConn(ctx context.Context) (*nodeConn, error) { +func (c *client) getOrOpenConn() (*nodeConn, error) { c.m.Lock() defer c.m.Unlock() if c.connections == nil { - conn, err := c.dial(ctx) + conn, err := c.newServerGRPCClient() if err != nil { return nil, err } diff --git a/pkg/agent/client/client_test.go b/pkg/agent/client/client_test.go index 32ddae38e0..76be07ec10 100644 --- a/pkg/agent/client/client_test.go +++ b/pkg/agent/client/client_test.go @@ -403,7 +403,6 @@ func TestRenewSVID(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { logHook.Reset() tc.agentServer.err = tt.agentErr @@ -660,27 +659,27 @@ func TestFetchReleaseWaitsForFetchUpdatesToFinish(t *testing.T) { func TestNewNodeClientRelease(t *testing.T) { client, _ := createClient(t) - for i := 0; i < 3; i++ { + for range 3 { // Create agent client and release - _, r, err := client.newAgentClient(ctx) + _, r, err := client.newAgentClient() require.NoError(t, err) assertConnectionIsNotNil(t, client) r.Release() // Create bundle client and release - _, r, err = client.newBundleClient(ctx) + _, r, err = client.newBundleClient() require.NoError(t, err) assertConnectionIsNotNil(t, client) r.Release() // Create entry client and release - _, r, err = client.newEntryClient(ctx) + _, r, err = client.newEntryClient() require.NoError(t, err) assertConnectionIsNotNil(t, client) r.Release() // Create svid client and release - _, r, err = client.newSVIDClient(ctx) + _, r, err = client.newSVIDClient() require.NoError(t, err) assertConnectionIsNotNil(t, client) r.Release() @@ -697,9 +696,9 @@ func TestNewNodeClientRelease(t *testing.T) { func TestNewNodeInternalClientRelease(t *testing.T) { client, _ := createClient(t) - for i := 0; i < 3; i++ { + for range 3 { // Create agent client - _, conn, err := client.newAgentClient(ctx) + _, conn, err := client.newAgentClient() require.NoError(t, err) assertConnectionIsNotNil(t, client) @@ -708,7 +707,7 @@ func TestNewNodeInternalClientRelease(t *testing.T) { assertConnectionIsNil(t, client) // Create bundle client - _, conn, err = client.newBundleClient(ctx) + _, conn, err = client.newBundleClient() require.NoError(t, err) assertConnectionIsNotNil(t, client) @@ -717,7 +716,7 @@ func TestNewNodeInternalClientRelease(t *testing.T) { assertConnectionIsNil(t, client) // Create entry client - _, conn, err = client.newEntryClient(ctx) + _, conn, err = client.newEntryClient() require.NoError(t, err) assertConnectionIsNotNil(t, client) @@ -726,7 +725,7 @@ func TestNewNodeInternalClientRelease(t *testing.T) { assertConnectionIsNil(t, client) // Create svid client - _, conn, err = client.newSVIDClient(ctx) + _, conn, err = client.newSVIDClient() require.NoError(t, err) assertConnectionIsNotNil(t, client) @@ -757,7 +756,6 @@ func TestFetchUpdatesReleaseConnectionIfItFailsToFetch(t *testing.T) { err: "failed to fetch bundle: rpc error: code = Unknown desc = an error", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { client, tc := createClient(t) tt.setupTest(tc) @@ -829,54 +827,6 @@ func TestFetchUpdatesAddStructuredLoggingIfCallToFetchBundlesFails(t *testing.T) spiretest.AssertLogs(t, logHook.AllEntries(), entries) } -func TestNewAgentClientFailsDial(t *testing.T) { - client := newClient(&Config{ - KeysAndBundle: keysAndBundle, - TrustDomain: trustDomain, - }) - agentClient, conn, err := client.newAgentClient(ctx) - require.Error(t, err) - require.Contains(t, err.Error(), "failed to dial") - require.Nil(t, agentClient) - require.Nil(t, conn) -} - -func TestNewBundleClientFailsDial(t *testing.T) { - client := newClient(&Config{ - KeysAndBundle: keysAndBundle, - TrustDomain: trustDomain, - }) - agentClient, conn, err := client.newBundleClient(ctx) - require.Error(t, err) - require.Contains(t, err.Error(), "failed to dial") - require.Nil(t, agentClient) - require.Nil(t, conn) -} - -func TestNewEntryClientFailsDial(t *testing.T) { - client := newClient(&Config{ - KeysAndBundle: keysAndBundle, - TrustDomain: trustDomain, - }) - agentClient, conn, err := client.newEntryClient(ctx) - require.Error(t, err) - require.Contains(t, err.Error(), "failed to dial") - require.Nil(t, agentClient) - require.Nil(t, conn) -} - -func TestNewSVIDClientFailsDial(t *testing.T) { - client := newClient(&Config{ - KeysAndBundle: keysAndBundle, - TrustDomain: trustDomain, - }) - agentClient, conn, err := client.newSVIDClient(ctx) - require.Error(t, err) - require.Contains(t, err.Error(), "failed to dial") - require.Nil(t, agentClient) - require.Nil(t, conn) -} - func TestFetchJWTSVID(t *testing.T) { client, tc := createClient(t) @@ -969,7 +919,6 @@ func TestFetchJWTSVID(t *testing.T) { fetchErr: status.Error(codes.Internal, "NewJWTSVID fails"), }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { tt.setupTest(tt.fetchErr) resp, err := client.NewJWTSVID(ctx, "entry-id", []string{"myAud"}) @@ -1012,11 +961,10 @@ func createClient(t *testing.T) (*client, *testServer) { listener := bufconn.Listen(1024) spiretest.ServeGRPCServerOnListener(t, server, listener) - client.dialContext = func(ctx context.Context, addr string, opts ...grpc.DialOption) (*grpc.ClientConn, error) { - return grpc.DialContext(ctx, addr, //nolint: staticcheck // It is going to be resolved on #5152 - grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(func(ctx context.Context, _ string) (net.Conn, error) { - return listener.DialContext(ctx) - })) + client.dialOpts = []grpc.DialOption{ + grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(func(ctx context.Context, _ string) (net.Conn, error) { + return listener.DialContext(ctx) + }), } return client, tc } diff --git a/pkg/agent/client/dial.go b/pkg/agent/client/dial.go index 2b6689af28..36c3eb9399 100644 --- a/pkg/agent/client/dial.go +++ b/pkg/agent/client/dial.go @@ -1,11 +1,9 @@ package client import ( - "context" "crypto" "crypto/tls" "crypto/x509" - "errors" "fmt" "time" @@ -25,7 +23,7 @@ const ( roundRobinServiceConfig = `{ "loadBalancingConfig": [ { "round_robin": {} } ] }` ) -type DialServerConfig struct { +type ServerClientConfig struct { // Address is the SPIRE server address Address string @@ -42,11 +40,11 @@ type DialServerConfig struct { // TLSPolicy determines the post-quantum-safe policy to apply to all TLS connections. TLSPolicy tlspolicy.Policy - // dialContext is an optional constructor for the grpc client connection. - dialContext func(ctx context.Context, target string, opts ...grpc.DialOption) (*grpc.ClientConn, error) + // dialOpts are optional gRPC dial options + dialOpts []grpc.DialOption } -func DialServer(ctx context.Context, config DialServerConfig) (*grpc.ClientConn, error) { +func NewServerGRPCClient(config ServerClientConfig) (*grpc.ClientConn, error) { bundleSource := newBundleSource(config.TrustDomain, config.GetBundle) serverID, err := idutil.ServerID(config.TrustDomain) if err != nil { @@ -66,29 +64,20 @@ func DialServer(ctx context.Context, config DialServerConfig) (*grpc.ClientConn, return nil, err } - ctx, cancel := context.WithTimeout(ctx, defaultDialTimeout) - defer cancel() - - if config.dialContext == nil { - config.dialContext = grpc.DialContext //nolint: staticcheck // It is going to be resolved on #5152 + dialOpts := config.dialOpts + if dialOpts == nil { + dialOpts = []grpc.DialOption{ + grpc.WithDefaultServiceConfig(roundRobinServiceConfig), + grpc.WithDisableServiceConfig(), + grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)), + } } - client, err := config.dialContext(ctx, config.Address, - grpc.WithDefaultServiceConfig(roundRobinServiceConfig), - grpc.WithDisableServiceConfig(), - grpc.FailOnNonTempDialError(true), //nolint: staticcheck // It is going to be resolved on #5152 - grpc.WithBlock(), //nolint: staticcheck // It is going to be resolved on #5152 - grpc.WithReturnConnectionError(), //nolint: staticcheck // It is going to be resolved on #5152 - grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)), - ) - switch { - case err == nil: - case errors.Is(err, context.Canceled): - return nil, fmt.Errorf("failed to dial %s: canceled", config.Address) - case errors.Is(err, context.DeadlineExceeded): - return nil, fmt.Errorf("failed to dial %s: timed out", config.Address) - default: - return nil, fmt.Errorf("failed to dial %s: %w", config.Address, err) + + client, err := grpc.NewClient(config.Address, dialOpts...) + if err != nil { + return nil, fmt.Errorf("failed to create gRPC client: %w", err) } + return client, nil } diff --git a/pkg/agent/client/nodeconn_test.go b/pkg/agent/client/nodeconn_test.go index 892092588d..0e77c63d84 100644 --- a/pkg/agent/client/nodeconn_test.go +++ b/pkg/agent/client/nodeconn_test.go @@ -1,7 +1,6 @@ package client import ( - "context" "crypto" "crypto/x509" "testing" @@ -33,11 +32,11 @@ func newTestConn(t *testing.T) *grpc.ClientConn { KeysAndBundle: emptyKeysAndBundle, TrustDomain: trustDomain, }) - client.dialContext = func(_ context.Context, addr string, opts ...grpc.DialOption) (*grpc.ClientConn, error) { + client.dialOpts = []grpc.DialOption{ // make a normal grpc dial but without any of the provided options that may cause it to fail - return grpc.NewClient(addr, grpc.WithTransportCredentials(insecure.NewCredentials())) + grpc.WithTransportCredentials(insecure.NewCredentials()), } - conn, err := client.dial(context.Background()) + conn, err := client.newServerGRPCClient() require.NoError(t, err) return conn } @@ -64,7 +63,7 @@ func TestNewNodeMany(t *testing.T) { firstRelease := false go func() { - for i := 0; i < 100; i++ { + for range 100 { nodeConn.AddRef() if !firstRelease { nodeConn.Release() @@ -75,7 +74,7 @@ func TestNewNodeMany(t *testing.T) { }() go func() { - for i := 0; i < 100; i++ { + for range 100 { nodeConn.Release() } close(waitForReleases) diff --git a/pkg/agent/common/sigstore/sigstore_test.go b/pkg/agent/common/sigstore/sigstore_test.go index 7d516bb93f..d95406ec2b 100644 --- a/pkg/agent/common/sigstore/sigstore_test.go +++ b/pkg/agent/common/sigstore/sigstore_test.go @@ -381,7 +381,6 @@ func TestVerify(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() diff --git a/pkg/agent/endpoints/endpoints_posix_test.go b/pkg/agent/endpoints/endpoints_posix_test.go index 28f741a438..4cf18b8798 100644 --- a/pkg/agent/endpoints/endpoints_posix_test.go +++ b/pkg/agent/endpoints/endpoints_posix_test.go @@ -3,7 +3,6 @@ package endpoints import ( - "context" "net" "path/filepath" "testing" @@ -18,6 +17,6 @@ func getTestAddr(t *testing.T) net.Addr { } } -func testRemoteCaller(context.Context, *testing.T, string) { +func testRemoteCaller(*testing.T, string) { // No testing for UDS endpoints } diff --git a/pkg/agent/endpoints/endpoints_test.go b/pkg/agent/endpoints/endpoints_test.go index 1b8e42d6db..a444039eb3 100644 --- a/pkg/agent/endpoints/endpoints_test.go +++ b/pkg/agent/endpoints/endpoints_test.go @@ -163,7 +163,6 @@ func TestEndpoints(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { log, hook := test.NewNullLogger() metrics := fakemetrics.New() @@ -229,11 +228,11 @@ func TestEndpoints(t *testing.T) { require.NoError(t, err) if tt.fromRemote { - testRemoteCaller(ctx, t, target) + testRemoteCaller(t, target) return } - conn, err := util.GRPCDialContext(ctx, target, grpc.WithBlock()) //nolint: staticcheck // It is going to be resolved on #5152 + conn, err := util.NewGRPCClient(target) require.NoError(t, err) defer conn.Close() diff --git a/pkg/agent/endpoints/endpoints_windows_test.go b/pkg/agent/endpoints/endpoints_windows_test.go index 0141bad4a7..7811e2f909 100644 --- a/pkg/agent/endpoints/endpoints_windows_test.go +++ b/pkg/agent/endpoints/endpoints_windows_test.go @@ -14,21 +14,25 @@ import ( "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/require" "golang.org/x/sys/windows" - "google.golang.org/grpc" + "google.golang.org/grpc/health/grpc_health_v1" ) func getTestAddr(*testing.T) net.Addr { return spiretest.GetRandNamedPipeAddr() } -func testRemoteCaller(ctx context.Context, t *testing.T, target string) { +func testRemoteCaller(t *testing.T, target string) { hostName, err := os.Hostname() require.NoError(t, err) // Use the host name instead of "." in the target, as it would be a remote caller targetAsRemote := strings.ReplaceAll(target, "\\\\.\\", fmt.Sprintf("\\\\%s\\", hostName)) - _, err = util.GRPCDialContext(ctx, targetAsRemote, grpc.WithBlock(), grpc.FailOnNonTempDialError(true)) //nolint: staticcheck // It is going to be resolved on #5152 + conn, err := util.NewGRPCClient(targetAsRemote) + require.NoError(t, err) + + healthClient := grpc_health_v1.NewHealthClient(conn) + _, err = healthClient.Check(context.Background(), &grpc_health_v1.HealthCheckRequest{}) // Remote calls must be denied - require.ErrorIs(t, err, windows.ERROR_ACCESS_DENIED) + require.ErrorContains(t, err, windows.ERROR_ACCESS_DENIED.Error()) } diff --git a/pkg/agent/endpoints/sdsv3/handler.go b/pkg/agent/endpoints/sdsv3/handler.go index 664e9c9f85..381f194904 100644 --- a/pkg/agent/endpoints/sdsv3/handler.go +++ b/pkg/agent/endpoints/sdsv3/handler.go @@ -22,7 +22,6 @@ import ( "github.com/spiffe/spire/pkg/common/pemutil" "github.com/spiffe/spire/pkg/common/telemetry" "github.com/spiffe/spire/proto/spire/common" - "github.com/zeebo/errs" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/types/known/anypb" @@ -99,7 +98,7 @@ func (h *Handler) StreamSecrets(stream secret_v3.SecretDiscoveryService_StreamSe }() var versionCounter int64 - var versionInfo = strconv.FormatInt(versionCounter, 10) + versionInfo := strconv.FormatInt(versionCounter, 10) var lastNonce string var lastNode *core_v3.Node var upd *cache.WorkloadUpdate @@ -150,7 +149,7 @@ func (h *Handler) StreamSecrets(stream secret_v3.SecretDiscoveryService_StreamSe // We need to send updates if the requested resource list has changed // either explicitly, or implicitly because this is the first request. - var sendUpdates = lastReq == nil || subListChanged(lastReq.ResourceNames, newReq.ResourceNames) + sendUpdates := lastReq == nil || subListChanged(lastReq.ResourceNames, newReq.ResourceNames) // save request so that all future workload updates lead to SDS updates for the last request lastReq = newReq @@ -172,7 +171,9 @@ func (h *Handler) StreamSecrets(stream secret_v3.SecretDiscoveryService_StreamSe continue } case err := <-errch: - log.WithError(err).Error("Received error from stream secrets server") + if err != nil { + log.WithError(err).Error("Received error from stream secrets server") + } return err } @@ -206,7 +207,7 @@ func subListChanged(oldSubs []string, newSubs []string) (b bool) { if len(oldSubs) != len(newSubs) { return true } - var subMap = make(map[string]bool) + subMap := make(map[string]bool) for _, sub := range oldSubs { subMap[sub] = true } @@ -582,7 +583,7 @@ func nextNonce() (string, error) { b := make([]byte, 4) _, err := rand.Read(b) if err != nil { - return "", errs.Wrap(err) + return "", err } return hex.EncodeToString(b), nil } diff --git a/pkg/agent/endpoints/workload/handler.go b/pkg/agent/endpoints/workload/handler.go index 9f191a1471..68cf81087a 100644 --- a/pkg/agent/endpoints/workload/handler.go +++ b/pkg/agent/endpoints/workload/handler.go @@ -22,7 +22,6 @@ import ( "github.com/spiffe/spire/pkg/common/telemetry" "github.com/spiffe/spire/pkg/common/x509util" "github.com/spiffe/spire/proto/spire/common" - "github.com/zeebo/errs" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/encoding/protojson" @@ -512,12 +511,12 @@ func keyStoreFromBundles(bundles []*spiffebundle.Bundle) (jwtsvid.KeyStore, erro func structFromValues(values map[string]any) (*structpb.Struct, error) { valuesJSON, err := json.Marshal(values) if err != nil { - return nil, errs.Wrap(err) + return nil, err } s := new(structpb.Struct) if err := protojson.Unmarshal(valuesJSON, s); err != nil { - return nil, errs.Wrap(err) + return nil, err } return s, nil diff --git a/pkg/agent/endpoints/workload/handler_test.go b/pkg/agent/endpoints/workload/handler_test.go index d2c90c3911..73cae14635 100644 --- a/pkg/agent/endpoints/workload/handler_test.go +++ b/pkg/agent/endpoints/workload/handler_test.go @@ -266,7 +266,6 @@ func TestFetchX509SVID(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { params := testParams{ CA: ca, @@ -425,7 +424,6 @@ func TestFetchX509Bundles(t *testing.T) { }, }, } { - tt := tt t.Run(tt.testName, func(t *testing.T) { params := testParams{ CA: ca, @@ -837,7 +835,6 @@ func TestFetchJWTSVID(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { params := testParams{ CA: ca, @@ -1042,7 +1039,6 @@ func TestFetchJWTBundles(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { params := testParams{ CA: ca, @@ -1476,7 +1472,6 @@ func TestValidateJWTSVID(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { params := testParams{ Updates: tt.updates, @@ -1541,7 +1536,7 @@ func runTest(t *testing.T, params testParams, fn func(ctx context.Context, clien ), grpctest.OverUDS(), ) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) // Provide a cancelable context to ensure the stream is always // closed when the test case is done, and also to ensure that diff --git a/pkg/agent/manager/cache/jwt_cache_test.go b/pkg/agent/manager/cache/jwt_cache_test.go index 754ece5266..eb9748f3ea 100644 --- a/pkg/agent/manager/cache/jwt_cache_test.go +++ b/pkg/agent/manager/cache/jwt_cache_test.go @@ -201,7 +201,6 @@ func TestJWTSVIDCache(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { cache := NewJWTSVIDCache(log, fakeMetrics, 8) if tt.setJWTSVIDsCached != nil { diff --git a/pkg/agent/manager/cache/lru_cache_test.go b/pkg/agent/manager/cache/lru_cache_test.go index 70b953446f..c251dd415c 100644 --- a/pkg/agent/manager/cache/lru_cache_test.go +++ b/pkg/agent/manager/cache/lru_cache_test.go @@ -1251,7 +1251,7 @@ func BenchmarkLRUCacheGlobalNotification(b *testing.B) { Bundles: bundlesV1, RegistrationEntries: make(map[string]*common.RegistrationEntry, numEntries), } - for i := 0; i < numEntries; i++ { + for i := range numEntries { entryID := fmt.Sprintf("00000000-0000-0000-0000-%012d", i) updateEntries.RegistrationEntries[entryID] = &common.RegistrationEntry{ EntryId: entryID, @@ -1262,7 +1262,7 @@ func BenchmarkLRUCacheGlobalNotification(b *testing.B) { } cache.UpdateEntries(updateEntries, nil) - for i := 0; i < numWorkloads; i++ { + for i := range numWorkloads { selectors := distinctSelectors(i, selectorsPerWorkload) cache.NewSubscriber(selectors) } @@ -1271,7 +1271,7 @@ func BenchmarkLRUCacheGlobalNotification(b *testing.B) { b.ResetTimer() b.ReportAllocs() - for i := 0; i < b.N; i++ { + for i := range b.N { if i%2 == 0 { updateEntries.Bundles = bundlesV2 } else { @@ -1299,7 +1299,7 @@ func createUpdateEntries(numEntries int, bundles map[spiffeid.TrustDomain]*spiff RegistrationEntries: make(map[string]*common.RegistrationEntry, numEntries), } - for i := 0; i < numEntries; i++ { + for i := range numEntries { entryID := fmt.Sprintf("00000000-0000-0000-0000-%012d", i) updateEntries.RegistrationEntries[entryID] = &common.RegistrationEntry{ EntryId: entryID, @@ -1335,7 +1335,7 @@ func subscribeToWorkloadUpdates(t *testing.T, cache *LRUCache, selectors []*comm func distinctSelectors(id, n int) []*common.Selector { out := make([]*common.Selector, 0, n) - for i := 0; i < n; i++ { + for i := range n { out = append(out, &common.Selector{ Type: "test", Value: fmt.Sprintf("id:%d:n:%d", id, i), @@ -1436,7 +1436,7 @@ func makeFederatesWith(bundles ...*Bundle) []string { func createTestEntries(count int) []*common.RegistrationEntry { var entries []*common.RegistrationEntry - for i := 0; i < count; i++ { + for i := range count { entry := makeRegistrationEntry(fmt.Sprintf("e%d", i), fmt.Sprintf("s%d", i)) entries = append(entries, entry) } diff --git a/pkg/agent/manager/manager_test.go b/pkg/agent/manager/manager_test.go index f566155534..8a561dae1e 100644 --- a/pkg/agent/manager/manager_test.go +++ b/pkg/agent/manager/manager_test.go @@ -455,7 +455,7 @@ func TestSVIDRotation(t *testing.T) { defer closer() // Loop, we should not detect SVID rotations - for i := 0; i < 10; i++ { + for range 10 { s := m.GetCurrentCredentials() svid = s.SVID require.True(t, svidsEqual(svid, baseSVID)) diff --git a/pkg/agent/manager/storecache/cache_test.go b/pkg/agent/manager/storecache/cache_test.go index 008748126a..17f4ccc39b 100644 --- a/pkg/agent/manager/storecache/cache_test.go +++ b/pkg/agent/manager/storecache/cache_test.go @@ -523,8 +523,6 @@ func TestUpdateEntries(t *testing.T) { }, }, } { - tt := tt - t.Run(tt.name, func(t *testing.T) { log, hook := test.NewNullLogger() log.Level = logrus.DebugLevel diff --git a/pkg/agent/plugin/keymanager/test/keymanagertest.go b/pkg/agent/plugin/keymanager/test/keymanagertest.go index 01328e743a..ada6655df3 100644 --- a/pkg/agent/plugin/keymanager/test/keymanagertest.go +++ b/pkg/agent/plugin/keymanager/test/keymanagertest.go @@ -263,7 +263,6 @@ func assertRSAKey(t *testing.T, key keymanager.Key, bits int) { func testSignCertificates(t *testing.T, key keymanager.Key, signatureAlgorithms []x509.SignatureAlgorithm) { for _, signatureAlgorithm := range signatureAlgorithms { - signatureAlgorithm := signatureAlgorithm t.Run("sign data "+signatureAlgorithm.String(), func(t *testing.T) { assertSignCertificate(t, key, signatureAlgorithm) }) diff --git a/pkg/agent/plugin/keymanager/v1_test.go b/pkg/agent/plugin/keymanager/v1_test.go index b465cc738a..95903cdb3f 100644 --- a/pkg/agent/plugin/keymanager/v1_test.go +++ b/pkg/agent/plugin/keymanager/v1_test.go @@ -72,7 +72,6 @@ func TestV1GenerateKey(t *testing.T) { expectCode: codes.OK, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := fakeV1Plugin{ generateKeyResponse: &keymanagerv1.GenerateKeyResponse{ @@ -137,7 +136,6 @@ func TestV1GetKey(t *testing.T) { expectCode: codes.OK, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := fakeV1Plugin{ getPublicKeyResponse: &keymanagerv1.GetPublicKeyResponse{ @@ -194,7 +192,6 @@ func TestV1GetKeys(t *testing.T) { expectCode: codes.OK, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { resp := &keymanagerv1.GetPublicKeysResponse{} if tt.publicKey != nil { @@ -291,7 +288,6 @@ func TestV1SignData(t *testing.T) { expectCode: codes.OK, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := fakeV1Plugin{ expectSignerOpts: tt.expectSignerOpts, diff --git a/pkg/agent/plugin/nodeattestor/gcpiit/iit_test.go b/pkg/agent/plugin/nodeattestor/gcpiit/iit_test.go index 523e136948..bc0bc5a8c7 100644 --- a/pkg/agent/plugin/nodeattestor/gcpiit/iit_test.go +++ b/pkg/agent/plugin/nodeattestor/gcpiit/iit_test.go @@ -160,7 +160,6 @@ func TestRetrieveIdentity(t *testing.T) { } for _, tt := range tests { - tt := tt // alias loop variable as it is used in the closure t.Run(tt.msg, func(t *testing.T) { url := tt.url if tt.handleFunc != nil { diff --git a/pkg/agent/plugin/nodeattestor/httpchallenge/httpchallenge_test.go b/pkg/agent/plugin/nodeattestor/httpchallenge/httpchallenge_test.go index 4be50e94cc..19b33a6e6d 100644 --- a/pkg/agent/plugin/nodeattestor/httpchallenge/httpchallenge_test.go +++ b/pkg/agent/plugin/nodeattestor/httpchallenge/httpchallenge_test.go @@ -39,7 +39,6 @@ func TestConfigureCommon(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { plugin := newPlugin() @@ -85,7 +84,6 @@ func TestAidAttestationFailures(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { var err error p := loadAndConfigurePlugin(t, tt.trustDomain, tt.config) @@ -194,7 +192,6 @@ func TestAidAttestationSucceeds(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { var err error expectPayload, err := json.Marshal(&tt.attestationData) diff --git a/pkg/agent/plugin/nodeattestor/k8spsat/psat.go b/pkg/agent/plugin/nodeattestor/k8spsat/psat.go index 20e33c4c84..47f95ba21b 100644 --- a/pkg/agent/plugin/nodeattestor/k8spsat/psat.go +++ b/pkg/agent/plugin/nodeattestor/k8spsat/psat.go @@ -3,6 +3,7 @@ package k8spsat import ( "context" "encoding/json" + "fmt" "os" "sync" @@ -12,7 +13,6 @@ import ( "github.com/spiffe/spire/pkg/common/catalog" "github.com/spiffe/spire/pkg/common/plugin/k8s" "github.com/spiffe/spire/pkg/common/pluginconf" - "github.com/zeebo/errs" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -145,10 +145,10 @@ func (p *AttestorPlugin) getConfig() (*attestorConfig, error) { func loadTokenFromFile(path string) (string, error) { data, err := os.ReadFile(path) if err != nil { - return "", errs.Wrap(err) + return "", err } if len(data) == 0 { - return "", errs.New("%q is empty", path) + return "", fmt.Errorf("%q is empty", path) } return string(data), nil } diff --git a/pkg/agent/plugin/nodeattestor/k8ssat/sat.go b/pkg/agent/plugin/nodeattestor/k8ssat/sat.go index bce6fd91e6..d93d39a1d9 100644 --- a/pkg/agent/plugin/nodeattestor/k8ssat/sat.go +++ b/pkg/agent/plugin/nodeattestor/k8ssat/sat.go @@ -14,7 +14,6 @@ import ( "github.com/spiffe/spire/pkg/common/catalog" "github.com/spiffe/spire/pkg/common/plugin/k8s" "github.com/spiffe/spire/pkg/common/pluginconf" - "github.com/zeebo/errs" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -148,10 +147,10 @@ func (p *AttestorPlugin) getConfig() (*attestorConfig, error) { func loadTokenFromFile(path string) (string, error) { data, err := os.ReadFile(path) if err != nil { - return "", errs.Wrap(err) + return "", err } if len(data) == 0 { - return "", errs.New("%q is empty", path) + return "", fmt.Errorf("%q is empty", path) } return string(data), nil } diff --git a/pkg/agent/plugin/nodeattestor/tpmdevid/devid_test.go b/pkg/agent/plugin/nodeattestor/tpmdevid/devid_test.go index 562bb076d1..0e4966ecb9 100644 --- a/pkg/agent/plugin/nodeattestor/tpmdevid/devid_test.go +++ b/pkg/agent/plugin/nodeattestor/tpmdevid/devid_test.go @@ -166,7 +166,6 @@ func TestConfigureCommon(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { tpmdevid.AutoDetectTPMPath = func(string) (string, error) { if isWindows { @@ -265,7 +264,6 @@ func TestConfigurePosix(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { tpmdevid.AutoDetectTPMPath = func(string) (string, error) { if tt.autoDetectTPMFails { @@ -359,7 +357,6 @@ func TestConfigureWindows(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { tpmdevid.AutoDetectTPMPath = func(string) (string, error) { return "", errors.New("autodetect is not supported on windows") @@ -477,7 +474,6 @@ func TestAidAttestationFailures(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { sim := setupSimulator(t) diff --git a/pkg/agent/plugin/nodeattestor/tpmdevid/tpmutil/session_test.go b/pkg/agent/plugin/nodeattestor/tpmdevid/tpmutil/session_test.go index 1adc873b47..3c2d485f75 100644 --- a/pkg/agent/plugin/nodeattestor/tpmdevid/tpmutil/session_test.go +++ b/pkg/agent/plugin/nodeattestor/tpmdevid/tpmutil/session_test.go @@ -153,7 +153,6 @@ func TestNewSession(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { // Run hook if exists, generally used to intentionally cause an error // and test more code paths. @@ -251,7 +250,6 @@ func TestSolveDevIDChallenge(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { if isWindows { tt.scfg.DevicePath = "" @@ -325,7 +323,6 @@ func TestSolveCredActivationChallenge(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { nonce, err := tpm.SolveCredActivationChallenge(tt.credBlob, tt.encryptedSecret) if tt.expErr != "" { @@ -365,7 +362,6 @@ func TestCertifyDevIDKey(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { var devicePath string if !isWindows { @@ -463,7 +459,6 @@ func TestGetEKCert(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { if tt.hook != nil { tt.hook() @@ -521,7 +516,6 @@ func TestGetEKPublic(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { if tt.hook != nil { tt.hook() @@ -595,7 +589,6 @@ func TestAutoDetectTPMPath(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { // Create devices for _, fileName := range tt.deviceNames { diff --git a/pkg/agent/plugin/nodeattestor/v1_test.go b/pkg/agent/plugin/nodeattestor/v1_test.go index dacf9a6a67..41beeeec6f 100644 --- a/pkg/agent/plugin/nodeattestor/v1_test.go +++ b/pkg/agent/plugin/nodeattestor/v1_test.go @@ -107,7 +107,6 @@ func TestV1(t *testing.T) { expectMessage: "nodeattestor(test): plugin response missing challenge response", }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { nodeattestor := loadV1Plugin(t, tt.pluginImpl) err := nodeattestor.Attest(context.Background(), tt.streamImpl) diff --git a/pkg/agent/plugin/svidstore/gcpsecretmanager/gcloud.go b/pkg/agent/plugin/svidstore/gcpsecretmanager/gcloud.go index db7efe7258..d00aa94c94 100644 --- a/pkg/agent/plugin/svidstore/gcpsecretmanager/gcloud.go +++ b/pkg/agent/plugin/svidstore/gcpsecretmanager/gcloud.go @@ -145,11 +145,7 @@ func (p *SecretManagerPlugin) PutX509SVID(ctx context.Context, req *svidstorev1. Parent: opt.parent(), SecretId: opt.name, Secret: &secretmanagerpb.Secret{ - Replication: &secretmanagerpb.Replication{ - Replication: &secretmanagerpb.Replication_Automatic_{ - Automatic: &secretmanagerpb.Replication_Automatic{}, - }, - }, + Replication: opt.replication, Labels: map[string]string{ "spire-svid": p.tdHash, }, @@ -302,6 +298,7 @@ type secretOptions struct { name string roleName string serviceAccount string + replication *secretmanagerpb.Replication } // parent gets parent in the format `projects/*` @@ -346,11 +343,52 @@ func optionsFromSecretData(selectorData []string) (*secretOptions, error) { return nil, status.Error(codes.InvalidArgument, "service account is required when role is set") } + regions, ok := data["regions"] + + var replica *secretmanagerpb.Replication + + if !ok { + replica = &secretmanagerpb.Replication{ + Replication: &secretmanagerpb.Replication_Automatic_{ + Automatic: &secretmanagerpb.Replication_Automatic{}, + }, + } + } else { + regionsSlice := strings.Split(regions, ",") + + var replicas []*secretmanagerpb.Replication_UserManaged_Replica + + for _, region := range regionsSlice { + // Avoid adding empty strings as region + if region == "" { + continue + } + replica := &secretmanagerpb.Replication_UserManaged_Replica{ + Location: region, + } + + replicas = append(replicas, replica) + } + + if len(replicas) == 0 { + return nil, status.Error(codes.InvalidArgument, "need to specify at least one region") + } + + replica = &secretmanagerpb.Replication{ + Replication: &secretmanagerpb.Replication_UserManaged_{ + UserManaged: &secretmanagerpb.Replication_UserManaged{ + Replicas: replicas, + }, + }, + } + } + return &secretOptions{ name: name, projectID: projectID, roleName: roleName, serviceAccount: serviceAccount, + replication: replica, }, nil } diff --git a/pkg/agent/plugin/svidstore/gcpsecretmanager/gcloud_test.go b/pkg/agent/plugin/svidstore/gcpsecretmanager/gcloud_test.go index a2645a2342..5c9fc840a7 100644 --- a/pkg/agent/plugin/svidstore/gcpsecretmanager/gcloud_test.go +++ b/pkg/agent/plugin/svidstore/gcpsecretmanager/gcloud_test.go @@ -460,6 +460,97 @@ func TestPutX509SVID(t *testing.T) { getSecretErr: status.Error(codes.NotFound, "secret not found"), }, }, + { + name: "Add payload and create regional secret", + req: &svidstore.X509SVID{ + SVID: successReq.SVID, + Metadata: []string{ + "name:secret1", + "projectid:project1", + "regions:europe-north1", + }, + FederatedBundles: successReq.FederatedBundles, + }, + expectCreateSecretReq: &secretmanagerpb.CreateSecretRequest{ + Parent: "projects/project1", + SecretId: "secret1", + Secret: &secretmanagerpb.Secret{ + Replication: &secretmanagerpb.Replication{ + Replication: &secretmanagerpb.Replication_UserManaged_{ + UserManaged: &secretmanagerpb.Replication_UserManaged{ + Replicas: []*secretmanagerpb.Replication_UserManaged_Replica{ + { + Location: "europe-north1", + }, + }, + }, + }, + }, + Labels: map[string]string{ + "spire-svid": tdHash, + }, + }, + }, + expectGetSecretReq: &secretmanagerpb.GetSecretRequest{ + Name: "projects/project1/secrets/secret1", + }, + expectAddSecretVersionReq: &secretmanagerpb.AddSecretVersionRequest{ + Parent: "projects/project1/secrets/secret1", + Payload: &secretmanagerpb.SecretPayload{ + Data: payload, + }, + }, + clientConfig: &clientConfig{ + getSecretErr: status.Error(codes.NotFound, "secret not found"), + }, + }, + { + name: "Add payload and create secret in multiple regions", + req: &svidstore.X509SVID{ + SVID: successReq.SVID, + Metadata: []string{ + "name:secret1", + "projectid:project1", + "regions:europe-north1,europe-west1", + }, + FederatedBundles: successReq.FederatedBundles, + }, + expectCreateSecretReq: &secretmanagerpb.CreateSecretRequest{ + Parent: "projects/project1", + SecretId: "secret1", + Secret: &secretmanagerpb.Secret{ + Replication: &secretmanagerpb.Replication{ + Replication: &secretmanagerpb.Replication_UserManaged_{ + UserManaged: &secretmanagerpb.Replication_UserManaged{ + Replicas: []*secretmanagerpb.Replication_UserManaged_Replica{ + { + Location: "europe-north1", + }, + { + Location: "europe-west1", + }, + }, + }, + }, + }, + Labels: map[string]string{ + "spire-svid": tdHash, + }, + }, + }, + expectGetSecretReq: &secretmanagerpb.GetSecretRequest{ + Name: "projects/project1/secrets/secret1", + }, + expectAddSecretVersionReq: &secretmanagerpb.AddSecretVersionRequest{ + Parent: "projects/project1/secrets/secret1", + Payload: &secretmanagerpb.SecretPayload{ + Data: payload, + }, + }, + clientConfig: &clientConfig{ + getSecretErr: status.Error(codes.NotFound, "secret not found"), + }, + }, { name: "Add IAM policy when creating", req: &svidstore.X509SVID{ @@ -694,7 +785,6 @@ func TestPutX509SVID(t *testing.T) { expectMsgPrefix: "svidstore(gcp_secretmanager): failed to add secret version: rpc error: code = DeadlineExceeded desc = some error", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() diff --git a/pkg/agent/plugin/svidstore/utils_test.go b/pkg/agent/plugin/svidstore/utils_test.go index ff9325b6df..5b06567028 100644 --- a/pkg/agent/plugin/svidstore/utils_test.go +++ b/pkg/agent/plugin/svidstore/utils_test.go @@ -103,7 +103,6 @@ func TestParseMetadata(t *testing.T) { expectErr: `metadata does not contain a colon: "invalid"`, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { result, err := svidstore.ParseMetadata(tt.secretData) if tt.expectErr != "" { @@ -249,7 +248,6 @@ func TestSecretFromProto(t *testing.T) { err: "failed to parse FederatedBundle \"federated1\": x509: malformed certificate", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { resp, err := svidstore.SecretFromProto(tt.req) if tt.err != "" { diff --git a/pkg/agent/plugin/workloadattestor/docker/cgroup/dockerfinder_test.go b/pkg/agent/plugin/workloadattestor/docker/cgroup/dockerfinder_test.go index 2c62e730a3..47a9d57a3b 100644 --- a/pkg/agent/plugin/workloadattestor/docker/cgroup/dockerfinder_test.go +++ b/pkg/agent/plugin/workloadattestor/docker/cgroup/dockerfinder_test.go @@ -123,7 +123,6 @@ func TestContainerIDFinders(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.msg, func(t *testing.T) { cf, err := NewContainerIDFinder(tt.matchers) if tt.expectErr != "" { diff --git a/pkg/agent/plugin/workloadattestor/docker/docker_posix_test.go b/pkg/agent/plugin/workloadattestor/docker/docker_posix_test.go index 9458952530..a7151886df 100644 --- a/pkg/agent/plugin/workloadattestor/docker/docker_posix_test.go +++ b/pkg/agent/plugin/workloadattestor/docker/docker_posix_test.go @@ -89,7 +89,6 @@ func TestContainerExtraction(t *testing.T) { } for _, tt := range tests { - tt := tt // alias loop variable as it is used in the closure t.Run(tt.desc, func(t *testing.T) { withRootDirOpt := prepareRootDirOpt(t, tt.cgroups) var d Docker = dockerError{} diff --git a/pkg/agent/plugin/workloadattestor/docker/docker_test.go b/pkg/agent/plugin/workloadattestor/docker/docker_test.go index ec583c859f..3380228366 100644 --- a/pkg/agent/plugin/workloadattestor/docker/docker_test.go +++ b/pkg/agent/plugin/workloadattestor/docker/docker_test.go @@ -76,7 +76,6 @@ func TestDockerSelectors(t *testing.T) { } for _, tt := range tests { - tt := tt // alias loop variable as it is used in the closure t.Run(tt.desc, func(t *testing.T) { d := fakeContainer{ Labels: tt.mockContainerLabels, diff --git a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go index 9985cb3843..c29fdf8304 100644 --- a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go +++ b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go @@ -33,7 +33,7 @@ func createHelper(c *Plugin) ContainerHelper { rootDir = "/" } return &containerHelper{ - rootDir: c.rootDir, + rootDir: rootDir, } } diff --git a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix_test.go b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix_test.go index 0acb2019cb..6969b4368c 100644 --- a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix_test.go +++ b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix_test.go @@ -307,7 +307,6 @@ func TestGetContainerIDFromCGroups(t *testing.T) { expectMsg: "multiple pod UIDs found in cgroups (11111111-b29f-11e7-9350-020968147796, 22222222-b29f-11e7-9350-020968147796)", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { podUID, containerID, err := getPodUIDAndContainerIDFromCGroups(makeCGroups(tt.cgroupPaths)) spiretest.RequireGRPCStatus(t, err, tt.expectCode, tt.expectMsg) @@ -411,7 +410,6 @@ func TestGetPodUIDAndContainerIDFromCGroupPath(t *testing.T) { cgroupPath: "/kubepods/pod2732ca68f6358eba7703fb6f82a25c94", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { t.Logf("cgroup path=%s", tt.cgroupPath) podUID, containerID, ok := getPodUIDAndContainerIDFromCGroupPath(tt.cgroupPath) diff --git a/pkg/agent/plugin/workloadattestor/k8s/k8s_test.go b/pkg/agent/plugin/workloadattestor/k8s/k8s_test.go index e270c106b5..18387ed06f 100644 --- a/pkg/agent/plugin/workloadattestor/k8s/k8s_test.go +++ b/pkg/agent/plugin/workloadattestor/k8s/k8s_test.go @@ -579,7 +579,6 @@ func (s *Suite) TestConfigure() { } for _, testCase := range testCases { - testCase := testCase // alias loop variable as it is used in the closure s.T().Run(testCase.name, func(t *testing.T) { p := s.newPlugin() @@ -681,7 +680,6 @@ func (s *Suite) TestConfigureWithSigstore() { } for _, tc := range cases { - tc := tc s.T().Run(tc.name, func(t *testing.T) { p := s.newPlugin() diff --git a/pkg/agent/plugin/workloadattestor/systemd/systemd_posix_test.go b/pkg/agent/plugin/workloadattestor/systemd/systemd_posix_test.go index a947a642e9..cacdb8d14d 100644 --- a/pkg/agent/plugin/workloadattestor/systemd/systemd_posix_test.go +++ b/pkg/agent/plugin/workloadattestor/systemd/systemd_posix_test.go @@ -44,7 +44,6 @@ func TestPlugin(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase log, logHook := test.NewNullLogger() t.Run(testCase.name, func(t *testing.T) { p := loadPlugin(t, log) diff --git a/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go b/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go index ce014bf48c..f2ef844fcb 100644 --- a/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go +++ b/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go @@ -233,7 +233,6 @@ func (s *Suite) TestAttest() { s.writeFile("exe", []byte("data")) for _, testCase := range testCases { - testCase := testCase s.T().Run(testCase.name, func(t *testing.T) { defer s.logHook.Reset() diff --git a/pkg/agent/svid/rotator.go b/pkg/agent/svid/rotator.go index 85a1487596..c25b893fa7 100644 --- a/pkg/agent/svid/rotator.go +++ b/pkg/agent/svid/rotator.go @@ -255,7 +255,7 @@ func (r *rotator) reattest(ctx context.Context) (err error) { return err } - conn, err := r.serverConn(ctx, bundle) + conn, err := r.serverConn(bundle) if err != nil { return err } @@ -362,8 +362,8 @@ func (r *rotator) generateKey(ctx context.Context) (keymanager.Key, error) { return r.c.SVIDKeyManager.GenerateKey(ctx, existingKey) } -func (r *rotator) serverConn(ctx context.Context, bundle *spiffebundle.Bundle) (*grpc.ClientConn, error) { - return client.DialServer(ctx, client.DialServerConfig{ +func (r *rotator) serverConn(bundle *spiffebundle.Bundle) (*grpc.ClientConn, error) { + return client.NewServerGRPCClient(client.ServerClientConfig{ Address: r.c.ServerAddr, TrustDomain: r.c.TrustDomain, GetBundle: bundle.X509Authorities, diff --git a/pkg/agent/svid/store/service_test.go b/pkg/agent/svid/store/service_test.go index c3219b5077..d49ee3f689 100644 --- a/pkg/agent/svid/store/service_test.go +++ b/pkg/agent/svid/store/service_test.go @@ -109,7 +109,6 @@ func TestRun(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() @@ -361,7 +360,6 @@ func TestRunDeleteSecrets(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Minute) defer cancel() diff --git a/pkg/common/api/middleware/metrics_test.go b/pkg/common/api/middleware/metrics_test.go index 753c59cf1d..b5773d4178 100644 --- a/pkg/common/api/middleware/metrics_test.go +++ b/pkg/common/api/middleware/metrics_test.go @@ -46,7 +46,6 @@ func TestWithMetrics(t *testing.T) { statusLabelValue: codes.PermissionDenied.String(), }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { var expectedLabels []telemetry.Label diff --git a/pkg/common/bundleutil/bundle_test.go b/pkg/common/bundleutil/bundle_test.go index 51a19e4c17..019460f9a2 100644 --- a/pkg/common/bundleutil/bundle_test.go +++ b/pkg/common/bundleutil/bundle_test.go @@ -88,7 +88,6 @@ func TestPruneBundle(t *testing.T) { changed: true, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { log, _ := testlog.NewNullLogger() newBundle, changed, err := PruneBundle(tt.bundle, tt.expiration, log) @@ -217,7 +216,6 @@ func TestCommonBundleFromProto(t *testing.T) { expectError: `bundle has an invalid trust domain "invalid TD": trust domain characters are limited to lowercase letters, numbers, dots, dashes, and underscores`, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { bundle, err := CommonBundleFromProto(tt.bundle) diff --git a/pkg/common/bundleutil/marshal_test.go b/pkg/common/bundleutil/marshal_test.go index 332073a3fd..ae7d2f8633 100644 --- a/pkg/common/bundleutil/marshal_test.go +++ b/pkg/common/bundleutil/marshal_test.go @@ -141,7 +141,6 @@ func TestMarshal(t *testing.T) { trustDomain := spiffeid.RequireTrustDomainFromString("domain.test") for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { bundle := spiffebundle.New(trustDomain) bundle.SetRefreshHint(time.Minute) diff --git a/pkg/common/bundleutil/unmarshal.go b/pkg/common/bundleutil/unmarshal.go index c49fbadcb2..ff86b79a17 100644 --- a/pkg/common/bundleutil/unmarshal.go +++ b/pkg/common/bundleutil/unmarshal.go @@ -8,7 +8,6 @@ import ( "github.com/spiffe/go-spiffe/v2/bundle/spiffebundle" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*spiffebundle.Bundle, error) { @@ -22,7 +21,7 @@ func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*spiffebundle.Bundle func Unmarshal(trustDomain spiffeid.TrustDomain, data []byte) (*spiffebundle.Bundle, error) { doc := new(bundleDoc) if err := json.Unmarshal(data, doc); err != nil { - return nil, errs.Wrap(err) + return nil, err } return unmarshal(trustDomain, doc) } @@ -35,20 +34,20 @@ func unmarshal(trustDomain spiffeid.TrustDomain, doc *bundleDoc) (*spiffebundle. switch key.Use { case x509SVIDUse: if len(key.Certificates) != 1 { - return nil, errs.New("expected a single certificate in x509-svid entry %d; got %d", i, len(key.Certificates)) + return nil, fmt.Errorf("expected a single certificate in x509-svid entry %d; got %d", i, len(key.Certificates)) } bundle.AddX509Authority(key.Certificates[0]) case jwtSVIDUse: if key.KeyID == "" { - return nil, errs.New("missing key ID in jwt-svid entry %d", i) + return nil, fmt.Errorf("missing key ID in jwt-svid entry %d", i) } if err := bundle.AddJWTAuthority(key.KeyID, key.Key); err != nil { - return nil, errs.New("failed to add jwt-svid entry %d: %v", i, err) + return nil, fmt.Errorf("failed to add jwt-svid entry %d: %w", i, err) } case "": - return nil, errs.New("missing use for key entry %d", i) + return nil, fmt.Errorf("missing use for key entry %d", i) default: - return nil, errs.New("unrecognized use %q for key entry %d", key.Use, i) + return nil, fmt.Errorf("unrecognized use %q for key entry %d", key.Use, i) } } diff --git a/pkg/common/bundleutil/unmarshal_test.go b/pkg/common/bundleutil/unmarshal_test.go index 8424cf8683..5cc7da925f 100644 --- a/pkg/common/bundleutil/unmarshal_test.go +++ b/pkg/common/bundleutil/unmarshal_test.go @@ -106,7 +106,6 @@ func TestUnmarshal(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { bundle, err := Unmarshal(trustDomain, []byte(testCase.doc)) if testCase.err != "" { diff --git a/pkg/common/catalog/builtin.go b/pkg/common/catalog/builtin.go index ae246e8164..ec2bb48770 100644 --- a/pkg/common/catalog/builtin.go +++ b/pkg/common/catalog/builtin.go @@ -11,7 +11,6 @@ import ( "github.com/spiffe/spire-plugin-sdk/pluginsdk" "github.com/spiffe/spire-plugin-sdk/private" "github.com/spiffe/spire/pkg/common/log" - "github.com/zeebo/errs" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" ) @@ -145,9 +144,13 @@ func startPipeServer(server *grpc.Server, log logrus.FieldLogger) (_ *pipeConn, }() // Dial the server - conn, err := grpc.Dial("IGNORED", grpc.WithBlock(), grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(pipeNet.DialContext)) //nolint: staticcheck // It is going to be resolved on #5152 + conn, err := grpc.NewClient( + "passthrough:IGNORED", + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithContextDialer(pipeNet.DialContext), + ) if err != nil { - return nil, errs.Wrap(err) + return nil, err } closers = append(closers, conn) diff --git a/pkg/common/catalog/catalog_test.go b/pkg/common/catalog/catalog_test.go index badc35061e..c336cfa33c 100644 --- a/pkg/common/catalog/catalog_test.go +++ b/pkg/common/catalog/catalog_test.go @@ -317,7 +317,7 @@ func testPlugin(t *testing.T, pluginPath string) { t.Run("no maximum", func(t *testing.T) { testLoad(t, pluginPath, loadTest{ mutateConfig: func(config *catalog.Config) { - for i := 0; i < 10; i++ { + for range 10 { config.PluginConfigs = append(config.PluginConfigs, config.PluginConfigs[0]) } }, diff --git a/pkg/common/catalog/closers.go b/pkg/common/catalog/closers.go index 4e418ca905..d72a186fae 100644 --- a/pkg/common/catalog/closers.go +++ b/pkg/common/catalog/closers.go @@ -1,10 +1,10 @@ package catalog import ( + "errors" "io" "time" - "github.com/zeebo/errs" "google.golang.org/grpc" ) @@ -12,11 +12,12 @@ type closerGroup []io.Closer func (cs closerGroup) Close() error { // Close in reverse order. - var errs errs.Group + var errs error for i := len(cs) - 1; i >= 0; i-- { - errs.Add(cs[i].Close()) + errs = errors.Join(errs, cs[i].Close()) } - return errs.Err() + + return errs } type closerFunc func() diff --git a/pkg/common/catalog/external.go b/pkg/common/catalog/external.go index 1a65b19f53..177de77b59 100644 --- a/pkg/common/catalog/external.go +++ b/pkg/common/catalog/external.go @@ -14,7 +14,6 @@ import ( "github.com/spiffe/spire-plugin-sdk/pluginsdk" "github.com/spiffe/spire-plugin-sdk/private" "github.com/spiffe/spire/pkg/common/log" - "github.com/zeebo/errs" "google.golang.org/grpc" ) @@ -154,7 +153,7 @@ func (p *hcClientPlugin) GRPCClient(ctx context.Context, b *goplugin.GRPCBroker, // does not work yet anyway, so it is a moot point. listener, err := b.Accept(private.HostServiceProviderID) if err != nil { - return nil, errs.Wrap(err) + return nil, err } server := newHostServer(p.config.Log, p.config.Name, p.config.HostServices) diff --git a/pkg/common/cli/trust_domain_test.go b/pkg/common/cli/trust_domain_test.go index 158c22bdd6..8e1814a0c9 100644 --- a/pkg/common/cli/trust_domain_test.go +++ b/pkg/common/cli/trust_domain_test.go @@ -38,7 +38,6 @@ func TestParseTrustDomain(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.msg, func(t *testing.T) { logger, hook := logtest.NewNullLogger() td, err := ParseTrustDomain(testCase.domain, logger) diff --git a/pkg/common/cliprinter/internal/structpretty/structpretty.go b/pkg/common/cliprinter/internal/structpretty/structpretty.go index 99bb37a883..a9e15e038f 100644 --- a/pkg/common/cliprinter/internal/structpretty/structpretty.go +++ b/pkg/common/cliprinter/internal/structpretty/structpretty.go @@ -55,7 +55,7 @@ func printStruct(msg any, stdout, stderr io.Writer) error { } builder := new(strings.Builder) - for i := 0; i < msgType.NumField(); i++ { + for i := range msgType.NumField() { fieldType := msgType.Field(i) fieldValue := msgValue.Field(i) diff --git a/pkg/common/container/process/winapi.go b/pkg/common/container/process/winapi.go index 2634b319f3..232fda40f9 100644 --- a/pkg/common/container/process/winapi.go +++ b/pkg/common/container/process/winapi.go @@ -145,7 +145,7 @@ func (a *api) QuerySystemExtendedHandleInformation() ([]SystemHandleInformationE handlesList := (*SystemExtendedHandleInformation)(unsafe.Pointer(&buffer[0])) handles := unsafe.Slice(&handlesList.Handles[0], int(handlesList.NumberOfHandles)) - return handles, nil + return handles, nil //nolint:nilerr } return nil, status diff --git a/pkg/common/cryptoutil/keys.go b/pkg/common/cryptoutil/keys.go index db73567185..fa4a1e938a 100644 --- a/pkg/common/cryptoutil/keys.go +++ b/pkg/common/cryptoutil/keys.go @@ -7,7 +7,6 @@ import ( "fmt" "github.com/go-jose/go-jose/v4" - "github.com/zeebo/errs" ) func RSAPublicKeyEqual(a, b *rsa.PublicKey) bool { @@ -58,7 +57,7 @@ func JoseAlgFromPublicKey(publicKey any) (jose.SignatureAlgorithm, error) { case *rsa.PublicKey: // Prevent the use of keys smaller than 2048 bits if publicKey.Size() < 256 { - return "", errs.New("unsupported RSA key size: %d", publicKey.Size()) + return "", fmt.Errorf("unsupported RSA key size: %d", publicKey.Size()) } alg = jose.RS256 case *ecdsa.PublicKey: @@ -69,10 +68,10 @@ func JoseAlgFromPublicKey(publicKey any) (jose.SignatureAlgorithm, error) { case 384: alg = jose.ES384 default: - return "", errs.New("unable to determine signature algorithm for EC public key size %d", params.BitSize) + return "", fmt.Errorf("unable to determine signature algorithm for EC public key size %d", params.BitSize) } default: - return "", errs.New("unable to determine signature algorithm for public key type %T", publicKey) + return "", fmt.Errorf("unable to determine signature algorithm for public key type %T", publicKey) } return alg, nil } diff --git a/pkg/common/diskcertmanager/cert_manager_test.go b/pkg/common/diskcertmanager/cert_manager_test.go index 71d76cbef4..cb6b54e8f1 100644 --- a/pkg/common/diskcertmanager/cert_manager_test.go +++ b/pkg/common/diskcertmanager/cert_manager_test.go @@ -221,7 +221,7 @@ func TestTLSConfig(t *testing.T) { t.Run("update cert file with an invalid cert start error log loop", func(t *testing.T) { writeFile(t, certFilePath, []byte("invalid-cert")) - for i := 0; i < 5; i++ { + for range 5 { clk.Add(10 * time.Millisecond) } @@ -254,7 +254,7 @@ func TestTLSConfig(t *testing.T) { writeFile(t, keyFilePath, []byte("invalid-key")) - for i := 0; i < 5; i++ { + for range 5 { clk.Add(10 * time.Millisecond) } @@ -302,7 +302,7 @@ func TestTLSConfig(t *testing.T) { t.Run("delete cert files start error log loop", func(t *testing.T) { removeFile(t, keyFilePath) - for i := 0; i < 5; i++ { + for range 5 { clk.Add(10 * time.Millisecond) } @@ -319,7 +319,7 @@ func TestTLSConfig(t *testing.T) { removeFile(t, certFilePath) - for i := 0; i < 5; i++ { + for range 5 { clk.Add(10 * time.Millisecond) } diff --git a/pkg/common/diskutil/file_posix_test.go b/pkg/common/diskutil/file_posix_test.go index bab3479188..ee96195a0d 100644 --- a/pkg/common/diskutil/file_posix_test.go +++ b/pkg/common/diskutil/file_posix_test.go @@ -94,7 +94,6 @@ func TestWriteFile(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { file := filepath.Join(dir, "file") err := tt.atomicWriteFunc(file, tt.data) diff --git a/pkg/common/diskutil/file_windows_test.go b/pkg/common/diskutil/file_windows_test.go index cf6789d87c..31e275cbcf 100644 --- a/pkg/common/diskutil/file_windows_test.go +++ b/pkg/common/diskutil/file_windows_test.go @@ -96,7 +96,6 @@ func TestWriteFile(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { file := filepath.Join(dir, "file") err := tt.atomicWriteFunc(file, tt.data) diff --git a/pkg/common/health/cache.go b/pkg/common/health/cache.go index 350c5dad3d..5c72230d72 100644 --- a/pkg/common/health/cache.go +++ b/pkg/common/health/cache.go @@ -132,21 +132,55 @@ func (c *cache) startRunner(ctx context.Context) { } } - ticker := c.clk.Ticker(readyCheckInterval) + startSteadyStateHealthCheckCh := make(chan struct{}) + // Run health check in a tighter loop until we get an initial ready + live state + go func() { + for { + checkFunc() + + allReady := true + allLive := true + for _, status := range c.getStatuses() { + if !status.details.Ready { + allReady = false + break + } + + if !status.details.Live { + allLive = false + break + } + } + + if allReady && allLive { + break + } + + select { + case <-c.clk.After(readyCheckInitialInterval): + case <-ctx.Done(): + return + } + } + + startSteadyStateHealthCheckCh <- struct{}{} + }() go func() { defer func() { c.log.Debug("Finishing health checker") - ticker.Stop() }() - for { - checkFunc() + // Wait until initial ready + live state is achieved, then periodically check health at a longer interval + <-startSteadyStateHealthCheckCh + for { select { - case <-ticker.C: + case <-c.clk.After(readyCheckInterval): case <-ctx.Done(): return } + + checkFunc() } }() } diff --git a/pkg/common/health/cache_test.go b/pkg/common/health/cache_test.go index 657824da9e..e863c18dc5 100644 --- a/pkg/common/health/cache_test.go +++ b/pkg/common/health/cache_test.go @@ -4,12 +4,11 @@ import ( "context" "errors" "testing" - "time" - "github.com/andres-erbsen/clock" "github.com/sirupsen/logrus" "github.com/sirupsen/logrus/hooks/test" "github.com/spiffe/spire/pkg/common/telemetry" + "github.com/spiffe/spire/test/clock" "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/require" ) @@ -17,13 +16,13 @@ import ( func TestAddCheck(t *testing.T) { log, _ := test.NewNullLogger() t.Run("add check no error", func(t *testing.T) { - c := newCache(log, clock.New()) + c := newCache(log, clock.NewMock(t)) err := c.addCheck("foh", &fakeCheckable{}) require.NoError(t, err) }) t.Run("add duplicated checker", func(t *testing.T) { - c := newCache(log, clock.New()) + c := newCache(log, clock.NewMock(t)) err := c.addCheck("foo", &fakeCheckable{}) require.NoError(t, err) @@ -36,7 +35,7 @@ func TestAddCheck(t *testing.T) { } func TestStartNoCheckerSet(t *testing.T) { - clockMock := clock.NewMock() + clockMock := clock.NewMock(t) log, hook := test.NewNullLogger() log.Level = logrus.DebugLevel @@ -52,7 +51,7 @@ func TestHealthFailsAndRecover(t *testing.T) { log, hook := test.NewNullLogger() log.Level = logrus.DebugLevel waitFor := make(chan struct{}, 1) - clockMock := clock.NewMock() + clockMock := clock.NewMock(t) c := newCache(log, clockMock) c.hooks.statusUpdated = waitFor @@ -67,8 +66,8 @@ func TestHealthFailsAndRecover(t *testing.T) { } barChecker := &fakeCheckable{ state: State{ - Live: true, - Ready: true, + Live: false, + Ready: false, LiveDetails: healthDetails{}, ReadyDetails: healthDetails{}, }, @@ -80,25 +79,98 @@ func TestHealthFailsAndRecover(t *testing.T) { err = c.addCheck("bar", barChecker) require.NoError(t, err) - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) - defer cancel() + ctx := context.Background() err = c.start(ctx) require.NoError(t, err) - t.Run("start successfully", func(t *testing.T) { + t.Run("fail to start initially", func(t *testing.T) { // Wait for initial calls - select { - case <-waitFor: - case <-ctx.Done(): - require.Fail(t, "unable to get updates because context is finished") - } + <-waitFor + expectLogs := []spiretest.LogEntry{ { Level: logrus.DebugLevel, Message: "Initializing health checkers", }, + { + Level: logrus.ErrorLevel, + Message: "Health check has failed", + Data: logrus.Fields{ + telemetry.Check: "bar", + telemetry.Error: "subsystem is not live or ready", + }, + }, + { + Level: logrus.WarnLevel, + Message: "Health check failed", + Data: logrus.Fields{ + telemetry.Check: "bar", + telemetry.Details: "{false false {} {}}", + telemetry.Error: "subsystem is not live or ready", + }, + }, + } + + expectStatus := map[string]checkState{ + "foo": { + details: State{ + Live: true, + Ready: true, + LiveDetails: healthDetails{}, + ReadyDetails: healthDetails{}, + }, + checkTime: clockMock.Now(), + }, + "bar": { + details: State{ + Live: false, + Ready: false, + LiveDetails: healthDetails{}, + ReadyDetails: healthDetails{}, + }, + checkTime: clockMock.Now(), + err: errors.New("subsystem is not live or ready"), + contiguousFailures: 1, + timeOfFirstFailure: clockMock.Now(), + }, } + + spiretest.AssertLogs(t, hook.AllEntries(), expectLogs) + require.Equal(t, expectStatus, c.getStatuses()) + }) + + // Clean logs + hook.Reset() + + barChecker.state = State{ + Live: true, + Ready: true, + LiveDetails: healthDetails{}, + ReadyDetails: healthDetails{}, + } + + t.Run("start successfully after initial failure", func(t *testing.T) { + // Move to next initial interval + clockMock.Add(readyCheckInitialInterval) + + // Wait for initial calls + <-waitFor + + expectLogs := []spiretest.LogEntry{ + { + Level: logrus.InfoLevel, + Message: "Health check recovered", + Data: logrus.Fields{ + telemetry.Check: "bar", + telemetry.Details: "{true true {} {}}", + telemetry.Duration: "1", + telemetry.Error: "subsystem is not live or ready", + telemetry.Failures: "1", + }, + }, + } + expectStatus := map[string]checkState{ "foo": { details: State{ @@ -139,12 +211,7 @@ func TestHealthFailsAndRecover(t *testing.T) { // Move to next interval clockMock.Add(readyCheckInterval) - // Wait for new call - select { - case <-waitFor: - case <-ctx.Done(): - require.Fail(t, "unable to get updates because context is finished") - } + <-waitFor expectStatus := map[string]checkState{ "foo": { @@ -202,11 +269,7 @@ func TestHealthFailsAndRecover(t *testing.T) { clockMock.Add(readyCheckInterval) // Wait for new call - select { - case <-waitFor: - case <-ctx.Done(): - require.Fail(t, "unable to get updates because context is finished") - } + <-waitFor expectStatus := map[string]checkState{ "foo": { @@ -262,11 +325,7 @@ func TestHealthFailsAndRecover(t *testing.T) { clockMock.Add(readyCheckInterval) // Wait for new call - select { - case <-waitFor: - case <-ctx.Done(): - require.Fail(t, "unable to get updates because context is finished") - } + <-waitFor expectStatus := map[string]checkState{ "foo": { diff --git a/pkg/common/health/health.go b/pkg/common/health/health.go index 11d7e4e3e6..83e4289804 100644 --- a/pkg/common/health/health.go +++ b/pkg/common/health/health.go @@ -4,7 +4,6 @@ import ( "context" "encoding/json" "errors" - "net" "net/http" "sync" "time" @@ -12,15 +11,11 @@ import ( "github.com/andres-erbsen/clock" "github.com/sirupsen/logrus" "github.com/spiffe/spire/pkg/common/telemetry" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" ) const ( - // testDialTimeout is the duration to wait for a test dial - testDialTimeout = 30 * time.Second - - readyCheckInterval = time.Minute + readyCheckInitialInterval = time.Second + readyCheckInterval = time.Minute ) // State is the health state of a subsystem. @@ -139,31 +134,6 @@ func (c *checker) ListenAndServe(ctx context.Context) error { return nil } -// WaitForTestDial tries to create a client connection to the given target -// with a blocking dial and a timeout specified in testDialTimeout. -// Nothing is done with the connection, which is just closed in case it -// is created. -func WaitForTestDial(ctx context.Context, addr net.Addr) { - ctx, cancel := context.WithTimeout(ctx, testDialTimeout) - defer cancel() - - conn, err := grpc.DialContext(ctx, //nolint: staticcheck // It is going to be resolved on #5152 - addr.String(), - grpc.WithTransportCredentials(insecure.NewCredentials()), - grpc.WithContextDialer(func(ctx context.Context, name string) (net.Conn, error) { - return net.DialUnix("unix", nil, &net.UnixAddr{ - Net: "unix", - Name: name, - }) - }), - grpc.WithBlock()) //nolint: staticcheck // It is going to be resolved on #5152 - if err != nil { - return - } - - _ = conn.Close() -} - // LiveState returns the global live state and details. func (c *checker) LiveState() (bool, any) { live, _, details, _ := c.checkStates() diff --git a/pkg/common/health/health_test.go b/pkg/common/health/health_test.go index 2d701a0074..b5407bcbe3 100644 --- a/pkg/common/health/health_test.go +++ b/pkg/common/health/health_test.go @@ -70,8 +70,7 @@ func TestCheckerListeners(t *testing.T) { waitFor := make(chan struct{}, 1) finalChecker.cache.hooks.statusUpdated = waitFor - ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) - defer cancel() + ctx := context.Background() go func() { _ = servableChecker.ListenAndServe(ctx) @@ -113,11 +112,7 @@ func TestCheckerListeners(t *testing.T) { barChecker.state.ReadyDetails = healthDetails{Err: "ready fails"} clk.Add(readyCheckInterval) - select { - case <-waitFor: - case <-ctx.Done(): - require.Fail(t, "unable to get updates") - } + <-waitFor t.Run("live fails", func(t *testing.T) { resp, err := http.Get("http://localhost:12345/live") diff --git a/pkg/common/hostservice/metricsservice/v1_test.go b/pkg/common/hostservice/metricsservice/v1_test.go index 8b668deb08..761cf8ddf3 100644 --- a/pkg/common/hostservice/metricsservice/v1_test.go +++ b/pkg/common/hostservice/metricsservice/v1_test.go @@ -43,7 +43,6 @@ func TestV1SetGauge(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { expected := fakemetrics.New() expected.SetGaugeWithLabels(tt.req.Key, tt.req.Val, v1ConvertToTelemetryLabels(tt.req.Labels)) @@ -89,7 +88,6 @@ func TestV1MeasureSince(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { expected := fakemetrics.New() expected.MeasureSinceWithLabels(tt.req.Key, time.Unix(0, tt.req.Time), v1ConvertToTelemetryLabels(tt.req.Labels)) @@ -135,7 +133,6 @@ func TestV1IncrCounter(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { expected := fakemetrics.New() expected.IncrCounterWithLabels(tt.req.Key, tt.req.Val, v1ConvertToTelemetryLabels(tt.req.Labels)) @@ -181,7 +178,6 @@ func TestV1AddSample(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { expected := fakemetrics.New() expected.AddSampleWithLabels(tt.req.Key, tt.req.Val, v1ConvertToTelemetryLabels(tt.req.Labels)) @@ -214,7 +210,6 @@ func TestV1EmitKey(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { expected := fakemetrics.New() expected.EmitKey(tt.req.Key, tt.req.Val) @@ -320,7 +315,6 @@ func TestV1ConvertToTelemetryLabels(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { outLabels := v1ConvertToTelemetryLabels(tt.inLabels) @@ -397,7 +391,6 @@ func TestV1ConvertToRPCLabels(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { outLabels := v1ConvertToRPCLabels(tt.inLabels) diff --git a/pkg/common/jwtsvid/common.go b/pkg/common/jwtsvid/common.go index 6d529bedbf..b1e84e30a3 100644 --- a/pkg/common/jwtsvid/common.go +++ b/pkg/common/jwtsvid/common.go @@ -5,18 +5,17 @@ import ( "time" "github.com/go-jose/go-jose/v4/jwt" - "github.com/zeebo/errs" ) func GetTokenExpiry(token string) (time.Time, time.Time, error) { tok, err := jwt.ParseSigned(token, AllowedSignatureAlgorithms) if err != nil { - return time.Time{}, time.Time{}, errs.Wrap(err) + return time.Time{}, time.Time{}, err } claims := jwt.Claims{} if err := tok.UnsafeClaimsWithoutVerification(&claims); err != nil { - return time.Time{}, time.Time{}, errs.Wrap(err) + return time.Time{}, time.Time{}, err } if claims.IssuedAt == nil { return time.Time{}, time.Time{}, errors.New("JWT missing iat claim") diff --git a/pkg/common/jwtsvid/validate.go b/pkg/common/jwtsvid/validate.go index dce51831d5..33e46fa349 100644 --- a/pkg/common/jwtsvid/validate.go +++ b/pkg/common/jwtsvid/validate.go @@ -9,7 +9,6 @@ import ( "github.com/go-jose/go-jose/v4/jwt" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) type KeyStore interface { @@ -41,17 +40,17 @@ func (t *keyStore) FindPublicKey(_ context.Context, td spiffeid.TrustDomain, key func ValidateToken(ctx context.Context, token string, keyStore KeyStore, audience []string) (spiffeid.ID, map[string]any, error) { tok, err := jwt.ParseSigned(token, AllowedSignatureAlgorithms) if err != nil { - return spiffeid.ID{}, nil, errs.New("unable to parse JWT token: %v", err) + return spiffeid.ID{}, nil, fmt.Errorf("unable to parse JWT token: %w", err) } if len(tok.Headers) != 1 { - return spiffeid.ID{}, nil, errs.New("expected a single token header; got %d", len(tok.Headers)) + return spiffeid.ID{}, nil, fmt.Errorf("expected a single token header; got %d", len(tok.Headers)) } // Obtain the key ID from the header keyID := tok.Headers[0].KeyID if keyID == "" { - return spiffeid.ID{}, nil, errs.New("token header missing key id") + return spiffeid.ID{}, nil, fmt.Errorf("token header missing key id") } // Parse out the unverified claims. We need to look up the key by the trust @@ -59,14 +58,14 @@ func ValidateToken(ctx context.Context, token string, keyStore KeyStore, audienc // when creating the generic map of claims that we return to the caller. var claims jwt.Claims if err := tok.UnsafeClaimsWithoutVerification(&claims); err != nil { - return spiffeid.ID{}, nil, errs.Wrap(err) + return spiffeid.ID{}, nil, err } if claims.Subject == "" { - return spiffeid.ID{}, nil, errs.New("token missing subject claim") + return spiffeid.ID{}, nil, errors.New("token missing subject claim") } spiffeID, err := spiffeid.FromString(claims.Subject) if err != nil { - return spiffeid.ID{}, nil, errs.New("token has in invalid subject claim: %v", err) + return spiffeid.ID{}, nil, fmt.Errorf("token has in invalid subject claim: %w", err) } // Construct the trust domain id from the SPIFFE ID and look up key by ID @@ -78,7 +77,7 @@ func ValidateToken(ctx context.Context, token string, keyStore KeyStore, audienc // Now obtain the generic claims map verified using the obtained key claimsMap := make(map[string]any) if err := tok.Claims(key, &claimsMap); err != nil { - return spiffeid.ID{}, nil, errs.Wrap(err) + return spiffeid.ID{}, nil, err } // Now that the signature over the claims has been verified, validate the @@ -90,11 +89,9 @@ func ValidateToken(ctx context.Context, token string, keyStore KeyStore, audienc // Convert expected validation errors for pretty errors switch { case errors.Is(err, jwt.ErrExpired): - err = errs.New("token has expired") + err = errors.New("token has expired") case errors.Is(err, jwt.ErrInvalidAudience): - err = errs.New("expected audience in %q (audience=%q)", audience, claims.Audience) - default: - err = errs.Wrap(err) + err = fmt.Errorf("expected audience in %q (audience=%q)", audience, claims.Audience) } return spiffeid.ID{}, nil, err } diff --git a/pkg/common/jwtsvid/validate_test.go b/pkg/common/jwtsvid/validate_test.go index 90cd1a4294..1156b1e2a0 100644 --- a/pkg/common/jwtsvid/validate_test.go +++ b/pkg/common/jwtsvid/validate_test.go @@ -76,7 +76,6 @@ func (s *TokenSuite) TestDifferentKeys() { } for _, testCase := range testCases { - testCase := testCase // alias loop variable as it is used in the closure s.T().Run(testCase.kid, func(t *testing.T) { token := s.signJWTSVID(fakeSpiffeID, fakeAudience, time.Now().Add(time.Hour), testCase.key, testCase.kid) diff --git a/pkg/common/jwtutil/jwt.go b/pkg/common/jwtutil/jwt.go new file mode 100644 index 0000000000..73e29a3b7e --- /dev/null +++ b/pkg/common/jwtutil/jwt.go @@ -0,0 +1,41 @@ +package jwtutil + +import ( + "crypto" + "crypto/x509" + "fmt" + + "github.com/spiffe/spire-api-sdk/proto/spire/api/types" +) + +// JWTKeysFromProto converts JWT keys from the given []*types.JWTKey to map[string]crypto.PublicKey. +// The key ID of the public key is used as the key in the returned map. +func JWTKeysFromProto(proto []*types.JWTKey) (map[string]crypto.PublicKey, error) { + keys := make(map[string]crypto.PublicKey) + for i, publicKey := range proto { + jwtSigningKey, err := x509.ParsePKIXPublicKey(publicKey.PublicKey) + if err != nil { + return nil, fmt.Errorf("unable to parse JWT signing key %d: %w", i, err) + } + keys[publicKey.KeyId] = jwtSigningKey + } + return keys, nil +} + +// ProtoFromJWTKeys converts JWT keys from the given map[string]crypto.PublicKey to []*types.JWTKey +func ProtoFromJWTKeys(keys map[string]crypto.PublicKey) ([]*types.JWTKey, error) { + var resp []*types.JWTKey + + for kid, key := range keys { + pkixBytes, err := x509.MarshalPKIXPublicKey(key) + if err != nil { + return nil, err + } + resp = append(resp, &types.JWTKey{ + PublicKey: pkixBytes, + KeyId: kid, + }) + } + + return resp, nil +} diff --git a/pkg/common/jwtutil/keyset.go b/pkg/common/jwtutil/keyset.go index a188fe7b29..a233dc2cf6 100644 --- a/pkg/common/jwtutil/keyset.go +++ b/pkg/common/jwtutil/keyset.go @@ -3,6 +3,8 @@ package jwtutil import ( "context" "encoding/json" + "errors" + "fmt" "io" "net/http" "net/url" @@ -12,7 +14,6 @@ import ( "github.com/go-jose/go-jose/v4" "github.com/sirupsen/logrus" - "github.com/zeebo/errs" ) const ( @@ -34,7 +35,7 @@ type OIDCIssuer string func (c OIDCIssuer) GetKeySet(ctx context.Context) (*jose.JSONWebKeySet, error) { u, err := url.Parse(string(c)) if err != nil { - return nil, errs.Wrap(err) + return nil, err } u.Path = path.Join(u.Path, wellKnownOpenIDConfiguration) @@ -86,7 +87,7 @@ func (c *CachingKeySetProvider) GetKeySet(ctx context.Context) (*jose.JSONWebKey } else { logrus.WithError(err).Warn("Unable to refresh key set") if c.jwks == nil { - return nil, errs.Wrap(err) + return nil, err } } @@ -96,27 +97,27 @@ func (c *CachingKeySetProvider) GetKeySet(ctx context.Context) (*jose.JSONWebKey func DiscoverKeySetURI(ctx context.Context, configURL string) (string, error) { req, err := http.NewRequest("GET", configURL, nil) if err != nil { - return "", errs.Wrap(err) + return "", err } req = req.WithContext(ctx) resp, err := http.DefaultClient.Do(req) if err != nil { - return "", errs.Wrap(err) + return "", err } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - return "", errs.New("unexpected status code %d: %s", resp.StatusCode, tryRead(resp.Body)) + return "", fmt.Errorf("unexpected status code %d: %s", resp.StatusCode, tryRead(resp.Body)) } config := &struct { JWKSURI string `json:"jwks_uri"` }{} if err := json.NewDecoder(resp.Body).Decode(config); err != nil { - return "", errs.New("failed to decode configuration: %v", err) + return "", fmt.Errorf("failed to decode configuration: %w", err) } if config.JWKSURI == "" { - return "", errs.New("configuration missing JWKS URI") + return "", errors.New("configuration missing JWKS URI") } return config.JWKSURI, nil @@ -125,22 +126,22 @@ func DiscoverKeySetURI(ctx context.Context, configURL string) (string, error) { func FetchKeySet(ctx context.Context, jwksURI string) (*jose.JSONWebKeySet, error) { req, err := http.NewRequest("GET", jwksURI, nil) if err != nil { - return nil, errs.Wrap(err) + return nil, err } req = req.WithContext(ctx) resp, err := http.DefaultClient.Do(req) if err != nil { - return nil, errs.Wrap(err) + return nil, err } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - return nil, errs.New("unexpected status code %d: %s", resp.StatusCode, tryRead(resp.Body)) + return nil, fmt.Errorf("unexpected status code %d: %s", resp.StatusCode, tryRead(resp.Body)) } jwks := new(jose.JSONWebKeySet) if err := json.NewDecoder(resp.Body).Decode(jwks); err != nil { - return nil, errs.New("failed to decode key set: %v", err) + return nil, fmt.Errorf("failed to decode key set: %w", err) } return jwks, nil diff --git a/pkg/common/plugin/aws/iid.go b/pkg/common/plugin/aws/iid.go index 8b8fcea741..6da18e5c82 100644 --- a/pkg/common/plugin/aws/iid.go +++ b/pkg/common/plugin/aws/iid.go @@ -1,19 +1,12 @@ package aws -import ( - "github.com/zeebo/errs" -) +import "fmt" const ( // PluginName for AWS IID PluginName = "aws_iid" ) -var ( - IidErrorClass = errs.Class("aws-iid") - iidError = IidErrorClass -) - // IIDAttestationData AWS IID attestation data type IIDAttestationData struct { Document string `json:"document"` @@ -23,5 +16,5 @@ type IIDAttestationData struct { // AttestationStepError error with attestation func AttestationStepError(step string, cause error) error { - return iidError.New("attempted attestation but an error occurred %s: %w", step, cause) + return fmt.Errorf("aws-iid: attempted attestation but an error occurred %s: %w", step, cause) } diff --git a/pkg/common/plugin/azure/msi.go b/pkg/common/plugin/azure/msi.go index 99356cbbc3..129c4dbdde 100644 --- a/pkg/common/plugin/azure/msi.go +++ b/pkg/common/plugin/azure/msi.go @@ -2,6 +2,8 @@ package azure import ( "encoding/json" + "errors" + "fmt" "io" "net/http" @@ -9,7 +11,6 @@ import ( "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/spire/pkg/common/agentpathtemplate" "github.com/spiffe/spire/pkg/common/idutil" - "github.com/zeebo/errs" ) const ( @@ -56,7 +57,7 @@ func (fn HTTPClientFunc) Do(req *http.Request) (*http.Response, error) { func FetchMSIToken(cl HTTPClient, resource string) (string, error) { req, err := http.NewRequest("GET", "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01", nil) if err != nil { - return "", errs.Wrap(err) + return "", err } req.Header.Add("Metadata", "true") @@ -66,11 +67,11 @@ func FetchMSIToken(cl HTTPClient, resource string) (string, error) { resp, err := cl.Do(req) if err != nil { - return "", errs.Wrap(err) + return "", err } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - return "", errs.New("unexpected status code %d: %s", resp.StatusCode, tryRead(resp.Body)) + return "", fmt.Errorf("unexpected status code %d: %s", resp.StatusCode, tryRead(resp.Body)) } r := struct { @@ -78,11 +79,11 @@ func FetchMSIToken(cl HTTPClient, resource string) (string, error) { }{} if err := json.NewDecoder(resp.Body).Decode(&r); err != nil { - return "", errs.New("unable to decode response: %v", err) + return "", fmt.Errorf("unable to decode response: %w", err) } if r.AccessToken == "" { - return "", errs.New("response missing access token") + return "", fmt.Errorf("response missing access token") } return r.AccessToken, nil @@ -91,31 +92,31 @@ func FetchMSIToken(cl HTTPClient, resource string) (string, error) { func FetchInstanceMetadata(cl HTTPClient) (*InstanceMetadata, error) { req, err := http.NewRequest("GET", "http://169.254.169.254/metadata/instance?api-version=2017-08-01&format=json", nil) if err != nil { - return nil, errs.Wrap(err) + return nil, err } req.Header.Add("Metadata", "true") resp, err := cl.Do(req) if err != nil { - return nil, errs.Wrap(err) + return nil, err } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - return nil, errs.New("unexpected status code %d: %s", resp.StatusCode, tryRead(resp.Body)) + return nil, fmt.Errorf("unexpected status code %d: %s", resp.StatusCode, tryRead(resp.Body)) } metadata := new(InstanceMetadata) if err := json.NewDecoder(resp.Body).Decode(metadata); err != nil { - return nil, errs.New("unable to decode response: %v", err) + return nil, fmt.Errorf("unable to decode response: %w", err) } switch { case metadata.Compute.Name == "": - return nil, errs.New("response missing instance name") + return nil, errors.New("response missing instance name") case metadata.Compute.SubscriptionID == "": - return nil, errs.New("response missing instance subscription id") + return nil, errors.New("response missing instance subscription id") case metadata.Compute.ResourceGroupName == "": - return nil, errs.New("response missing instance resource group name") + return nil, errors.New("response missing instance resource group name") } return metadata, nil diff --git a/pkg/common/plugin/facade.go b/pkg/common/plugin/facade.go index 6468eb8130..f50329ef73 100644 --- a/pkg/common/plugin/facade.go +++ b/pkg/common/plugin/facade.go @@ -52,7 +52,7 @@ func (f *Facade) InitLog(log logrus.FieldLogger) { // that come out of plugin implementations. func (f *Facade) WrapErr(err error) error { if err == nil { - return err + return nil } // Embellish the gRPC status with the prefix, if necessary. diff --git a/pkg/common/plugin/sshpop/handshake_test.go b/pkg/common/plugin/sshpop/handshake_test.go index 1999eb1bd9..82222d3203 100644 --- a/pkg/common/plugin/sshpop/handshake_test.go +++ b/pkg/common/plugin/sshpop/handshake_test.go @@ -211,7 +211,6 @@ func TestVerifyAttestationData(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { s.state = stateServerInit s.s.canonicalDomain = tt.serverCanonicalDomain @@ -238,7 +237,7 @@ func marshalAttestationData(t *testing.T, cert []byte) []byte { func TestIssueChallengeUniqueness(t *testing.T) { _, s := newTestHandshake(t) challenges := make(map[string]struct{}) - for i := 0; i < 10000; i++ { + for range 10000 { s.state = stateAttestationDataVerified challenge, err := s.IssueChallenge() require.NoError(t, err) @@ -278,7 +277,6 @@ func TestRespondToChallenge(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { c.state = stateProvidedAttestationData _, err := c.RespondToChallenge(tt.challengeReq) @@ -339,7 +337,6 @@ func TestVerifyChallengeResponse(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { s.state = stateAttestationDataVerified s.cert = c.c.cert @@ -393,7 +390,6 @@ func TestDecanonicalizeHostname(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { hostname, err := decanonicalizeHostname(tt.fqdn, tt.domain) if tt.expectErr != "" { diff --git a/pkg/common/plugin/sshpop/sshpop_test.go b/pkg/common/plugin/sshpop/sshpop_test.go index 1a551f21b6..c441475c05 100644 --- a/pkg/common/plugin/sshpop/sshpop_test.go +++ b/pkg/common/plugin/sshpop/sshpop_test.go @@ -54,7 +54,6 @@ func TestNewClient(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { c, err := NewClient("example.org", tt.configString) if tt.expectErr != "" { @@ -139,7 +138,6 @@ func TestNewServer(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { s, err := NewServer(tt.trustDomain, tt.configString) if tt.expectErr != "" { @@ -192,7 +190,6 @@ func TestPubkeysFromPath(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { pubkeys, err := pubkeysFromPath(tt.pubkeyPath) if tt.expectErr != "" { diff --git a/pkg/common/plugin/x509pop/x509pop_test.go b/pkg/common/plugin/x509pop/x509pop_test.go index 23ecc43bc1..9714d52c6d 100644 --- a/pkg/common/plugin/x509pop/x509pop_test.go +++ b/pkg/common/plugin/x509pop/x509pop_test.go @@ -154,7 +154,6 @@ func TestMakeAgentID(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { cert := &x509.Certificate{ Subject: pkix.Name{ diff --git a/pkg/common/profiling/dumpers.go b/pkg/common/profiling/dumpers.go index e7fa6e5442..5e47b414fa 100644 --- a/pkg/common/profiling/dumpers.go +++ b/pkg/common/profiling/dumpers.go @@ -6,8 +6,6 @@ import ( "runtime/pprof" "runtime/trace" "strings" - - "github.com/zeebo/errs" ) const ( @@ -99,7 +97,7 @@ func (d *traceDumper) Dump(timestamp string, name string) error { d.data.Close() filename := getFilename(timestamp, d.c.Tag, name) if err := os.Rename(getTempFilename(d.c.Tag, traceProfTmpFilename), filename); err != nil { - return errs.Wrap(err) + return err } return d.Prepare() } @@ -133,7 +131,7 @@ func (d *cpuDumper) Dump(timestamp string, name string) error { d.data.Close() filename := getFilename(timestamp, d.c.Tag, name) if err := os.Rename(getTempFilename(d.c.Tag, cpuProfTmpFilename), filename); err != nil { - return errs.Wrap(err) + return err } return d.Prepare() } diff --git a/pkg/common/protoutil/masks.go b/pkg/common/protoutil/masks.go index 91ce3455ff..0f684ed31b 100644 --- a/pkg/common/protoutil/masks.go +++ b/pkg/common/protoutil/masks.go @@ -22,7 +22,7 @@ var ( func MakeAllTrueMask(m proto.Message) proto.Message { v := reflect.ValueOf(proto.Clone(m)).Elem() t := v.Type() - for i := 0; i < v.NumField(); i++ { + for i := range v.NumField() { ft := t.Field(i) fv := v.Field(i) // Skip the protobuf internal fields or those that aren't bools diff --git a/pkg/common/selector/selector_test.go b/pkg/common/selector/selector_test.go index 9c011a1de3..5f8dc3fe90 100644 --- a/pkg/common/selector/selector_test.go +++ b/pkg/common/selector/selector_test.go @@ -25,7 +25,6 @@ func TestValidate(t *testing.T) { } for _, test := range tests { - test := test // alias loop variable as it is used in the closure t.Run(test.name, func(t *testing.T) { s := &common.Selector{ Type: test.selectorType, diff --git a/pkg/common/selector/set_utils.go b/pkg/common/selector/set_utils.go index e7d4b23c94..4a64f944d2 100644 --- a/pkg/common/selector/set_utils.go +++ b/pkg/common/selector/set_utils.go @@ -74,9 +74,9 @@ func powerSet(s *set, c chan Set) { // Walk through the binary, and append // "enabled" elements to the working set - for position := 0; position < len(binary); position++ { + for position := range binary { // Read the binary right to left - negPosition := (len(binary) - position - 1) + negPosition := len(binary) - position - 1 if binary[negPosition] == "1" { set.Add(sarr[position]) } diff --git a/pkg/common/telemetry/agent/keymanager/wrapper_test.go b/pkg/common/telemetry/agent/keymanager/wrapper_test.go index 3e6cef67d9..57647fb49f 100644 --- a/pkg/common/telemetry/agent/keymanager/wrapper_test.go +++ b/pkg/common/telemetry/agent/keymanager/wrapper_test.go @@ -72,7 +72,6 @@ func TestWithMetrics(t *testing.T) { }, }, } { - tt := tt m.Reset() require.NoError(t, tt.call()) key := strings.Split(tt.key, ".") diff --git a/pkg/common/telemetry/config.go b/pkg/common/telemetry/config.go index 33783a0ed6..13327bc7e5 100644 --- a/pkg/common/telemetry/config.go +++ b/pkg/common/telemetry/config.go @@ -10,6 +10,7 @@ type MetricsConfig struct { Logger logrus.FieldLogger ServiceName string Sinks []Sink + TrustDomain string } type FileConfig struct { @@ -19,12 +20,13 @@ type FileConfig struct { M3 []M3Config `hcl:"M3"` InMem *InMem `hcl:"InMem"` - MetricPrefix string `hcl:"MetricPrefix"` - EnableHostnameLabel *bool `hcl:"EnableHostnameLabel"` - AllowedPrefixes []string `hcl:"AllowedPrefixes"` // A list of metric prefixes to allow, with '.' as the separator - BlockedPrefixes []string `hcl:"BlockedPrefixes"` // A list of metric prefixes to block, with '.' as the separator - AllowedLabels []string `hcl:"AllowedLabels"` // A list of metric labels to allow, with '.' as the separator - BlockedLabels []string `hcl:"BlockedLabels"` // A list of metric labels to block, with '.' as the separator + MetricPrefix string `hcl:"MetricPrefix"` + EnableTrustDomainLabel *bool `hcl:"EnableTrustDomainLabel"` + EnableHostnameLabel *bool `hcl:"EnableHostnameLabel"` + AllowedPrefixes []string `hcl:"AllowedPrefixes"` // A list of metric prefixes to allow, with '.' as the separator + BlockedPrefixes []string `hcl:"BlockedPrefixes"` // A list of metric prefixes to block, with '.' as the separator + AllowedLabels []string `hcl:"AllowedLabels"` // A list of metric labels to allow, with '.' as the separator + BlockedLabels []string `hcl:"BlockedLabels"` // A list of metric labels to block, with '.' as the separator UnusedKeyPositions map[string][]token.Pos `hcl:",unusedKeyPositions"` } diff --git a/pkg/common/telemetry/dogstatsd_test.go b/pkg/common/telemetry/dogstatsd_test.go index ed44e69e6e..a498c2bf17 100644 --- a/pkg/common/telemetry/dogstatsd_test.go +++ b/pkg/common/telemetry/dogstatsd_test.go @@ -58,6 +58,7 @@ func testDogStatsdConfig() *MetricsConfig { return &MetricsConfig{ Logger: l, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{ DogStatsd: []DogStatsdConfig{ { diff --git a/pkg/common/telemetry/inmem_test.go b/pkg/common/telemetry/inmem_test.go index 1b6f8c781f..e9dcb5f25f 100644 --- a/pkg/common/telemetry/inmem_test.go +++ b/pkg/common/telemetry/inmem_test.go @@ -80,6 +80,7 @@ func testInmemConfig() *MetricsConfig { return &MetricsConfig{ Logger: logger, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{InMem: &InMem{}}, } } diff --git a/pkg/common/telemetry/m3_test.go b/pkg/common/telemetry/m3_test.go index 4823b2e7c0..41a9d41855 100644 --- a/pkg/common/telemetry/m3_test.go +++ b/pkg/common/telemetry/m3_test.go @@ -124,6 +124,7 @@ func testM3Config() *MetricsConfig { return &MetricsConfig{ Logger: l, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{ M3: []M3Config{ { diff --git a/pkg/common/telemetry/metrics.go b/pkg/common/telemetry/metrics.go index 1cf1dcf041..0f6584136e 100644 --- a/pkg/common/telemetry/metrics.go +++ b/pkg/common/telemetry/metrics.go @@ -45,7 +45,8 @@ type MetricsImpl struct { c *MetricsConfig runners []sinkRunner // Each instance of metrics.Metrics in the slice corresponds to one metrics sink type - metricsSinks []*metrics.Metrics + metricsSinks []*metrics.Metrics + enableTrustDomainLabel bool } var _ Metrics = (*MetricsImpl)(nil) @@ -83,12 +84,18 @@ func NewMetrics(c *MetricsConfig) (*MetricsImpl, error) { } else { conf.EnableHostnameLabel = true } + conf.EnableTypePrefix = runner.requiresTypePrefix() conf.AllowedLabels = c.FileConfig.AllowedLabels conf.BlockedLabels = c.FileConfig.BlockedLabels conf.AllowedPrefixes = c.FileConfig.AllowedPrefixes conf.BlockedPrefixes = c.FileConfig.BlockedPrefixes + impl.enableTrustDomainLabel = false + if c.FileConfig.EnableTrustDomainLabel != nil { + impl.enableTrustDomainLabel = *c.FileConfig.EnableTrustDomainLabel + } + metricsSink, err := metrics.New(conf, fanout) if err != nil { return nil, err @@ -112,13 +119,15 @@ func (m *MetricsImpl) ListenAndServe(ctx context.Context) error { } func (m *MetricsImpl) SetGauge(key []string, val float32) { - for _, s := range m.metricsSinks { - s.SetGauge(key, val) - } + m.SetGaugeWithLabels(key, val, nil) } // SetGaugeWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) SetGaugeWithLabels(key []string, val float32, labels []Label) { + if m.enableTrustDomainLabel { + labels = append(labels, Label{Name: TrustDomain, Value: m.c.TrustDomain}) + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.SetGaugeWithLabels(key, val, sanitizedLabels) @@ -132,13 +141,15 @@ func (m *MetricsImpl) EmitKey(key []string, val float32) { } func (m *MetricsImpl) IncrCounter(key []string, val float32) { - for _, s := range m.metricsSinks { - s.IncrCounter(key, val) - } + m.IncrCounterWithLabels(key, val, nil) } // IncrCounterWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) IncrCounterWithLabels(key []string, val float32, labels []Label) { + if m.enableTrustDomainLabel { + labels = append(labels, Label{Name: TrustDomain, Value: m.c.TrustDomain}) + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.IncrCounterWithLabels(key, val, sanitizedLabels) @@ -146,13 +157,15 @@ func (m *MetricsImpl) IncrCounterWithLabels(key []string, val float32, labels [] } func (m *MetricsImpl) AddSample(key []string, val float32) { - for _, s := range m.metricsSinks { - s.AddSample(key, val) - } + m.AddSampleWithLabels(key, val, nil) } // AddSampleWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) AddSampleWithLabels(key []string, val float32, labels []Label) { + if m.enableTrustDomainLabel { + labels = append(labels, Label{Name: TrustDomain, Value: m.c.TrustDomain}) + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.AddSampleWithLabels(key, val, sanitizedLabels) @@ -160,13 +173,15 @@ func (m *MetricsImpl) AddSampleWithLabels(key []string, val float32, labels []La } func (m *MetricsImpl) MeasureSince(key []string, start time.Time) { - for _, s := range m.metricsSinks { - s.MeasureSince(key, start) - } + m.MeasureSinceWithLabels(key, start, nil) } // MeasureSinceWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) MeasureSinceWithLabels(key []string, start time.Time, labels []Label) { + if m.enableTrustDomainLabel { + labels = append(labels, Label{Name: TrustDomain, Value: m.c.TrustDomain}) + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.MeasureSinceWithLabels(key, start, sanitizedLabels) diff --git a/pkg/common/telemetry/prometheus_test.go b/pkg/common/telemetry/prometheus_test.go index 9a58b21d04..659d59ca47 100644 --- a/pkg/common/telemetry/prometheus_test.go +++ b/pkg/common/telemetry/prometheus_test.go @@ -82,6 +82,7 @@ func testPrometheusConfig() *MetricsConfig { return &MetricsConfig{ Logger: l, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{ // Let prometheus listen on a random port Prometheus: &PrometheusConfig{}, diff --git a/pkg/common/telemetry/sanitize_test.go b/pkg/common/telemetry/sanitize_test.go index 9b89a2da98..82cebce9b7 100644 --- a/pkg/common/telemetry/sanitize_test.go +++ b/pkg/common/telemetry/sanitize_test.go @@ -37,7 +37,6 @@ func TestSanitize(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { out := sanitize(tt.in) @@ -73,7 +72,6 @@ func TestSanitizeLabel(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { out := sanitizeLabel(labelName, tt.in) @@ -132,7 +130,6 @@ func TestGetSanitizedLabels(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.desc, func(t *testing.T) { out := SanitizeLabels(tt.in) diff --git a/pkg/common/telemetry/server/datastore/wrapper_test.go b/pkg/common/telemetry/server/datastore/wrapper_test.go index 79c1a87f8e..2bd21cd658 100644 --- a/pkg/common/telemetry/server/datastore/wrapper_test.go +++ b/pkg/common/telemetry/server/datastore/wrapper_test.go @@ -29,7 +29,7 @@ func TestWithMetrics(t *testing.T) { methodNames := make(map[string]struct{}) wv := reflect.ValueOf(w) wt := reflect.TypeOf(w) - for i := 0; i < wt.NumMethod(); i++ { + for i := range wt.NumMethod() { methodNames[wt.Method(i).Name] = struct{}{} } @@ -250,7 +250,6 @@ func TestWithMetrics(t *testing.T) { methodName: "ListCAJournalsForTesting", }, } { - tt := tt methodType, ok := wt.MethodByName(tt.methodName) require.True(t, ok, "method %q does not exist on DataStore interface", tt.methodName) methodValue := wv.Method(methodType.Index) @@ -270,7 +269,7 @@ func TestWithMetrics(t *testing.T) { } out := methodValue.Call(args) require.Len(t, out, numOut) - for i := 0; i < numOut-1; i++ { + for i := range numOut - 1 { mv := methodValue.Type().Out(i) switch v := reflect.ValueOf(mv); v.Kind() { case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: diff --git a/pkg/common/telemetry/server/keymanager/wrapper_test.go b/pkg/common/telemetry/server/keymanager/wrapper_test.go index ed4a543282..02626d24e2 100644 --- a/pkg/common/telemetry/server/keymanager/wrapper_test.go +++ b/pkg/common/telemetry/server/keymanager/wrapper_test.go @@ -81,7 +81,6 @@ func TestWithMetrics(t *testing.T) { }, }, } { - tt := tt m.Reset() tt.call(t) diff --git a/pkg/common/telemetry/statsd.go b/pkg/common/telemetry/statsd.go index 69d1108d61..9e25cc9d13 100644 --- a/pkg/common/telemetry/statsd.go +++ b/pkg/common/telemetry/statsd.go @@ -16,7 +16,7 @@ func newStatsdRunner(c *MetricsConfig) (sinkRunner, error) { for _, sc := range c.FileConfig.Statsd { sink, err := metrics.NewStatsdSink(sc.Address) if err != nil { - return runner, nil + return nil, err } runner.loadedSinks = append(runner.loadedSinks, sink) diff --git a/pkg/common/telemetry/statsd_test.go b/pkg/common/telemetry/statsd_test.go index d7cde716df..96d216d3cf 100644 --- a/pkg/common/telemetry/statsd_test.go +++ b/pkg/common/telemetry/statsd_test.go @@ -64,6 +64,7 @@ func testStatsdConfigWithPort(port int) *MetricsConfig { return &MetricsConfig{ Logger: l, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{ Statsd: []StatsdConfig{ { diff --git a/pkg/common/util/addr.go b/pkg/common/util/addr.go index dd7d3834cb..93bf2d246c 100644 --- a/pkg/common/util/addr.go +++ b/pkg/common/util/addr.go @@ -36,7 +36,7 @@ func GetTargetName(addr net.Addr) (string, error) { case "unix": return "unix://" + addr.String(), nil case "pipe": - return addr.String(), nil + return "passthrough:" + addr.String(), nil default: return "", fmt.Errorf("unsupported network %q", addr.Network()) } diff --git a/pkg/common/util/addr_posix.go b/pkg/common/util/addr_posix.go index 1bb6a5e92c..8fd34895b9 100644 --- a/pkg/common/util/addr_posix.go +++ b/pkg/common/util/addr_posix.go @@ -3,7 +3,6 @@ package util import ( - "context" "errors" "net" @@ -12,9 +11,9 @@ import ( "google.golang.org/grpc/credentials/insecure" ) -func GRPCDialContext(ctx context.Context, target string, options ...grpc.DialOption) (*grpc.ClientConn, error) { +func NewGRPCClient(target string, options ...grpc.DialOption) (*grpc.ClientConn, error) { options = append(options, grpc.WithTransportCredentials(insecure.NewCredentials())) - return grpc.DialContext(ctx, target, options...) //nolint: staticcheck // It is going to be resolved on #5152 + return grpc.NewClient(target, options...) } func GetWorkloadAPIClientOption(addr net.Addr) (workloadapi.ClientOption, error) { diff --git a/pkg/common/util/addr_windows.go b/pkg/common/util/addr_windows.go index 50fa224210..e4ebf70777 100644 --- a/pkg/common/util/addr_windows.go +++ b/pkg/common/util/addr_windows.go @@ -3,7 +3,6 @@ package util import ( - "context" "errors" "net" @@ -14,9 +13,9 @@ import ( "google.golang.org/grpc/credentials/insecure" ) -func GRPCDialContext(ctx context.Context, target string, options ...grpc.DialOption) (*grpc.ClientConn, error) { +func NewGRPCClient(target string, options ...grpc.DialOption) (*grpc.ClientConn, error) { options = append(options, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(winio.DialPipeContext)) - return grpc.DialContext(ctx, target, options...) //nolint: staticcheck // It is going to be resolved on #5152 + return grpc.NewClient(target, options...) } func GetWorkloadAPIClientOption(addr net.Addr) (workloadapi.ClientOption, error) { diff --git a/pkg/common/util/csr.go b/pkg/common/util/csr.go index 089ae61393..bdd98f7d92 100644 --- a/pkg/common/util/csr.go +++ b/pkg/common/util/csr.go @@ -7,7 +7,6 @@ import ( "net/url" "github.com/spiffe/go-spiffe/v2/spiffeid" - "github.com/zeebo/errs" ) func MakeCSR(privateKey any, spiffeID spiffeid.ID) ([]byte, error) { @@ -33,7 +32,7 @@ func MakeCSRWithoutURISAN(privateKey any) ([]byte, error) { func makeCSR(privateKey any, template *x509.CertificateRequest) ([]byte, error) { csr, err := x509.CreateCertificateRequest(rand.Reader, template, privateKey) if err != nil { - return nil, errs.Wrap(err) + return nil, err } return csr, nil } diff --git a/pkg/common/util/task.go b/pkg/common/util/task.go index 4b0e9db263..cfaefea958 100644 --- a/pkg/common/util/task.go +++ b/pkg/common/util/task.go @@ -37,7 +37,6 @@ func RunTasks(ctx context.Context, tasks ...func(context.Context) error) error { wg.Add(len(tasks)) for _, task := range tasks { - task := task go func() { errch <- runTask(task) }() diff --git a/pkg/server/api/agent/v1/service_test.go b/pkg/server/api/agent/v1/service_test.go index b834ff7397..b5d9154768 100644 --- a/pkg/server/api/agent/v1/service_test.go +++ b/pkg/server/api/agent/v1/service_test.go @@ -213,12 +213,11 @@ func TestCountAgents(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, 0) defer test.Cleanup() - for i := 0; i < int(tt.count); i++ { + for i := range int(tt.count) { now := time.Now() _, err := test.ds.CreateAttestedNode(ctx, &common.AttestedNode{ SpiffeId: ids[i].String(), @@ -906,7 +905,6 @@ func TestListAgents(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() test.ds.SetNextError(tt.dsError) @@ -1161,7 +1159,6 @@ func TestBanAgent(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, 0) defer test.Cleanup() @@ -1405,7 +1402,6 @@ func TestDeleteAgent(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, 0) defer test.Cleanup() @@ -1637,7 +1633,6 @@ func TestGetAgent(t *testing.T) { dsError: errors.New("datastore error"), }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, 0) test.createTestNodes(ctx, t) @@ -1981,7 +1976,6 @@ func TestRenewAgent(t *testing.T) { expectDetail: &types.PermissionDeniedDetails{Reason: types.PermissionDeniedDetails_AGENT_MUST_REATTEST}, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // Setup test test := setupServiceTest(t, tt.agentSVIDTTL) @@ -2163,7 +2157,6 @@ func TestCreateJoinToken(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, 0) test.ds.SetNextError(tt.dsError) @@ -3133,7 +3126,6 @@ func TestAttestAgent(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup test := setupServiceTest(t, 0) @@ -3268,7 +3260,7 @@ func setupServiceTest(t *testing.T, agentSVIDTTL time.Duration) *serviceTest { grpctest.Middleware(middleware.WithAuditLog(false)), ) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) test.client = agentv1.NewAgentClient(conn) test.done = server.Stop diff --git a/pkg/server/api/agent_test.go b/pkg/server/api/agent_test.go index 1f065fff10..3f60118031 100644 --- a/pkg/server/api/agent_test.go +++ b/pkg/server/api/agent_test.go @@ -67,7 +67,6 @@ func TestProtoFromAttestedNode(t *testing.T) { expectErr: "scheme is missing or invalid", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { a, err := api.ProtoFromAttestedNode(tt.n) diff --git a/pkg/server/api/audit/audit_test.go b/pkg/server/api/audit/audit_test.go index 3c6545f173..e2d902f652 100644 --- a/pkg/server/api/audit/audit_test.go +++ b/pkg/server/api/audit/audit_test.go @@ -235,7 +235,6 @@ func TestAuditWitTypesStatus(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { auditLog := audit.New(log) logHook.Reset() @@ -322,7 +321,6 @@ func TestAuditWithError(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { auditLog := audit.New(log) logHook.Reset() diff --git a/pkg/server/api/bundle/v1/service_test.go b/pkg/server/api/bundle/v1/service_test.go index 86ce239281..6332455a90 100644 --- a/pkg/server/api/bundle/v1/service_test.go +++ b/pkg/server/api/bundle/v1/service_test.go @@ -18,6 +18,7 @@ import ( "github.com/spiffe/go-spiffe/v2/spiffeid" bundlev1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/bundle/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" + "github.com/spiffe/spire/pkg/common/jwtutil" "github.com/spiffe/spire/pkg/common/telemetry" "github.com/spiffe/spire/pkg/server/api" "github.com/spiffe/spire/pkg/server/api/bundle/v1" @@ -258,7 +259,6 @@ func TestGetFederatedBundle(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() test.isAdmin = tt.isAdmin @@ -360,7 +360,6 @@ func TestGetBundle(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t) defer test.Cleanup() @@ -746,7 +745,6 @@ func TestAppendBundle(t *testing.T) { noBundle: true, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t) defer test.Cleanup() @@ -1106,7 +1104,6 @@ func TestBatchDeleteFederatedBundle(t *testing.T) { dsError: status.New(codes.Internal, "datasource fails").Err(), }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t) defer test.Cleanup() @@ -1376,7 +1373,6 @@ func TestPublishJWTAuthority(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() @@ -1539,7 +1535,6 @@ func TestListFederatedBundles(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() @@ -1693,12 +1688,11 @@ func TestCountBundles(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t) defer test.Cleanup() - for i := 0; i < int(tt.count); i++ { + for i := range int(tt.count) { createBundle(t, test, tds[i].IDString()) } @@ -1745,6 +1739,8 @@ func TestBatchCreateFederatedBundle(t *testing.T) { bundle := makeValidBundle(t, federatedTrustDomain) x509BundleHash := api.HashByte(bundle.X509Authorities[0].Asn1) + jwtKeyID := bundle.JwtAuthorities[0].KeyId + jwtKeyHash := api.HashByte(bundle.JwtAuthorities[0].PublicKey) _, expectedX509Err := x509.ParseCertificates([]byte("malformed")) require.Error(t, expectedX509Err) @@ -1786,12 +1782,15 @@ func TestBatchCreateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "success", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "success", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -1818,12 +1817,15 @@ func TestBatchCreateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "success", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "success", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -1849,12 +1851,15 @@ func TestBatchCreateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "success", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "success", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -1888,14 +1893,17 @@ func TestBatchCreateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "error", - telemetry.StatusCode: "InvalidArgument", - telemetry.StatusMessage: `trust domain argument is not valid: trust domain characters are limited to lowercase letters, numbers, dots, dashes, and underscores`, - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "malformed id", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "error", + telemetry.StatusCode: "InvalidArgument", + telemetry.StatusMessage: `trust domain argument is not valid: trust domain characters are limited to lowercase letters, numbers, dots, dashes, and underscores`, + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "malformed id", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -1924,14 +1932,17 @@ func TestBatchCreateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "error", - telemetry.StatusCode: "InvalidArgument", - telemetry.StatusMessage: "creating a federated bundle for the server's own trust domain is not allowed", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "error", + telemetry.StatusCode: "InvalidArgument", + telemetry.StatusMessage: "creating a federated bundle for the server's own trust domain is not allowed", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -1960,12 +1971,15 @@ func TestBatchCreateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "success", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "success", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, { @@ -1979,14 +1993,17 @@ func TestBatchCreateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "error", - telemetry.StatusCode: "AlreadyExists", - telemetry.StatusMessage: "bundle already exists", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "error", + telemetry.StatusCode: "AlreadyExists", + telemetry.StatusMessage: "bundle already exists", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2011,14 +2028,17 @@ func TestBatchCreateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "error", - telemetry.StatusCode: "Internal", - telemetry.StatusMessage: "unable to create bundle: datastore error", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "error", + telemetry.StatusCode: "Internal", + telemetry.StatusMessage: "unable to create bundle: datastore error", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2064,7 +2084,6 @@ func TestBatchCreateFederatedBundle(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() clearDSBundles(t, test.ds) @@ -2092,6 +2111,8 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { require.Error(t, expectedX509Err) validBundle := makeValidBundle(t, federatedTrustDomain) x509BundleHash := api.HashByte(validBundle.X509Authorities[0].Asn1) + jwtKeyID := validBundle.JwtAuthorities[0].KeyId + jwtKeyHash := api.HashByte(validBundle.JwtAuthorities[0].PublicKey) for _, tt := range []struct { name string @@ -2127,12 +2148,15 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "success", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "success", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2165,12 +2189,15 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "success", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "success", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2203,12 +2230,15 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "success", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "success", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2242,14 +2272,17 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "error", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "malformed id", - "x509_authorities_asn1_sha256.0": x509BundleHash, - telemetry.StatusCode: "InvalidArgument", - telemetry.StatusMessage: `trust domain argument is not valid: trust domain characters are limited to lowercase letters, numbers, dots, dashes, and underscores`, + telemetry.Status: "error", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "malformed id", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, + telemetry.StatusCode: "InvalidArgument", + telemetry.StatusMessage: `trust domain argument is not valid: trust domain characters are limited to lowercase letters, numbers, dots, dashes, and underscores`, }, }, }, @@ -2278,20 +2311,23 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "error", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, - telemetry.StatusCode: "InvalidArgument", - telemetry.StatusMessage: "updating a federated bundle for the server's own trust domain is not allowed", + telemetry.Status: "error", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, + telemetry.StatusCode: "InvalidArgument", + telemetry.StatusMessage: "updating a federated bundle for the server's own trust domain is not allowed", }, }, }, }, { - name: "Update fails if bundle does not exists", + name: "Update fails if bundle does not exist", bundlesToUpdate: []*types.Bundle{makeValidBundle(t, federatedTrustDomain)}, expectedResults: []*bundlev1.BatchCreateFederatedBundleResponse_Result{ { @@ -2310,14 +2346,17 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "error", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, - telemetry.StatusCode: "NotFound", - telemetry.StatusMessage: "bundle not found", + telemetry.Status: "error", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, + telemetry.StatusCode: "NotFound", + telemetry.StatusMessage: "bundle not found", }, }, }, @@ -2342,14 +2381,17 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "error", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, - telemetry.StatusCode: "Internal", - telemetry.StatusMessage: "failed to update bundle: datastore error", + telemetry.Status: "error", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, + telemetry.StatusCode: "Internal", + telemetry.StatusMessage: "failed to update bundle: datastore error", }, }, }, @@ -2419,14 +2461,17 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "error", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "non-existent-td", - "x509_authorities_asn1_sha256.0": x509BundleHash, - telemetry.StatusCode: "NotFound", - telemetry.StatusMessage: "bundle not found", + telemetry.Status: "error", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "non-existent-td", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, + telemetry.StatusCode: "NotFound", + telemetry.StatusMessage: "bundle not found", }, }, { @@ -2440,18 +2485,20 @@ func TestBatchUpdateFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.Status: "success", - telemetry.Type: "audit", - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.TrustDomainID: "another-example.org", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.Status: "success", + telemetry.Type: "audit", + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.TrustDomainID: "another-example.org", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t) defer test.Cleanup() @@ -2502,6 +2549,8 @@ func TestBatchSetFederatedBundle(t *testing.T) { updatedBundle.RefreshHint = 120 updatedBundle.SequenceNumber = 42 x509BundleHash := api.HashByte(updatedBundle.X509Authorities[0].Asn1) + jwtKeyID := updatedBundle.JwtAuthorities[0].KeyId + jwtKeyHash := api.HashByte(updatedBundle.JwtAuthorities[0].PublicKey) for _, tt := range []struct { name string @@ -2538,12 +2587,15 @@ func TestBatchSetFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.Status: "success", - telemetry.TrustDomainID: "another-example.org", - telemetry.Type: "audit", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.Status: "success", + telemetry.TrustDomainID: "another-example.org", + telemetry.Type: "audit", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2570,12 +2622,15 @@ func TestBatchSetFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.Status: "success", - telemetry.TrustDomainID: "another-example.org", - telemetry.Type: "audit", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.Status: "success", + telemetry.TrustDomainID: "another-example.org", + telemetry.Type: "audit", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2601,12 +2656,15 @@ func TestBatchSetFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.Status: "success", - telemetry.TrustDomainID: "another-example.org", - telemetry.Type: "audit", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.Status: "success", + telemetry.TrustDomainID: "another-example.org", + telemetry.Type: "audit", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2640,12 +2698,15 @@ func TestBatchSetFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.Status: "success", - telemetry.TrustDomainID: "another-example.org", - telemetry.Type: "audit", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.Status: "success", + telemetry.TrustDomainID: "another-example.org", + telemetry.Type: "audit", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, { @@ -2659,12 +2720,15 @@ func TestBatchSetFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.RefreshHint: "120", - telemetry.SequenceNumber: "42", - telemetry.Status: "success", - telemetry.TrustDomainID: "another-example.org", - telemetry.Type: "audit", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.RefreshHint: "120", + telemetry.SequenceNumber: "42", + telemetry.Status: "success", + telemetry.TrustDomainID: "another-example.org", + telemetry.Type: "audit", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2694,14 +2758,17 @@ func TestBatchSetFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.Status: "error", - telemetry.StatusCode: "InvalidArgument", - telemetry.StatusMessage: "trust domain argument is not valid: trust domain characters are limited to lowercase letters, numbers, dots, dashes, and underscores", - telemetry.TrustDomainID: "//notvalid", - telemetry.Type: "audit", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.Status: "error", + telemetry.StatusCode: "InvalidArgument", + telemetry.StatusMessage: "trust domain argument is not valid: trust domain characters are limited to lowercase letters, numbers, dots, dashes, and underscores", + telemetry.TrustDomainID: "//notvalid", + telemetry.Type: "audit", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2730,14 +2797,17 @@ func TestBatchSetFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.Status: "error", - telemetry.StatusCode: "InvalidArgument", - telemetry.StatusMessage: "setting a federated bundle for the server's own trust domain is not allowed", - telemetry.TrustDomainID: "example.org", - telemetry.Type: "audit", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.Status: "error", + telemetry.StatusCode: "InvalidArgument", + telemetry.StatusMessage: "setting a federated bundle for the server's own trust domain is not allowed", + telemetry.TrustDomainID: "example.org", + telemetry.Type: "audit", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2762,14 +2832,17 @@ func TestBatchSetFederatedBundle(t *testing.T) { Level: logrus.InfoLevel, Message: "API accessed", Data: logrus.Fields{ - telemetry.RefreshHint: "60", - telemetry.SequenceNumber: "42", - telemetry.Status: "error", - telemetry.StatusCode: "Internal", - telemetry.StatusMessage: "failed to set bundle: datastore error", - telemetry.TrustDomainID: "another-example.org", - telemetry.Type: "audit", - "x509_authorities_asn1_sha256.0": x509BundleHash, + telemetry.RefreshHint: "60", + telemetry.SequenceNumber: "42", + telemetry.Status: "error", + telemetry.StatusCode: "Internal", + telemetry.StatusMessage: "failed to set bundle: datastore error", + telemetry.TrustDomainID: "another-example.org", + telemetry.Type: "audit", + "x509_authorities_asn1_sha256.0": x509BundleHash, + "jwt_authority_expires_at.0": "0", + "jwt_authority_key_id.0": jwtKeyID, + "jwt_authority_public_key_sha256.0": jwtKeyHash, }, }, }, @@ -2815,7 +2888,6 @@ func TestBatchSetFederatedBundle(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t) defer test.Cleanup() @@ -2940,7 +3012,7 @@ func setupServiceTest(t *testing.T) *serviceTest { grpctest.Middleware(middleware.WithAuditLog(false)), ) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) test.client = bundlev1.NewBundleClient(conn) test.done = server.Stop @@ -2966,16 +3038,10 @@ func makeValidBundle(t *testing.T, td spiffeid.TrustDomain) *types.Bundle { return authorities }(b.X509Authorities()), - JwtAuthorities: func(map[string]crypto.PublicKey) []*types.JWTKey { - var authorities []*types.JWTKey - for _, val := range authorities { - authorities = append(authorities, &types.JWTKey{ - PublicKey: val.PublicKey, - KeyId: val.KeyId, - ExpiresAt: val.ExpiresAt, - }) - } - return authorities + JwtAuthorities: func(keys map[string]crypto.PublicKey) []*types.JWTKey { + result, err := jwtutil.ProtoFromJWTKeys(keys) + require.NoError(t, err) + return result }(b.JWTAuthorities()), } } diff --git a/pkg/server/api/bundle_test.go b/pkg/server/api/bundle_test.go index 64007140e9..a6604ce4dd 100644 --- a/pkg/server/api/bundle_test.go +++ b/pkg/server/api/bundle_test.go @@ -90,7 +90,6 @@ func TestBundleToProto(t *testing.T) { expectError: "invalid trust domain id: trust domain characters are limited to lowercase letters, numbers, dots, dashes, and underscores", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { bundle, err := api.BundleToProto(tt.bundle) @@ -214,7 +213,6 @@ func TestProtoToBundle(t *testing.T) { expectError: "invalid trust domain: trust domain characters are limited to lowercase letters, numbers, dots, dashes, and underscores", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { bundle, err := api.ProtoToBundle(tt.bundle) diff --git a/pkg/server/api/debug/v1/service_test.go b/pkg/server/api/debug/v1/service_test.go index b0d970e5be..8d80b1f67e 100644 --- a/pkg/server/api/debug/v1/service_test.go +++ b/pkg/server/api/debug/v1/service_test.go @@ -342,7 +342,8 @@ func TestGetInfo(t *testing.T) { Level: logrus.ErrorLevel, Message: "Failed to parse bundle", Data: logrus.Fields{ - logrus.ErrorKey: expectParseErr.Error()}, + logrus.ErrorKey: expectParseErr.Error(), + }, }, }, bundles: []*common.Bundle{ @@ -377,7 +378,6 @@ func TestGetInfo(t *testing.T) { state: x509SVIDState, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t) defer test.Cleanup() @@ -475,7 +475,7 @@ func setupServiceTest(t *testing.T) *serviceTest { server := grpctest.StartServer(t, registerFn, grpctest.OverrideContext(overrideContext)) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) test.done = server.Stop test.client = debugv1.NewDebugClient(conn) diff --git a/pkg/server/api/entry/v1/service_test.go b/pkg/server/api/entry/v1/service_test.go index b8bb18d7e0..79de20f35c 100644 --- a/pkg/server/api/entry/v1/service_test.go +++ b/pkg/server/api/entry/v1/service_test.go @@ -141,13 +141,12 @@ func TestCountEntries(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ds := fakedatastore.New(t) test := setupServiceTest(t, ds) defer test.Cleanup() - for i := 0; i < int(tt.count); i++ { + for i := range int(tt.count) { _, err := test.ds.CreateRegistrationEntry(ctx, &common.RegistrationEntry{ ParentId: spiffeid.RequireFromSegments(td, fmt.Sprintf("parent%d", i)).String(), SpiffeId: spiffeid.RequireFromSegments(td, fmt.Sprintf("child%d", i)).String(), @@ -1194,7 +1193,6 @@ func TestListEntries(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() ds.SetNextError(tt.dsError) @@ -1444,7 +1442,6 @@ func TestGetEntry(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() ds.SetNextError(tt.dsError) @@ -1664,7 +1661,8 @@ func TestBatchCreateEntry(t *testing.T) { }, Selectors: []*types.Selector{{Type: "type", Value: "value"}}, DnsNames: []string{""}, - }, { + }, + { Id: "entry2", ParentId: &types.SPIFFEID{ TrustDomain: "example.org", @@ -1739,7 +1737,8 @@ func TestBatchCreateEntry(t *testing.T) { {Type: "type", Value: "value2"}, }, Hint: "internal", - }}, + }, + }, expectDsEntries: map[string]*common.RegistrationEntry{ "entry1": { EntryId: "entry1", @@ -1810,7 +1809,8 @@ func TestBatchCreateEntry(t *testing.T) { {Type: "type", Value: "value2"}, }, StoreSvid: true, - }}, + }, + }, expectDsEntries: map[string]*common.RegistrationEntry{ "entry1": { EntryId: "entry1", @@ -2390,7 +2390,6 @@ func TestBatchCreateEntry(t *testing.T) { }}, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ds := newFakeDS(t) @@ -2651,7 +2650,6 @@ func TestBatchDeleteEntry(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ds := fakedatastore.New(t) test := setupServiceTest(t, ds) @@ -2868,7 +2866,6 @@ func TestGetAuthorizedEntries(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, fakedatastore.New(t)) defer test.Cleanup() @@ -3265,7 +3262,6 @@ func TestSyncAuthorizedEntries(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, fakedatastore.New(t)) defer func() { @@ -3322,7 +3318,7 @@ func FuzzSyncAuthorizedStreams(f *testing.F) { const maxEntries = 40 var entries []*types.Entry - for i := 0; i < maxEntries; i++ { + for i := range maxEntries { entries = append(entries, &types.Entry{Id: strconv.Itoa(i), RevisionNumber: 1}) } @@ -3374,7 +3370,7 @@ func FuzzSyncAuthorizedStreams(f *testing.F) { // The number of entries exceeded the page size. Expect one or more // pages of entry revisions. var actualIDs []string - for page := 0; page < calculatePageCount(totalEntries)-1; page++ { + for range calculatePageCount(totalEntries) - 1 { resp := recvNoError(t, stream) require.Equal(t, len(resp.EntryRevisions), entryPageSize) require.Zero(t, resp.Entries) @@ -3397,7 +3393,7 @@ func FuzzSyncAuthorizedStreams(f *testing.F) { require.NoError(t, stream.Send(&entryv1.SyncAuthorizedEntriesRequest{Ids: staleIDs})) actualIDs = actualIDs[:0] - for page := 0; page < calculatePageCount(len(staleIDs))-1; page++ { + for range calculatePageCount(len(staleIDs)) - 1 { resp = recvNoError(t, stream) require.Equal(t, len(resp.Entries), entryPageSize) require.Zero(t, resp.EntryRevisions) @@ -3508,7 +3504,8 @@ func TestBatchUpdateEntry(t *testing.T) { { Status: &types.Status{Code: int32(codes.OK), Message: "OK"}, Entry: &types.Entry{ - ParentId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/parentUpdated"}}, + ParentId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/parentUpdated"}, + }, }, }, expectLogs: func(m map[string]string) []spiretest.LogEntry { @@ -3551,7 +3548,8 @@ func TestBatchUpdateEntry(t *testing.T) { { Status: &types.Status{Code: int32(codes.OK), Message: "OK"}, Entry: &types.Entry{ - SpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/workloadUpdated"}}, + SpiffeId: &types.SPIFFEID{TrustDomain: "example.org", Path: "/workloadUpdated"}, + }, }, }, expectLogs: func(m map[string]string) []spiretest.LogEntry { @@ -4172,8 +4170,10 @@ func TestBatchUpdateEntry(t *testing.T) { }, expectResults: []*entryv1.BatchUpdateEntryResponse_Result{ { - Status: &types.Status{Code: int32(codes.InvalidArgument), - Message: "failed to convert entry: invalid spiffe ID: trust domain is missing"}, + Status: &types.Status{ + Code: int32(codes.InvalidArgument), + Message: "failed to convert entry: invalid spiffe ID: trust domain is missing", + }, }, }, expectLogs: func(m map[string]string) []spiretest.LogEntry { @@ -4213,8 +4213,10 @@ func TestBatchUpdateEntry(t *testing.T) { }, expectResults: []*entryv1.BatchUpdateEntryResponse_Result{ { - Status: &types.Status{Code: int32(codes.InvalidArgument), - Message: "failed to convert entry: invalid parent ID: trust domain is missing"}, + Status: &types.Status{ + Code: int32(codes.InvalidArgument), + Message: "failed to convert entry: invalid parent ID: trust domain is missing", + }, }, }, expectLogs: func(m map[string]string) []spiretest.LogEntry { @@ -4254,8 +4256,10 @@ func TestBatchUpdateEntry(t *testing.T) { }, expectResults: []*entryv1.BatchUpdateEntryResponse_Result{ { - Status: &types.Status{Code: int32(codes.InvalidArgument), - Message: "failed to convert entry: invalid parent ID: trust domain is missing"}, + Status: &types.Status{ + Code: int32(codes.InvalidArgument), + Message: "failed to convert entry: invalid parent ID: trust domain is missing", + }, }, }, expectLogs: func(m map[string]string) []spiretest.LogEntry { @@ -4295,8 +4299,10 @@ func TestBatchUpdateEntry(t *testing.T) { }, expectResults: []*entryv1.BatchUpdateEntryResponse_Result{ { - Status: &types.Status{Code: int32(codes.InvalidArgument), - Message: "failed to convert entry: invalid spiffe ID: trust domain is missing"}, + Status: &types.Status{ + Code: int32(codes.InvalidArgument), + Message: "failed to convert entry: invalid spiffe ID: trust domain is missing", + }, }, }, expectLogs: func(m map[string]string) []spiretest.LogEntry { @@ -4336,8 +4342,10 @@ func TestBatchUpdateEntry(t *testing.T) { }, expectResults: []*entryv1.BatchUpdateEntryResponse_Result{ { - Status: &types.Status{Code: int32(codes.InvalidArgument), - Message: "failed to convert entry: selector list is empty"}, + Status: &types.Status{ + Code: int32(codes.InvalidArgument), + Message: "failed to convert entry: selector list is empty", + }, }, }, expectLogs: func(m map[string]string) []spiretest.LogEntry { @@ -4597,7 +4605,6 @@ func TestBatchUpdateEntry(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ds := fakedatastore.New(t) test := setupServiceTest(t, ds) @@ -4773,7 +4780,7 @@ func setupServiceTest(t *testing.T, ds datastore.DataStore, options ...serviceTe grpctest.Middleware(middleware.WithAuditLog(false)), ) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) test.client = entryv1.NewEntryClient(conn) test.done = server.Stop diff --git a/pkg/server/api/entry_test.go b/pkg/server/api/entry_test.go index d0ae6de23b..27cd7694b3 100644 --- a/pkg/server/api/entry_test.go +++ b/pkg/server/api/entry_test.go @@ -95,7 +95,6 @@ func TestRegistrationEntryToProto(t *testing.T) { err: "invalid SPIFFE ID: scheme is missing or invalid", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { entry, err := api.RegistrationEntryToProto(tt.entry) if tt.err != "" { @@ -464,7 +463,6 @@ func TestProtoToRegistrationEntryWithMask(t *testing.T) { err: "hint is too long, max length is 1024 characters", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { entry, err := api.ProtoToRegistrationEntryWithMask(context.Background(), td, tt.entry, tt.mask) if tt.err != "" { @@ -635,7 +633,6 @@ func TestProtoToRegistrationEntry(t *testing.T) { err: "selector list is empty", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { entry, err := api.ProtoToRegistrationEntry(context.Background(), td, tt.entry) if tt.err != "" { diff --git a/pkg/server/api/health/v1/service_test.go b/pkg/server/api/health/v1/service_test.go index 01688182d6..147f4e0c4a 100644 --- a/pkg/server/api/health/v1/service_test.go +++ b/pkg/server/api/health/v1/service_test.go @@ -22,9 +22,7 @@ import ( "google.golang.org/grpc/health/grpc_health_v1" ) -var ( - td = spiffeid.RequireTrustDomainFromString("example.org") -) +var td = spiffeid.RequireTrustDomainFromString("example.org") func TestServiceCheck(t *testing.T) { for _, tt := range []struct { @@ -86,7 +84,6 @@ func TestServiceCheck(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { log, logHook := test.NewNullLogger() @@ -112,7 +109,7 @@ func TestServiceCheck(t *testing.T) { }), ) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) client := grpc_health_v1.NewHealthClient(conn) resp, err := client.Check(context.Background(), &grpc_health_v1.HealthCheckRequest{ diff --git a/pkg/server/api/id_test.go b/pkg/server/api/id_test.go index 639b3d32d0..d97e32790a 100644 --- a/pkg/server/api/id_test.go +++ b/pkg/server/api/id_test.go @@ -50,7 +50,6 @@ func TestIDFromProto(t *testing.T) { // runTests exercises all the test cases against the given function runTests := func(t *testing.T, fn func(ctx context.Context, td spiffeid.TrustDomain, protoID *types.SPIFFEID) (spiffeid.ID, error), testCases []testCase) { for _, testCase := range append(baseCases, testCases...) { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { log, logHook := test.NewNullLogger() @@ -233,7 +232,6 @@ func TestAttestedNodeToProto(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { agent, err := api.AttestedNodeToProto(testCase.attNode, testCase.selectors) if testCase.err != "" { diff --git a/pkg/server/api/localauthority/v1/service_test.go b/pkg/server/api/localauthority/v1/service_test.go index ca240db741..23f566025b 100644 --- a/pkg/server/api/localauthority/v1/service_test.go +++ b/pkg/server/api/localauthority/v1/service_test.go @@ -2454,7 +2454,7 @@ func setupServiceTest(t *testing.T) *serviceTest { grpctest.Middleware(middleware.WithAuditLog(false)), ) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) test.done = server.Stop test.client = localauthorityv1.NewLocalAuthorityClient(conn) diff --git a/pkg/server/api/logger/v1/service_test.go b/pkg/server/api/logger/v1/service_test.go index d3731b7aae..93b8db23f4 100644 --- a/pkg/server/api/logger/v1/service_test.go +++ b/pkg/server/api/logger/v1/service_test.go @@ -141,7 +141,6 @@ func TestGetLogger(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, tt.launchLevel) defer test.Cleanup() @@ -390,7 +389,6 @@ func TestSetLoggerThenGetLogger(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, tt.launchLevel) defer test.Cleanup() @@ -638,7 +636,6 @@ func TestResetLogger(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, tt.launchLevel) defer test.Cleanup() @@ -729,7 +726,6 @@ func TestUnsetSetLogLevelRequest(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupServiceTest(t, tt.launchLevel) defer test.Cleanup() @@ -773,7 +769,7 @@ func setupServiceTest(t *testing.T, launchLevel logrus.Level) *serviceTest { server := grpctest.StartServer(t, registerFn, grpctest.OverrideContext(overrideContext), grpctest.Middleware(middleware.WithAuditLog(false))) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) // Remove configuration logs logHook.Reset() diff --git a/pkg/server/api/middleware/authorization_test.go b/pkg/server/api/middleware/authorization_test.go index 879a5dd644..c6f6fc58b7 100644 --- a/pkg/server/api/middleware/authorization_test.go +++ b/pkg/server/api/middleware/authorization_test.go @@ -321,7 +321,6 @@ func TestWithAuthorizationPreprocess(t *testing.T) { expectMsg: "failed to fetch caller entries: entry fetcher error", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ctx := context.Background() policyEngine, err := authpolicy.NewEngineFromRego(ctx, tt.rego, inmem.NewFromObject(map[string]any{})) diff --git a/pkg/server/api/middleware/caller_test.go b/pkg/server/api/middleware/caller_test.go index ac3c10f101..2e4d883c0c 100644 --- a/pkg/server/api/middleware/caller_test.go +++ b/pkg/server/api/middleware/caller_test.go @@ -165,7 +165,6 @@ func TestCallerContextFromContext(t *testing.T) { expectMsg: "client certificate has a malformed URI SAN: scheme is missing or invalid", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ctxIn := context.Background() if tt.peer != nil { diff --git a/pkg/server/api/middleware/ratelimit_test.go b/pkg/server/api/middleware/ratelimit_test.go index 443c051d45..a56ad2fa0b 100644 --- a/pkg/server/api/middleware/ratelimit_test.go +++ b/pkg/server/api/middleware/ratelimit_test.go @@ -264,7 +264,6 @@ func TestRateLimits(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { log, hook := test.NewNullLogger() ctx := rpccontext.WithLogger(context.Background(), log) diff --git a/pkg/server/api/selector_test.go b/pkg/server/api/selector_test.go index 4b9711efd6..2e6377078c 100644 --- a/pkg/server/api/selector_test.go +++ b/pkg/server/api/selector_test.go @@ -67,7 +67,6 @@ func TestSelectorsFromProto(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { selectors, err := api.SelectorsFromProto(testCase.proto) if testCase.err != "" { diff --git a/pkg/server/api/status_test.go b/pkg/server/api/status_test.go index 98cc26ab31..b2782d0b71 100644 --- a/pkg/server/api/status_test.go +++ b/pkg/server/api/status_test.go @@ -138,7 +138,6 @@ func TestMakeErr(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { log, hook := test.NewNullLogger() err := api.MakeErr(log, tt.code, tt.msg, tt.err) diff --git a/pkg/server/api/svid/v1/service_test.go b/pkg/server/api/svid/v1/service_test.go index 361e1d8a06..68951297a6 100644 --- a/pkg/server/api/svid/v1/service_test.go +++ b/pkg/server/api/svid/v1/service_test.go @@ -528,7 +528,6 @@ func TestServiceMintX509SVID(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() @@ -788,7 +787,6 @@ func TestServiceMintJWTSVID(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() @@ -1089,7 +1087,6 @@ func TestServiceNewJWTSVID(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() @@ -1717,7 +1714,6 @@ func TestServiceBatchNewX509SVID(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() @@ -2002,7 +1998,6 @@ func TestNewDownstreamX509CA(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() test.ef.err = tt.fetcherErr @@ -2127,7 +2122,7 @@ func setupServiceTest(t *testing.T) *serviceTest { grpctest.Middleware(middleware.WithAuditLog(false)), ) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) test.client = svidv1.NewSVIDClient(conn) test.done = server.Stop diff --git a/pkg/server/api/trustdomain/v1/service_test.go b/pkg/server/api/trustdomain/v1/service_test.go index 019a707ce1..24f777c44f 100644 --- a/pkg/server/api/trustdomain/v1/service_test.go +++ b/pkg/server/api/trustdomain/v1/service_test.go @@ -119,7 +119,6 @@ func TestGetFederationRelationship(t *testing.T) { }, }, { - name: "malformed trust domain", trustDomain: "https://foot.test", err: "failed to parse trust domain: scheme is missing or invalid", @@ -196,7 +195,6 @@ func TestGetFederationRelationship(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ds := newFakeDS(t) test := setupServiceTest(t, ds) @@ -408,7 +406,6 @@ func TestListFederationRelationships(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test.logHook.Reset() @@ -1159,7 +1156,6 @@ func TestBatchDeleteFederationRelationship(t *testing.T) { }, }, { - name: "empty trust domain", reqTrustDomains: []string{""}, expectDs: allRelationships, @@ -1191,7 +1187,6 @@ func TestBatchDeleteFederationRelationship(t *testing.T) { }, }, { - name: "malformed trust domain", reqTrustDomains: []string{"https://foot.test"}, expectDs: allRelationships, @@ -2214,7 +2209,7 @@ func setupServiceTest(t *testing.T, ds datastore.DataStore) *serviceTest { grpctest.Middleware(middleware.WithAuditLog(false)), ) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) test.client = trustdomainv1.NewTrustDomainClient(conn) test.done = server.Stop diff --git a/pkg/server/authorizedentries/agent_test.go b/pkg/server/authorizedentries/agent_test.go index 884ee2f37d..c4972b3c08 100644 --- a/pkg/server/authorizedentries/agent_test.go +++ b/pkg/server/authorizedentries/agent_test.go @@ -24,8 +24,8 @@ func TestAgentRecordByID(t *testing.T) { // ExpiresAt is irrelevant. records := []agentRecord{ - agentRecord{ID: "1", ExpiresAt: 9999}, - agentRecord{ID: "2", ExpiresAt: 8888}, + {ID: "1", ExpiresAt: 9999}, + {ID: "2", ExpiresAt: 8888}, } lesser := agentRecord{} @@ -48,12 +48,12 @@ func TestAgentRecordByExpiresAt(t *testing.T) { } records := []agentRecord{ - agentRecord{ID: "1"}, - agentRecord{ID: "2"}, - agentRecord{ID: "1", ExpiresAt: 1}, - agentRecord{ID: "2", ExpiresAt: 1}, - agentRecord{ID: "1", ExpiresAt: 2}, - agentRecord{ID: "2", ExpiresAt: 2}, + {ID: "1"}, + {ID: "2"}, + {ID: "1", ExpiresAt: 1}, + {ID: "2", ExpiresAt: 1}, + {ID: "1", ExpiresAt: 2}, + {ID: "2", ExpiresAt: 2}, } lesser := agentRecord{} diff --git a/pkg/server/authorizedentries/aliases_test.go b/pkg/server/authorizedentries/aliases_test.go index 106d7302cf..e0e5f70c31 100644 --- a/pkg/server/authorizedentries/aliases_test.go +++ b/pkg/server/authorizedentries/aliases_test.go @@ -23,16 +23,16 @@ func TestAliasRecordByEntryID(t *testing.T) { } records := []aliasRecord{ - aliasRecord{EntryID: "1"}, - aliasRecord{EntryID: "1", Selector: Selector{Type: "1", Value: "1"}}, - aliasRecord{EntryID: "1", Selector: Selector{Type: "1", Value: "2"}}, - aliasRecord{EntryID: "1", Selector: Selector{Type: "2", Value: "1"}}, - aliasRecord{EntryID: "1", Selector: Selector{Type: "2", Value: "2"}}, - aliasRecord{EntryID: "2"}, - aliasRecord{EntryID: "2", Selector: Selector{Type: "1", Value: "1"}}, - aliasRecord{EntryID: "2", Selector: Selector{Type: "1", Value: "2"}}, - aliasRecord{EntryID: "2", Selector: Selector{Type: "2", Value: "1"}}, - aliasRecord{EntryID: "2", Selector: Selector{Type: "2", Value: "2"}}, + {EntryID: "1"}, + {EntryID: "1", Selector: Selector{Type: "1", Value: "1"}}, + {EntryID: "1", Selector: Selector{Type: "1", Value: "2"}}, + {EntryID: "1", Selector: Selector{Type: "2", Value: "1"}}, + {EntryID: "1", Selector: Selector{Type: "2", Value: "2"}}, + {EntryID: "2"}, + {EntryID: "2", Selector: Selector{Type: "1", Value: "1"}}, + {EntryID: "2", Selector: Selector{Type: "1", Value: "2"}}, + {EntryID: "2", Selector: Selector{Type: "2", Value: "1"}}, + {EntryID: "2", Selector: Selector{Type: "2", Value: "2"}}, } lesser := aliasRecord{} @@ -50,17 +50,17 @@ func TestAliasRecordBySelector(t *testing.T) { } records := []aliasRecord{ - aliasRecord{Selector: Selector{Type: "1", Value: "1"}}, - aliasRecord{Selector: Selector{Type: "1", Value: "1"}, EntryID: "1"}, - aliasRecord{Selector: Selector{Type: "1", Value: "1"}, EntryID: "2"}, - aliasRecord{Selector: Selector{Type: "1", Value: "2"}, EntryID: "1"}, - aliasRecord{Selector: Selector{Type: "1", Value: "2"}, EntryID: "2"}, - aliasRecord{Selector: Selector{Type: "2", Value: "1"}}, - aliasRecord{Selector: Selector{Type: "2", Value: "1"}, EntryID: "1"}, - aliasRecord{Selector: Selector{Type: "2", Value: "1"}, EntryID: "2"}, - aliasRecord{Selector: Selector{Type: "2", Value: "2"}}, - aliasRecord{Selector: Selector{Type: "2", Value: "2"}, EntryID: "1"}, - aliasRecord{Selector: Selector{Type: "2", Value: "2"}, EntryID: "2"}, + {Selector: Selector{Type: "1", Value: "1"}}, + {Selector: Selector{Type: "1", Value: "1"}, EntryID: "1"}, + {Selector: Selector{Type: "1", Value: "1"}, EntryID: "2"}, + {Selector: Selector{Type: "1", Value: "2"}, EntryID: "1"}, + {Selector: Selector{Type: "1", Value: "2"}, EntryID: "2"}, + {Selector: Selector{Type: "2", Value: "1"}}, + {Selector: Selector{Type: "2", Value: "1"}, EntryID: "1"}, + {Selector: Selector{Type: "2", Value: "1"}, EntryID: "2"}, + {Selector: Selector{Type: "2", Value: "2"}}, + {Selector: Selector{Type: "2", Value: "2"}, EntryID: "1"}, + {Selector: Selector{Type: "2", Value: "2"}, EntryID: "2"}, } lesser := aliasRecord{} for _, greater := range records { diff --git a/pkg/server/authorizedentries/cache_test.go b/pkg/server/authorizedentries/cache_test.go index f16c9d8b08..360008ca76 100644 --- a/pkg/server/authorizedentries/cache_test.go +++ b/pkg/server/authorizedentries/cache_test.go @@ -358,7 +358,7 @@ func BenchmarkGetAuthorizedEntriesInMemory(b *testing.B) { staticSelector2 := &types.Selector{Type: "static", Value: "static-2"} const numAgents = 50000 - for i := 0; i < numAgents; i++ { + for i := range numAgents { test.withAgent(spiffeid.RequireFromPathf(td, "/agent-%d", i), staticSelector1) } @@ -382,7 +382,7 @@ func BenchmarkGetAuthorizedEntriesInMemory(b *testing.B) { }, ) - for i := 0; i < 300; i++ { + for i := range 300 { test.withEntries(&types.Entry{ Id: fmt.Sprintf("alias1-workload-%d", i), SpiffeId: &types.SPIFFEID{ @@ -396,7 +396,7 @@ func BenchmarkGetAuthorizedEntriesInMemory(b *testing.B) { }) } - for i := 0; i < 300; i++ { + for i := range 300 { test.withEntries(&types.Entry{ Id: fmt.Sprintf("alias2-workload-%d", i), SpiffeId: &types.SPIFFEID{ @@ -412,7 +412,7 @@ func BenchmarkGetAuthorizedEntriesInMemory(b *testing.B) { cache := test.hydrate(b) b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { cache.GetAuthorizedEntries(test.pickAgent()) } } diff --git a/pkg/server/authorizedentries/entries_test.go b/pkg/server/authorizedentries/entries_test.go index 653b3f3c16..2463cf3597 100644 --- a/pkg/server/authorizedentries/entries_test.go +++ b/pkg/server/authorizedentries/entries_test.go @@ -24,8 +24,8 @@ func TestEntryRecordByEntryID(t *testing.T) { // ParentID is irrelevant. records := []entryRecord{ - entryRecord{EntryID: "1", ParentID: "2"}, - entryRecord{EntryID: "2", ParentID: "1"}, + {EntryID: "1", ParentID: "2"}, + {EntryID: "2", ParentID: "1"}, } lesser := entryRecord{} @@ -43,12 +43,12 @@ func TestEntryRecordByParentID(t *testing.T) { } records := []entryRecord{ - entryRecord{ParentID: "1"}, - entryRecord{ParentID: "1", EntryID: "1"}, - entryRecord{ParentID: "1", EntryID: "2"}, - entryRecord{ParentID: "2"}, - entryRecord{ParentID: "2", EntryID: "1"}, - entryRecord{ParentID: "2", EntryID: "2"}, + {ParentID: "1"}, + {ParentID: "1", EntryID: "1"}, + {ParentID: "1", EntryID: "2"}, + {ParentID: "2"}, + {ParentID: "2", EntryID: "1"}, + {ParentID: "2", EntryID: "2"}, } lesser := entryRecord{} diff --git a/pkg/server/authpolicy/policy_test.go b/pkg/server/authpolicy/policy_test.go index dc91d0dfb5..012075ce56 100644 --- a/pkg/server/authpolicy/policy_test.go +++ b/pkg/server/authpolicy/policy_test.go @@ -209,7 +209,6 @@ func TestPolicy(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { var json map[string]any err := util.UnmarshalJSON([]byte(tt.jsonData), &json) @@ -386,7 +385,6 @@ func TestNewEngineFromConfig(t *testing.T) { success: false, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ctx := context.Background() @@ -425,7 +423,6 @@ func TestNewEngineFromRego(t *testing.T) { success: false, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ctx := context.Background() // Just create arbitrary store since there isn't a way to create diff --git a/pkg/server/bundle/client/client.go b/pkg/server/bundle/client/client.go index 2462a0917b..009dc3721a 100644 --- a/pkg/server/bundle/client/client.go +++ b/pkg/server/bundle/client/client.go @@ -14,7 +14,6 @@ import ( "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig" "github.com/spiffe/spire/pkg/common/bundleutil" "github.com/spiffe/spire/pkg/common/tlspolicy" - "github.com/zeebo/errs" ) type SPIFFEAuthConfig struct { @@ -92,15 +91,15 @@ func (c *client) FetchBundle(context.Context) (*spiffebundle.Bundle, error) { var hostnameError x509.HostnameError if errors.As(err, &hostnameError) && c.c.SPIFFEAuth == nil && len(hostnameError.Certificate.URIs) > 0 { if id, idErr := spiffeid.FromString(hostnameError.Certificate.URIs[0].String()); idErr == nil { - return nil, errs.New("failed to authenticate bundle endpoint using web authentication but the server certificate contains SPIFFE ID %q: maybe use https_spiffe instead of https_web: %v", id, err) + return nil, fmt.Errorf("failed to authenticate bundle endpoint using web authentication but the server certificate contains SPIFFE ID %q: maybe use https_spiffe instead of https_web: %w", id, err) } } - return nil, errs.New("failed to fetch bundle: %v", err) + return nil, fmt.Errorf("failed to fetch bundle: %w", err) } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - return nil, errs.New("unexpected status %d fetching bundle: %s", resp.StatusCode, tryRead(resp.Body)) + return nil, fmt.Errorf("unexpected status %d fetching bundle: %s", resp.StatusCode, tryRead(resp.Body)) } b, err := bundleutil.Decode(c.c.TrustDomain, resp.Body) diff --git a/pkg/server/bundle/client/client_test.go b/pkg/server/bundle/client/client_test.go index 5abc6243e8..8ced7d2ba7 100644 --- a/pkg/server/bundle/client/client_test.go +++ b/pkg/server/bundle/client/client_test.go @@ -91,7 +91,6 @@ func TestClient(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { serverCert, serverKey := createServerCertificate(t, testCase.serverID) diff --git a/pkg/server/bundle/client/manager_test.go b/pkg/server/bundle/client/manager_test.go index b2a4855bfc..5404bdab4d 100644 --- a/pkg/server/bundle/client/manager_test.go +++ b/pkg/server/bundle/client/manager_test.go @@ -4,6 +4,7 @@ import ( "context" "crypto/x509" "errors" + "fmt" "sync" "testing" "time" @@ -17,7 +18,6 @@ import ( "github.com/spiffe/spire/test/fakes/fakedatastore" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/zeebo/errs" ) func TestManagerPeriodicBundleRefresh(t *testing.T) { @@ -66,7 +66,6 @@ func TestManagerPeriodicBundleRefresh(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { test := newManagerTest(t, source, func(spiffeid.TrustDomain) *spiffebundle.Bundle { @@ -278,7 +277,7 @@ func newManagerTest(t *testing.T, source TrustDomainConfigSource, localBundles, go func() { defer func() { if r := recover(); r != nil { - errCh <- errs.New("%+v", r) + errCh <- fmt.Errorf("%+v", r) } }() errCh <- test.manager.Run(ctx) diff --git a/pkg/server/bundle/client/sources_test.go b/pkg/server/bundle/client/sources_test.go index ffa498eb45..aeff4cbe99 100644 --- a/pkg/server/bundle/client/sources_test.go +++ b/pkg/server/bundle/client/sources_test.go @@ -61,8 +61,8 @@ func TestMergedTrustDomainConfigSource(t *testing.T) { require.NoError(t, err) require.Equal(t, map[spiffeid.TrustDomain]client.TrustDomainConfig{ - domain1: client.TrustDomainConfig{EndpointURL: "A"}, - domain2: client.TrustDomainConfig{EndpointURL: "A"}, + domain1: {EndpointURL: "A"}, + domain2: {EndpointURL: "A"}, }, configs) }) } diff --git a/pkg/server/bundle/client/updater.go b/pkg/server/bundle/client/updater.go index 3e906d4d62..b268570f0b 100644 --- a/pkg/server/bundle/client/updater.go +++ b/pkg/server/bundle/client/updater.go @@ -10,7 +10,6 @@ import ( "github.com/spiffe/go-spiffe/v2/spiffeid" "github.com/spiffe/spire/pkg/common/bundleutil" "github.com/spiffe/spire/pkg/server/datastore" - "github.com/zeebo/errs" ) type BundleUpdaterConfig struct { @@ -141,7 +140,7 @@ func fetchBundleIfExists(ctx context.Context, ds datastore.DataStore, trustDomai // Load the current bundle and extract the root CA certificates bundle, err := ds.FetchBundle(ctx, trustDomain.IDString()) if err != nil { - return nil, errs.Wrap(err) + return nil, err } if bundle == nil { return nil, nil diff --git a/pkg/server/bundle/client/updater_test.go b/pkg/server/bundle/client/updater_test.go index 1f4e17b60e..97decf57d1 100644 --- a/pkg/server/bundle/client/updater_test.go +++ b/pkg/server/bundle/client/updater_test.go @@ -81,7 +81,6 @@ func TestBundleUpdaterUpdateBundle(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { ds := fakedatastore.New(t) diff --git a/pkg/server/bundle/datastore/wrapper_test.go b/pkg/server/bundle/datastore/wrapper_test.go index 6fe3a42e3d..8100dbebeb 100644 --- a/pkg/server/bundle/datastore/wrapper_test.go +++ b/pkg/server/bundle/datastore/wrapper_test.go @@ -78,7 +78,6 @@ func TestWithBundlePublisher(t *testing.T) { }, }, } { - tt := tt ctx := context.Background() t.Run(tt.name, func(t *testing.T) { var ds datastore.DataStore = fakedatastore.New(t) diff --git a/pkg/server/bundle/pubmanager/pubmanager.go b/pkg/server/bundle/pubmanager/pubmanager.go index 37d5d91e28..bb1a66e10f 100644 --- a/pkg/server/bundle/pubmanager/pubmanager.go +++ b/pkg/server/bundle/pubmanager/pubmanager.go @@ -110,7 +110,6 @@ func (m *Manager) publishBundle(ctx context.Context) (err error) { var wg sync.WaitGroup wg.Add(len(m.bundlePublishers)) for _, bp := range m.bundlePublishers { - bp := bp go func() { defer wg.Done() diff --git a/pkg/server/bundle/pubmanager/pubmanager_test.go b/pkg/server/bundle/pubmanager/pubmanager_test.go index e61c98b2d0..0a68798ff4 100644 --- a/pkg/server/bundle/pubmanager/pubmanager_test.go +++ b/pkg/server/bundle/pubmanager/pubmanager_test.go @@ -182,7 +182,7 @@ type managerTest struct { } func (test *managerTest) waitForPublishResult(ctx context.Context, t *testing.T, expectedResults publishResults) { - for i := 0; i < len(expectedResults); i++ { + for range expectedResults { select { case bpe := <-test.m.hooks.publishResultCh: expectedBPEvent, ok := expectedResults[bpe.pluginName] diff --git a/pkg/server/ca/ca_test.go b/pkg/server/ca/ca_test.go index 6dcab1a468..265d27c402 100644 --- a/pkg/server/ca/ca_test.go +++ b/pkg/server/ca/ca_test.go @@ -367,7 +367,6 @@ func (s *CATestSuite) TestSignWorkloadX509SVIDWithSubject() { } for _, testCase := range testCases { - testCase := testCase s.T().Run(testCase.name, func(t *testing.T) { params := s.createWorkloadX509SVIDParams() params.Subject = testCase.subject diff --git a/pkg/server/ca/manager/journal.go b/pkg/server/ca/manager/journal.go index cc280e90cc..be95fad938 100644 --- a/pkg/server/ca/manager/journal.go +++ b/pkg/server/ca/manager/journal.go @@ -14,7 +14,6 @@ import ( "github.com/spiffe/spire/pkg/server/catalog" "github.com/spiffe/spire/pkg/server/datastore" "github.com/spiffe/spire/proto/private/server/journal" - "github.com/zeebo/errs" "google.golang.org/protobuf/proto" ) @@ -125,7 +124,7 @@ func (j *Journal) AppendJWTKey(ctx context.Context, slotID string, issuedAt time pkixBytes, err := x509.MarshalPKIXPublicKey(jwtKey.Signer.Public()) if err != nil { - return errs.Wrap(err) + return err } backup := j.entries.JwtKeys @@ -273,7 +272,7 @@ func (j *Journal) findCAJournal(ctx context.Context) (*datastore.CAJournal, erro func (j *Journal) save(ctx context.Context) error { entriesBytes, err := proto.Marshal(j.entries) if err != nil { - return errs.Wrap(err) + return err } caJournalID, err := j.saveInDatastore(ctx, entriesBytes) @@ -315,7 +314,7 @@ func loadJournalFromDS(ctx context.Context, config *journalConfig) (*Journal, er j.caJournalID = caJournal.ID if err := proto.Unmarshal(caJournal.Data, j.entries); err != nil { - return nil, errs.New("unable to unmarshal entries from CA journal record: %v", err) + return nil, fmt.Errorf("unable to unmarshal entries from CA journal record: %w", err) } return j, nil } diff --git a/pkg/server/ca/manager/journal_test.go b/pkg/server/ca/manager/journal_test.go index 40f725b130..cb9e3fee4b 100644 --- a/pkg/server/ca/manager/journal_test.go +++ b/pkg/server/ca/manager/journal_test.go @@ -192,7 +192,7 @@ func TestX509CAOverflow(t *testing.T) { journal := test.loadJournal(t) - for i := 0; i < (journalCap + 1); i++ { + for range journalCap + 1 { now = now.Add(time.Minute) err := journal.AppendX509CA(ctx, "A", now, &ca.X509CA{ Signer: kmKeys["X509-CA-A"], @@ -313,7 +313,7 @@ func TestJWTKeyOverflow(t *testing.T) { journal := test.loadJournal(t) - for i := 0; i < (journalCap + 1); i++ { + for range journalCap + 1 { now = now.Add(time.Minute) err := journal.AppendJWTKey(ctx, "B", now, &ca.JWTKey{ Signer: kmKeys["JWT-Signer-B"], diff --git a/pkg/server/ca/manager/manager.go b/pkg/server/ca/manager/manager.go index 4aa631c41c..bb2975c1a9 100644 --- a/pkg/server/ca/manager/manager.go +++ b/pkg/server/ca/manager/manager.go @@ -28,7 +28,6 @@ import ( "github.com/spiffe/spire/pkg/server/plugin/notifier" "github.com/spiffe/spire/proto/private/server/journal" "github.com/spiffe/spire/proto/spire/common" - "github.com/zeebo/errs" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -456,7 +455,6 @@ func (m *Manager) PruneBundle(ctx context.Context) (err error) { expiresBefore := m.c.Clock.Now().Add(-safetyThresholdBundle) changed, err := ds.PruneBundle(ctx, m.c.TrustDomain.IDString(), expiresBefore) - if err != nil { return fmt.Errorf("unable to prune bundle: %w", err) } @@ -478,7 +476,6 @@ func (m *Manager) PruneCAJournals(ctx context.Context) (err error) { expiresBefore := m.c.Clock.Now().Add(-safetyThresholdCAJournals) err = ds.PruneCAJournals(ctx, expiresBefore.Unix()) - if err != nil { return fmt.Errorf("unable to prune CA journals: %w", err) } @@ -735,17 +732,18 @@ func (m *Manager) notify(ctx context.Context, event string, advise bool, pre fun }(n) } - var allErrs errs.Group - for i := 0; i < len(notifiers); i++ { + var allErrs error + for range notifiers { // don't select on the ctx here as we can rely on the plugins to // respond to context cancellation and return an error. if err := <-errsCh; err != nil { - allErrs.Add(err) + allErrs = errors.Join(allErrs, err) } } - if err := allErrs.Err(); err != nil { - return errs.New("one or more notifiers returned an error: %v", err) + if allErrs != nil { + return fmt.Errorf("one or more notifiers returned an error: %w", allErrs) } + return nil } @@ -755,7 +753,7 @@ func (m *Manager) fetchRequiredBundle(ctx context.Context) (*common.Bundle, erro return nil, err } if bundle == nil { - return nil, errs.New("trust domain bundle is missing") + return nil, errors.New("trust domain bundle is missing") } return bundle, nil } @@ -764,7 +762,7 @@ func (m *Manager) fetchOptionalBundle(ctx context.Context) (*common.Bundle, erro ds := m.c.Catalog.GetDataStore() bundle, err := ds.FetchBundle(ctx, m.c.TrustDomain.IDString()) if err != nil { - return nil, errs.Wrap(err) + return nil, err } return bundle, nil } @@ -1052,7 +1050,7 @@ func keyIDFromBytes(choices []byte) string { func publicKeyFromJWTKey(jwtKey *ca.JWTKey) (*common.PublicKey, error) { pkixBytes, err := x509.MarshalPKIXPublicKey(jwtKey.Signer.Public()) if err != nil { - return nil, errs.Wrap(err) + return nil, err } return &common.PublicKey{ diff --git a/pkg/server/ca/manager/manager_test.go b/pkg/server/ca/manager/manager_test.go index 79462f00ec..a0df9041ba 100644 --- a/pkg/server/ca/manager/manager_test.go +++ b/pkg/server/ca/manager/manager_test.go @@ -457,11 +457,14 @@ func TestUpstreamProcessTaintedAuthorityBackoff(t *testing.T) { } } + test.clock.WaitForAfter(time.Second, "waiting for the retry to wait for next duration") // Must fail due to the invalid key type expectBackoffErr(t) // Try again; expect to fail test.clock.Add(6 * time.Second) + + test.clock.WaitForAfter(time.Second, "waiting for the retry to wait for next duration") expectBackoffErr(t) // Restore to a valid key type, and advance time again @@ -934,7 +937,6 @@ func TestPruneCAJournals(t *testing.T) { var expectedCAJournals []*datastore.CAJournal for _, testCase := range testCases { - testCase := testCase expectedCAJournals = []*datastore.CAJournal{} t.Run(testCase.name, func(t *testing.T) { // Have a fresh data store in each test case @@ -1139,7 +1141,6 @@ func TestAlternateKeyTypes(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { ctx := context.Background() diff --git a/pkg/server/ca/manager/slot.go b/pkg/server/ca/manager/slot.go index cbfff8c768..fa0be6a33c 100644 --- a/pkg/server/ca/manager/slot.go +++ b/pkg/server/ca/manager/slot.go @@ -19,7 +19,6 @@ import ( "github.com/spiffe/spire/pkg/server/catalog" "github.com/spiffe/spire/proto/private/server/journal" "github.com/spiffe/spire/proto/spire/common" - "github.com/zeebo/errs" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -274,7 +273,6 @@ func (s *SlotLoader) getJWTKeysSlots(ctx context.Context, entries []*journal.JWT // Instead, we'll rotate into a new one. func (s *SlotLoader) filterInvalidEntries(ctx context.Context, entries *journal.Entries) ([]*journal.JWTKeyEntry, []*journal.X509CAEntry, error) { bundle, err := s.fetchOptionalBundle(ctx) - if err != nil { return nil, nil, err } @@ -314,7 +312,7 @@ func (s *SlotLoader) fetchOptionalBundle(ctx context.Context) (*common.Bundle, e ds := s.Catalog.GetDataStore() bundle, err := ds.FetchBundle(ctx, s.TrustDomain.IDString()) if err != nil { - return nil, errs.Wrap(err) + return nil, err } return bundle, nil } @@ -351,14 +349,14 @@ func (s *SlotLoader) loadX509CASlotFromEntry(ctx context.Context, entry *journal cert, err := x509.ParseCertificate(entry.Certificate) if err != nil { - return nil, "", errs.New("unable to parse CA certificate: %v", err) + return nil, "", fmt.Errorf("unable to parse CA certificate: %w", err) } var upstreamChain []*x509.Certificate for _, certDER := range entry.UpstreamChain { cert, err := x509.ParseCertificate(certDER) if err != nil { - return nil, "", errs.New("unable to parse upstream chain certificate: %v", err) + return nil, "", fmt.Errorf("unable to parse upstream chain certificate: %w", err) } upstreamChain = append(upstreamChain, cert) } @@ -421,7 +419,7 @@ func (s *SlotLoader) loadJWTKeySlotFromEntry(ctx context.Context, entry *journal publicKey, err := x509.ParsePKIXPublicKey(entry.PublicKey) if err != nil { - return nil, "", errs.Wrap(err) + return nil, "", err } signer, err := s.makeSigner(ctx, jwtKeyKmKeyID(entry.SlotId)) @@ -460,7 +458,7 @@ func (s *SlotLoader) makeSigner(ctx context.Context, keyID string) (crypto.Signe case codes.NotFound: return nil, nil default: - return nil, errs.Wrap(err) + return nil, err } } diff --git a/pkg/server/ca/rotator/rotator.go b/pkg/server/ca/rotator/rotator.go index 923a020ca7..000f10494e 100644 --- a/pkg/server/ca/rotator/rotator.go +++ b/pkg/server/ca/rotator/rotator.go @@ -11,7 +11,6 @@ import ( "github.com/spiffe/spire/pkg/common/health" "github.com/spiffe/spire/pkg/common/util" "github.com/spiffe/spire/pkg/server/ca/manager" - "github.com/zeebo/errs" ) const ( @@ -138,7 +137,7 @@ func (r *Rotator) rotate(ctx context.Context) error { r.c.Log.WithError(jwtKeyErr).Error("Unable to rotate JWT key") } - return errs.Combine(x509CAErr, jwtKeyErr) + return errors.Join(x509CAErr, jwtKeyErr) } func (r *Rotator) rotateJWTKey(ctx context.Context) error { diff --git a/pkg/server/ca/upstream_client_test.go b/pkg/server/ca/upstream_client_test.go index 4921674c57..ce80d76b9d 100644 --- a/pkg/server/ca/upstream_client_test.go +++ b/pkg/server/ca/upstream_client_test.go @@ -100,7 +100,6 @@ func TestUpstreamClientMintX509CA_FailsOnBadFirstResponse(t *testing.T) { expectMsg: "X509 CA minted by upstream authority is invalid: oh no", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { client, _, _ := setUpUpstreamClientTest(t, fakeupstreamauthority.Config{ TrustDomain: trustDomain, diff --git a/pkg/server/cache/dscache/cache_test.go b/pkg/server/cache/dscache/cache_test.go index a433fcafa9..456802f26c 100644 --- a/pkg/server/cache/dscache/cache_test.go +++ b/pkg/server/cache/dscache/cache_test.go @@ -147,7 +147,6 @@ func TestBundleInvalidations(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // Create datastore and cache ds := fakedatastore.New(t) diff --git a/pkg/server/cache/entrycache/fullcache_ds_test.go b/pkg/server/cache/entrycache/fullcache_ds_test.go index 5ee5aae52e..147ee322b5 100644 --- a/pkg/server/cache/entrycache/fullcache_ds_test.go +++ b/pkg/server/cache/entrycache/fullcache_ds_test.go @@ -37,7 +37,7 @@ func TestEntryIteratorDS(t *testing.T) { {Type: "doesn't", Value: "matter"}, } entriesToCreate := make([]*common.RegistrationEntry, numEntries) - for i := 0; i < numEntries; i++ { + for i := range numEntries { entriesToCreate[i] = &common.RegistrationEntry{ ParentId: parentID, SpiffeId: spiffeIDPrefix + strconv.Itoa(i), @@ -57,7 +57,7 @@ func TestEntryIteratorDS(t *testing.T) { it := makeEntryIteratorDS(ds) var entries []*types.Entry - for i := 0; i < numEntries; i++ { + for range numEntries { assert.True(t, it.Next(ctx)) require.NoError(t, it.Err()) @@ -73,7 +73,7 @@ func TestEntryIteratorDS(t *testing.T) { t.Run("datastore error", func(t *testing.T) { it := makeEntryIteratorDS(ds) - for i := 0; i < int(listEntriesRequestPageSize); i++ { + for range listEntriesRequestPageSize { assert.True(t, it.Next(ctx)) require.NoError(t, it.Err()) } @@ -105,7 +105,7 @@ func TestAgentIteratorDS(t *testing.T) { expectedSelectors := api.ProtoFromSelectors(selectors) expectedAgents := make([]Agent, numAgents) - for i := 0; i < numAgents; i++ { + for i := range numAgents { iterStr := strconv.Itoa(i) agentID, err := spiffeid.FromString("spiffe://example.org/spire/agent/agent" + iterStr) require.NoError(t, err) @@ -129,7 +129,7 @@ func TestAgentIteratorDS(t *testing.T) { t.Run("multiple pages", func(t *testing.T) { it := makeAgentIteratorDS(ds) agents := make([]Agent, numAgents) - for i := 0; i < numAgents; i++ { + for i := range numAgents { assert.True(t, it.Next(ctx)) assert.NoError(t, it.Err()) agents[i] = it.Agent() diff --git a/pkg/server/cache/entrycache/fullcache_test.go b/pkg/server/cache/entrycache/fullcache_test.go index 19122edc4e..3b2c34f7c8 100644 --- a/pkg/server/cache/entrycache/fullcache_test.go +++ b/pkg/server/cache/entrycache/fullcache_test.go @@ -53,7 +53,7 @@ func TestCache(t *testing.T) { const serverID = "spiffe://example.org/spire/server" const numEntries = 5 entryIDs := make([]string, numEntries) - for i := 0; i < numEntries; i++ { + for i := range numEntries { entryIDURI := url.URL{ Scheme: spiffeScheme, Host: trustDomain, @@ -340,7 +340,7 @@ func TestFullCacheExcludesNodeSelectorMappedEntriesForExpiredAgents(t *testing.T const numAliasEntries = 3 aliasEntryIDs := make([]string, numAliasEntries) - for i := 0; i < numAliasEntries; i++ { + for i := range numAliasEntries { entryURI := &url.URL{ Scheme: spiffeScheme, Host: trustDomain, @@ -369,13 +369,13 @@ func TestFullCacheExcludesNodeSelectorMappedEntriesForExpiredAgents(t *testing.T } aliasEntries := make([]*common.RegistrationEntry, numAliasEntries) - for i := 0; i < numAliasEntries; i++ { + for i := range numAliasEntries { aliasEntries[i] = createRegistrationEntry(ctx, t, ds, aliasEntriesToCreate[i]) } const numWorkloadEntries = 5 workloadEntryIDs := make([]string, numWorkloadEntries) - for i := 0; i < numWorkloadEntries; i++ { + for i := range numWorkloadEntries { entryURI := &url.URL{ Scheme: spiffeScheme, Host: trustDomain, @@ -421,7 +421,7 @@ func TestFullCacheExcludesNodeSelectorMappedEntriesForExpiredAgents(t *testing.T } workloadEntries := make([]*common.RegistrationEntry, numWorkloadEntries) - for i := 0; i < numWorkloadEntries; i++ { + for i := range numWorkloadEntries { workloadEntries[i] = createRegistrationEntry(ctx, t, ds, workloadEntriesToCreate[i]) } @@ -470,7 +470,7 @@ func TestBuildIteratorError(t *testing.T) { func BenchmarkBuildInMemory(b *testing.B) { allEntries, agents := buildBenchmarkData() b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := Build(context.Background(), makeEntryIterator(allEntries), makeAgentIterator(agents)) if err != nil { b.Fatal(err) @@ -483,7 +483,7 @@ func BenchmarkGetAuthorizedEntriesInMemory(b *testing.B) { cache, err := Build(context.Background(), makeEntryIterator(allEntries), makeAgentIterator(agents)) require.NoError(b, err) b.ResetTimer() - for i := 0; i < b.N; i++ { + for i := range b.N { cache.GetAuthorizedEntries(agents[i%len(agents)].ID) } } @@ -518,7 +518,7 @@ func BenchmarkBuildSQL(b *testing.B) { } b.ResetTimer() - for i := 0; i < b.N; i++ { + for range b.N { _, err := BuildFromDataStore(ctx, ds) if err != nil { b.Fatal(err) @@ -680,7 +680,7 @@ func buildBenchmarkData() ([]*types.Entry, []Agent) { const numAgents = 50000 agents := make([]Agent, 0, numAgents) - for i := 0; i < numAgents; i++ { + for i := range numAgents { agents = append(agents, Agent{ ID: makeAgentID(i), Selectors: []*types.Selector{ @@ -717,7 +717,7 @@ func buildBenchmarkData() ([]*types.Entry, []Agent) { } var workloadEntries1 []*types.Entry - for i := 0; i < 300; i++ { + for i := range 300 { workloadEntries1 = append(workloadEntries1, &types.Entry{ Id: fmt.Sprintf("workload%d", i), SpiffeId: &types.SPIFFEID{ @@ -732,7 +732,7 @@ func buildBenchmarkData() ([]*types.Entry, []Agent) { } var workloadEntries2 []*types.Entry - for i := 0; i < 300; i++ { + for i := range 300 { workloadEntries2 = append(workloadEntries2, &types.Entry{ Id: fmt.Sprintf("workload%d", i), SpiffeId: &types.SPIFFEID{ diff --git a/pkg/server/datastore/sqlstore/errors.go b/pkg/server/datastore/sqlstore/errors.go new file mode 100644 index 0000000000..1aaf152470 --- /dev/null +++ b/pkg/server/datastore/sqlstore/errors.go @@ -0,0 +1,92 @@ +package sqlstore + +import ( + "fmt" +) + +const ( + datastoreSQLErrorPrefix = "datastore-sql" + datastoreValidationErrorPrefix = "datastore-validation" +) + +type sqlError struct { + err error + msg string +} + +func (s *sqlError) Error() string { + if s == nil { + return "" + } + + if s.err != nil { + return fmt.Sprintf("%s: %s", datastoreSQLErrorPrefix, s.err) + } + + return fmt.Sprintf("%s: %s", datastoreSQLErrorPrefix, s.msg) +} + +func (s *sqlError) Unwrap() error { + if s == nil { + return nil + } + + return s.err +} + +type validationError struct { + err error + msg string +} + +func (v *validationError) Error() string { + if v == nil { + return "" + } + + if v.err != nil { + return fmt.Sprintf("%s: %s", datastoreValidationErrorPrefix, v.err) + } + + return fmt.Sprintf("%s: %s", datastoreValidationErrorPrefix, v.msg) +} + +func (v *validationError) Unwrap() error { + if v == nil { + return nil + } + + return v.err +} + +func newSQLError(fmtMsg string, args ...any) error { + return &sqlError{ + msg: fmt.Sprintf(fmtMsg, args...), + } +} + +func newWrappedSQLError(err error) error { + if err == nil { + return nil + } + + return &sqlError{ + err: err, + } +} + +func newValidationError(fmtMsg string, args ...any) error { + return &validationError{ + msg: fmt.Sprintf(fmtMsg, args...), + } +} + +func newWrappedValidationError(err error) error { + if err == nil { + return nil + } + + return &validationError{ + err: err, + } +} diff --git a/pkg/server/datastore/sqlstore/errors_test.go b/pkg/server/datastore/sqlstore/errors_test.go new file mode 100644 index 0000000000..5d2079aa81 --- /dev/null +++ b/pkg/server/datastore/sqlstore/errors_test.go @@ -0,0 +1,58 @@ +package sqlstore + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestSQLError(t *testing.T) { + err := newSQLError("an error with two dynamic fields: %s, %d", "hello", 1) + assert.EqualError(t, err, "datastore-sql: an error with two dynamic fields: hello, 1") + + var sErr *sqlError + assert.ErrorAs(t, err, &sErr) +} + +func TestWrappedSQLError(t *testing.T) { + t.Run("nil error", func(t *testing.T) { + err := newWrappedSQLError(nil) + assert.NoError(t, err) + }) + + t.Run("non-nil error", func(t *testing.T) { + wrappedErr := errors.New("foo") + err := newWrappedSQLError(wrappedErr) + + assert.EqualError(t, err, "datastore-sql: foo") + + var sErr *sqlError + assert.ErrorAs(t, err, &sErr) + }) +} + +func TestValidationError(t *testing.T) { + err := newValidationError("an error with two dynamic fields: %s, %d", "hello", 1) + assert.EqualError(t, err, "datastore-validation: an error with two dynamic fields: hello, 1") + + var vErr *validationError + assert.ErrorAs(t, err, &vErr) +} + +func TestWrappedValidationError(t *testing.T) { + t.Run("nil error", func(t *testing.T) { + err := newWrappedValidationError(nil) + assert.NoError(t, err) + }) + + t.Run("non-nil error", func(t *testing.T) { + wrappedErr := errors.New("bar") + err := newWrappedValidationError(wrappedErr) + + assert.EqualError(t, err, "datastore-validation: bar") + + var vErr *validationError + assert.ErrorAs(t, err, &vErr) + }) +} diff --git a/pkg/server/datastore/sqlstore/migration.go b/pkg/server/datastore/sqlstore/migration.go index c9febb270a..0d8eece2c7 100644 --- a/pkg/server/datastore/sqlstore/migration.go +++ b/pkg/server/datastore/sqlstore/migration.go @@ -271,12 +271,12 @@ func migrateDB(db *gorm.DB, dbType string, disableMigration bool, log logrus.Fie // version before continuing, and fail if we're not. if codeVersion.Major > 1 { log.Error("Migration code needs updating for current release version") - return sqlError.New("current migration code not compatible with current release version") + return newSQLError("current migration code not compatible with current release version") } isNew := !db.HasTable(&Migration{}) if err := db.Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if isNew { @@ -285,12 +285,12 @@ func migrateDB(db *gorm.DB, dbType string, disableMigration bool, log logrus.Fie // ensure migrations table exists so we can check versioning in all cases if err := db.AutoMigrate(&Migration{}).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } migration := new(Migration) if err := db.Assign(Migration{}).FirstOrCreate(migration).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } schemaVersion := migration.Version @@ -300,7 +300,7 @@ func migrateDB(db *gorm.DB, dbType string, disableMigration bool, log logrus.Fie dbCodeVersion, err := getDBCodeVersion(*migration) if err != nil { log.WithError(err).Error("Error getting DB code version") - return sqlError.New("error getting DB code version: %v", err) + return newSQLError("error getting DB code version: %v", err) } log = log.WithField(telemetry.VersionInfo, dbCodeVersion.String()) @@ -316,7 +316,7 @@ func migrateDB(db *gorm.DB, dbType string, disableMigration bool, log logrus.Fie } if err := db.Model(&Migration{}).Updates(newMigration).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } } return nil @@ -325,7 +325,7 @@ func migrateDB(db *gorm.DB, dbType string, disableMigration bool, log logrus.Fie if disableMigration { if err = isDisabledMigrationAllowed(codeVersion, dbCodeVersion); err != nil { log.WithError(err).Error("Auto-migrate must be enabled") - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil } @@ -336,7 +336,7 @@ func migrateDB(db *gorm.DB, dbType string, disableMigration bool, log logrus.Fie if schemaVersion > latestSchemaVersion { if !isCompatibleCodeVersion(codeVersion, dbCodeVersion) { log.Error("Incompatible DB schema is too new for code version, upgrade SPIRE Server") - return sqlError.New("incompatible DB schema and code version") + return newSQLError("incompatible DB schema and code version") } log.Warn("DB schema is ahead of code version, upgrading SPIRE Server is recommended") return nil @@ -350,7 +350,7 @@ func migrateDB(db *gorm.DB, dbType string, disableMigration bool, log logrus.Fie for schemaVersion < latestSchemaVersion { tx := db.Begin() if err := tx.Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } schemaVersion, err = migrateVersion(tx, schemaVersion, log) if err != nil { @@ -358,7 +358,7 @@ func migrateDB(db *gorm.DB, dbType string, disableMigration bool, log logrus.Fie return err } if err := tx.Commit().Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } } @@ -401,7 +401,7 @@ func initDB(db *gorm.DB, dbType string, log logrus.FieldLogger) (err error) { log.Info("Initializing new database") tx := db.Begin() if err := tx.Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } tables := []any{ @@ -421,7 +421,7 @@ func initDB(db *gorm.DB, dbType string, log logrus.FieldLogger) (err error) { if err := tableOptionsForDialect(tx, dbType).AutoMigrate(tables...).Error; err != nil { tx.Rollback() - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if err := tx.Assign(Migration{ @@ -429,7 +429,7 @@ func initDB(db *gorm.DB, dbType string, log logrus.FieldLogger) (err error) { CodeVersion: codeVersion.String(), }).FirstOrCreate(&Migration{}).Error; err != nil { tx.Rollback() - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if err := addFederatedRegistrationEntriesRegisteredEntryIDIndex(tx); err != nil { @@ -437,7 +437,7 @@ func initDB(db *gorm.DB, dbType string, log logrus.FieldLogger) (err error) { } if err := tx.Commit().Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -461,11 +461,11 @@ func migrateVersion(tx *gorm.DB, currVersion int, log logrus.FieldLogger) (versi Version: nextVersion, CodeVersion: version.Version(), }).Error; err != nil { - return 0, sqlError.Wrap(err) + return 0, newWrappedSQLError(err) } if currVersion < lastMinorReleaseSchemaVersion { - return 0, sqlError.New("migrating from schema version %d requires a previous SPIRE release; please follow the upgrade strategy at doc/upgrading.md", currVersion) + return 0, newSQLError("migrating from schema version %d requires a previous SPIRE release; please follow the upgrade strategy at doc/upgrading.md", currVersion) } // Place all migrations handled by the current minor release here. This @@ -489,7 +489,7 @@ func migrateVersion(tx *gorm.DB, currVersion int, log logrus.FieldLogger) (versi // switch currVersion { //nolint: gocritic // No upgrade required yet, keeping switch for future additions default: - err = sqlError.New("no migration support for unknown schema version %d", currVersion) + err = newSQLError("no migration support for unknown schema version %d", currVersion) } if err != nil { return 0, err @@ -506,7 +506,7 @@ func addFederatedRegistrationEntriesRegisteredEntryIDIndex(tx *gorm.DB) error { // to introduce the index since there is no explicit struct to add tags to // so we have to manually create it. if err := tx.Table("federated_registration_entries").AddIndex("idx_federated_registration_entries_registered_entry_id", "registered_entry_id").Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil } diff --git a/pkg/server/datastore/sqlstore/migration_test.go b/pkg/server/datastore/sqlstore/migration_test.go index 2f11bade86..9c0b11f64d 100644 --- a/pkg/server/datastore/sqlstore/migration_test.go +++ b/pkg/server/datastore/sqlstore/migration_test.go @@ -95,7 +95,6 @@ func TestGetDBCodeVersion(t *testing.T) { } for _, tt := range tests { - tt := tt // alias loop variable as it is used in the closure t.Run(tt.desc, func(t *testing.T) { retVersion, err := getDBCodeVersion(tt.storedMigration) @@ -157,7 +156,6 @@ func TestIsCompatibleCodeVersion(t *testing.T) { } for _, tt := range tests { - tt := tt // alias loop variable as it is used in the closure t.Run(tt.desc, func(t *testing.T) { compatible := isCompatibleCodeVersion(tt.thisCodeVersion, tt.dbCodeVersion) @@ -184,7 +182,6 @@ func TestIsDisabledMigrationAllowed(t *testing.T) { } for _, tt := range tests { - tt := tt // alias loop variable as it is used in the closure t.Run(tt.desc, func(t *testing.T) { err := isDisabledMigrationAllowed(codeVersion, tt.dbCodeVersion) diff --git a/pkg/server/datastore/sqlstore/mysql.go b/pkg/server/datastore/sqlstore/mysql.go index 8e626330f1..a7ee2faeff 100644 --- a/pkg/server/datastore/sqlstore/mysql.go +++ b/pkg/server/datastore/sqlstore/mysql.go @@ -169,11 +169,11 @@ func hasTLSConfig(cfg *configuration) bool { func validateMySQLConfig(cfg *configuration, isReadOnly bool) error { opts, err := mysql.ParseDSN(getConnectionString(cfg, isReadOnly)) if err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if !opts.ParseTime { - return sqlError.Wrap(errors.New("invalid mysql config: missing parseTime=true param in connection_string")) + return newSQLError("invalid mysql config: missing parseTime=true param in connection_string") } return nil diff --git a/pkg/server/datastore/sqlstore/sqlite.go b/pkg/server/datastore/sqlstore/sqlite.go index a3e4ff56e2..c911f2920e 100644 --- a/pkg/server/datastore/sqlstore/sqlite.go +++ b/pkg/server/datastore/sqlstore/sqlite.go @@ -55,7 +55,7 @@ func openSQLite3(connString string) (*gorm.DB, error) { } db, err := gorm.Open("sqlite3", embellished) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return db, nil } @@ -74,7 +74,7 @@ func embellishSQLite3ConnString(connectionString string) (string, error) { u, err := url.Parse(connectionString) if err != nil { - return "", sqlError.Wrap(err) + return "", newWrappedSQLError(err) } switch { @@ -88,7 +88,7 @@ func embellishSQLite3ConnString(connectionString string) (string, error) { u.Opaque, u.Path = u.Path, "" case u.Scheme != "file": // only no scheme (i.e. file path) or file scheme is supported - return "", sqlError.New("unsupported scheme %q", u.Scheme) + return "", newSQLError("unsupported scheme %q", u.Scheme) } q := u.Query() diff --git a/pkg/server/datastore/sqlstore/sqlite_test.go b/pkg/server/datastore/sqlstore/sqlite_test.go index 439c6632ca..daec15c929 100644 --- a/pkg/server/datastore/sqlstore/sqlite_test.go +++ b/pkg/server/datastore/sqlstore/sqlite_test.go @@ -65,7 +65,6 @@ func TestEmbellishSQLite3ConnString(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { actual, err := embellishSQLite3ConnString(testCase.in) require.NoError(t, err) diff --git a/pkg/server/datastore/sqlstore/sqlstore.go b/pkg/server/datastore/sqlstore/sqlstore.go index 76c4f3ed5c..18a12bf3d7 100644 --- a/pkg/server/datastore/sqlstore/sqlstore.go +++ b/pkg/server/datastore/sqlstore/sqlstore.go @@ -30,26 +30,21 @@ import ( "github.com/spiffe/spire/pkg/server/datastore" "github.com/spiffe/spire/proto/private/server/journal" "github.com/spiffe/spire/proto/spire/common" - "github.com/zeebo/errs" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" ) -var ( - sqlError = errs.Class("datastore-sql") - validationError = errs.Class("datastore-validation") - validEntryIDChars = &unicode.RangeTable{ - R16: []unicode.Range16{ - {0x002d, 0x002e, 1}, // - | . - {0x0030, 0x0039, 1}, // [0-9] - {0x0041, 0x005a, 1}, // [A-Z] - {0x005f, 0x005f, 1}, // _ - {0x0061, 0x007a, 1}, // [a-z] - }, - LatinOffset: 5, - } -) +var validEntryIDChars = &unicode.RangeTable{ + R16: []unicode.Range16{ + {0x002d, 0x002e, 1}, // - | . + {0x0030, 0x0039, 1}, // [0-9] + {0x0041, 0x005a, 1}, // [A-Z] + {0x005f, 0x005f, 1}, // _ + {0x0061, 0x007a, 1}, // [a-z] + }, + LatinOffset: 5, +} const ( PluginName = "sql" @@ -104,7 +99,7 @@ type awsConfig struct { func (a *awsConfig) validate() error { if a.Region == "" { - return sqlError.New("region must be specified") + return newSQLError("region must be specified") } return nil } @@ -288,7 +283,7 @@ func (ds *Plugin) RevokeJWTKey(ctx context.Context, trustDoaminID string, author // CreateAttestedNode stores the given attested node func (ds *Plugin) CreateAttestedNode(ctx context.Context, node *common.AttestedNode) (attestedNode *common.AttestedNode, err error) { if node == nil { - return nil, sqlError.New("invalid request: missing attested node") + return nil, newSQLError("invalid request: missing attested node") } if err = ds.withWriteTx(ctx, func(tx *gorm.DB) (err error) { @@ -801,7 +796,7 @@ func (ds *Plugin) PruneCAJournals(ctx context.Context, allAuthoritiesExpireBefor func (ds *Plugin) pruneCAJournals(tx *gorm.DB, allAuthoritiesExpireBefore int64) error { var caJournals []CAJournal if err := tx.Find(&caJournals).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } checkAuthorities: @@ -884,7 +879,7 @@ func (ds *Plugin) openConnection(config *configuration, isReadOnly bool) error { raw := db.DB() if raw == nil { - return sqlError.New("unable to get raw database object") + return newSQLError("unable to get raw database object") } if sqlDb != nil { @@ -919,15 +914,15 @@ func (ds *Plugin) openConnection(config *configuration, isReadOnly bool) error { } func (ds *Plugin) Close() error { - var errs errs.Group + var errs error if ds.db != nil { - errs.Add(ds.db.Close()) + errs = errors.Join(errs, ds.db.Close()) } if ds.roDb != nil { - errs.Add(ds.roDb.Close()) + errs = errors.Join(errs, ds.roDb.Close()) } - return errs.Err() + return errs } // withReadModifyWriteTx wraps the operation in a transaction appropriate for @@ -987,7 +982,7 @@ func (ds *Plugin) withTx(ctx context.Context, op func(tx *gorm.DB) error, readOn tx := db.BeginTx(ctx, nil) if err := tx.Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if err := op(tx); err != nil { @@ -999,9 +994,9 @@ func (ds *Plugin) withTx(ctx context.Context, op func(tx *gorm.DB) error, readOn // rolling back makes sure that functions that are invoked with // withReadTx, and then do writes, will not pass unit tests, since the // writes won't be committed. - return sqlError.Wrap(tx.Rollback().Error) + return newWrappedSQLError(tx.Rollback().Error) } - return sqlError.Wrap(tx.Commit().Error) + return newWrappedSQLError(tx.Commit().Error) } // gormToGRPCStatus takes an error, and converts it to a GRPC error. If the @@ -1020,7 +1015,8 @@ func (ds *Plugin) gormToGRPCStatus(err error) error { } code := codes.Unknown - if validationError.Has(err) { + var vErr *validationError + if errors.As(err, &vErr) { code = codes.InvalidArgument } @@ -1050,12 +1046,12 @@ func (ds *Plugin) openDB(cfg *configuration, isReadOnly bool) (*gorm.DB, string, logger: ds.log, } default: - return nil, "", false, nil, sqlError.New("unsupported database_type: %v", cfg.databaseTypeConfig.databaseType) + return nil, "", false, nil, newSQLError("unsupported database_type: %v", cfg.databaseTypeConfig.databaseType) } db, version, supportsCTE, err := dialect.connect(cfg, isReadOnly) if err != nil { - return nil, "", false, nil, sqlError.Wrap(err) + return nil, "", false, nil, newWrappedSQLError(err) } db.SetLogger(gormLogger{ @@ -1107,7 +1103,7 @@ func createBundle(tx *gorm.DB, bundle *common.Bundle) (*common.Bundle, error) { } if err := tx.Create(model).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return bundle, nil @@ -1121,16 +1117,16 @@ func updateBundle(tx *gorm.DB, newBundle *common.Bundle, mask *common.BundleMask model := &Bundle{} if err := tx.Find(model, "trust_domain = ?", newModel.TrustDomain).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } model.Data, newBundle, err = applyBundleMask(model, newBundle, mask) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if err := tx.Save(model).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return newBundle, nil @@ -1186,7 +1182,7 @@ func setBundle(tx *gorm.DB, b *common.Bundle) (*common.Bundle, error) { } return bundle, nil } else if result.Error != nil { - return nil, sqlError.Wrap(result.Error) + return nil, newWrappedSQLError(result.Error) } bundle, err := updateBundle(tx, b, nil) @@ -1212,7 +1208,7 @@ func appendBundle(tx *gorm.DB, b *common.Bundle) (*common.Bundle, error) { } return bundle, nil } else if result.Error != nil { - return nil, sqlError.Wrap(result.Error) + return nil, newWrappedSQLError(result.Error) } // parse the bundle data and add missing elements @@ -1230,7 +1226,7 @@ func appendBundle(tx *gorm.DB, b *common.Bundle) (*common.Bundle, error) { } model.Data = newModel.Data if err := tx.Save(model).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } } @@ -1240,14 +1236,14 @@ func appendBundle(tx *gorm.DB, b *common.Bundle) (*common.Bundle, error) { func deleteBundle(tx *gorm.DB, trustDomainID string, mode datastore.DeleteMode) error { model := new(Bundle) if err := tx.Find(model, "trust_domain = ?", trustDomainID).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } // Get a count of associated registration entries entriesAssociation := tx.Model(model).Association("FederatedEntries") entriesCount := entriesAssociation.Count() if err := entriesAssociation.Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if entriesCount > 0 { @@ -1261,11 +1257,11 @@ func deleteBundle(tx *gorm.DB, trustDomainID string, mode datastore.DeleteMode) federated_registration_entries WHERE bundle_id = ?)`), model.ID).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } case datastore.Dissociate: if err := entriesAssociation.Clear().Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } default: return status.Newf(codes.FailedPrecondition, "datastore-sql: cannot delete bundle; federated with %d registration entries", entriesCount).Err() @@ -1273,7 +1269,7 @@ func deleteBundle(tx *gorm.DB, trustDomainID string, mode datastore.DeleteMode) } if err := tx.Delete(model).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -1287,7 +1283,7 @@ func fetchBundle(tx *gorm.DB, trustDomainID string) (*common.Bundle, error) { case errors.Is(err, gorm.ErrRecordNotFound): return nil, nil case err != nil: - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } bundle, err := modelToBundle(model) @@ -1304,7 +1300,7 @@ func countBundles(tx *gorm.DB) (int32, error) { var count int if err := tx.Count(&count).Error; err != nil { - return 0, sqlError.Wrap(err) + return 0, newWrappedSQLError(err) } return int32(count), nil @@ -1327,7 +1323,7 @@ func listBundles(tx *gorm.DB, req *datastore.ListBundlesRequest) (*datastore.Lis var bundles []Bundle if err := tx.Find(&bundles).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if p != nil { @@ -1343,7 +1339,6 @@ func listBundles(tx *gorm.DB, req *datastore.ListBundlesRequest) (*datastore.Lis Pagination: p, } for _, model := range bundles { - model := model // alias the loop variable since we pass it by reference below bundle, err := modelToBundle(&model) if err != nil { return nil, err @@ -1546,7 +1541,7 @@ func revokeJWTKey(tx *gorm.DB, trustDomainID string, authorityID string) (*commo func getBundle(tx *gorm.DB, trustDomainID string) (*common.Bundle, error) { model := &Bundle{} if err := tx.Find(model, "trust_domain = ?", trustDomainID).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } bundle, err := modelToBundle(model) @@ -1569,7 +1564,7 @@ func createAttestedNode(tx *gorm.DB, node *common.AttestedNode) (*common.Atteste } if err := tx.Create(&model).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToAttestedNode(model), nil @@ -1582,7 +1577,7 @@ func fetchAttestedNode(tx *gorm.DB, spiffeID string) (*common.AttestedNode, erro case errors.Is(err, gorm.ErrRecordNotFound): return nil, nil case err != nil: - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToAttestedNode(model), nil } @@ -1590,7 +1585,7 @@ func fetchAttestedNode(tx *gorm.DB, spiffeID string) (*common.AttestedNode, erro func countAttestedNodes(tx *gorm.DB) (int32, error) { var count int if err := tx.Model(&AttestedNode{}).Count(&count).Error; err != nil { - return 0, sqlError.Wrap(err) + return 0, newWrappedSQLError(err) } return int32(count), nil @@ -1705,7 +1700,7 @@ func createAttestedNodeEvent(tx *gorm.DB, event *datastore.AttestedNodeEvent) er }, SpiffeID: event.SpiffeID, }).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -1717,15 +1712,15 @@ func listAttestedNodeEvents(tx *gorm.DB, req *datastore.ListAttestedNodeEventsRe if req.GreaterThanEventID != 0 || req.LessThanEventID != 0 { query, id, err := buildListEventsQueryString(req.GreaterThanEventID, req.LessThanEventID) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if err := tx.Find(&events, query.String(), id).Order("id asc").Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } } else { if err := tx.Find(&events).Order("id asc").Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } } @@ -1742,7 +1737,7 @@ func listAttestedNodeEvents(tx *gorm.DB, req *datastore.ListAttestedNodeEventsRe func pruneAttestedNodeEvents(tx *gorm.DB, olderThan time.Duration) error { if err := tx.Where("created_at < ?", time.Now().Add(-olderThan)).Delete(&AttestedNodeEvent{}).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -1751,7 +1746,7 @@ func pruneAttestedNodeEvents(tx *gorm.DB, olderThan time.Duration) error { func fetchAttestedNodeEvent(db *sqlDB, eventID uint) (*datastore.AttestedNodeEvent, error) { event := AttestedNodeEvent{} if err := db.Find(&event, "id = ?", eventID).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return &datastore.AttestedNodeEvent{ @@ -1766,7 +1761,7 @@ func deleteAttestedNodeEvent(tx *gorm.DB, eventID uint) error { ID: eventID, }, }).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -1805,12 +1800,12 @@ func filterNodesBySelectorSet(nodes []*common.AttestedNode, selectors []*common. func listAttestedNodesOnce(ctx context.Context, db *sqlDB, req *datastore.ListAttestedNodesRequest) (*datastore.ListAttestedNodesResponse, error) { query, args, err := buildListAttestedNodesQuery(db.databaseType, db.supportsCTE, req) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } rows, err := db.QueryContext(ctx, query, args...) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } defer rows.Close() @@ -1842,7 +1837,7 @@ func listAttestedNodesOnce(ctx context.Context, db *sqlDB, req *datastore.ListAt pushNode(node) if err := rows.Err(); err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } resp := &datastore.ListAttestedNodesResponse{ @@ -1878,7 +1873,7 @@ func buildListAttestedNodesQuery(dbType string, supportsCTE bool, req *datastore } return buildListAttestedNodesQueryMySQL(req) default: - return "", nil, sqlError.New("unsupported db type: %q", dbType) + return "", nil, newSQLError("unsupported db type: %q", dbType) } } @@ -2022,7 +2017,7 @@ SELECT } builder.WriteString(query) if len(req.BySelectorMatch.Selectors) > 1 { - builder.WriteString(fmt.Sprintf(") c_%d\n", i)) + fmt.Fprintf(builder, ") c_%d\n", i) } // First subquery does not need USING(ID) if i > 0 { @@ -2041,7 +2036,7 @@ SELECT } } default: - return "", nil, errs.New("unhandled match behavior %q", req.BySelectorMatch.Match) + return "", nil, fmt.Errorf("unhandled match behavior %q", req.BySelectorMatch.Match) } // Add all selectors as arguments @@ -2206,11 +2201,11 @@ FROM attested_node_entries N builder.WriteString("\t\t\tINNER JOIN\n") builder.WriteString("\t\t\t(") builder.WriteString(query) - builder.WriteString(fmt.Sprintf(") c_%d\n", i+1)) + fmt.Fprintf(builder, ") c_%d\n", i+1) builder.WriteString("\t\t\tUSING(spiffe_id)\n") } default: - return "", nil, errs.New("unhandled match behavior %q", req.BySelectorMatch.Match) + return "", nil, fmt.Errorf("unhandled match behavior %q", req.BySelectorMatch.Match) } for _, selector := range req.BySelectorMatch.Selectors { @@ -2244,7 +2239,7 @@ FROM attested_node_entries N func updateAttestedNode(tx *gorm.DB, n *common.AttestedNode, mask *common.AttestedNodeMask) (*common.AttestedNode, error) { var model AttestedNode if err := tx.Find(&model, "spiffe_id = ?", n.SpiffeId).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if mask == nil { @@ -2268,7 +2263,7 @@ func updateAttestedNode(tx *gorm.DB, n *common.AttestedNode, mask *common.Attest updates["can_reattest"] = n.CanReattest } if err := tx.Model(&model).Updates(updates).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToAttestedNode(model), nil @@ -2282,15 +2277,15 @@ func deleteAttestedNodeAndSelectors(tx *gorm.DB, spiffeID string) (*common.Attes // batch delete all associated node selectors if err := tx.Where("spiffe_id = ?", spiffeID).Delete(&nodeSelectorModel).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if err := tx.Find(&nodeModel, "spiffe_id = ?", spiffeID).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if err := tx.Delete(&nodeModel).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToAttestedNode(nodeModel), nil @@ -2310,11 +2305,11 @@ func setNodeSelectors(tx *gorm.DB, spiffeID string, selectors []*common.Selector // gap locks on the index. var ids []int64 if err := tx.Model(&NodeSelector{}).Where("spiffe_id = ?", spiffeID).Pluck("id", &ids).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if len(ids) > 0 { if err := tx.Where("id IN (?)", ids).Delete(&NodeSelector{}).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } } @@ -2325,7 +2320,7 @@ func setNodeSelectors(tx *gorm.DB, spiffeID string, selectors []*common.Selector Value: selector.Value, } if err := tx.Create(model).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } } @@ -2336,7 +2331,7 @@ func getNodeSelectors(ctx context.Context, db *sqlDB, spiffeID string) ([]*commo query := maybeRebind(db.databaseType, "SELECT type, value FROM node_resolver_map_entries WHERE spiffe_id=? ORDER BY id") rows, err := db.QueryContext(ctx, query, spiffeID) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } defer rows.Close() @@ -2344,13 +2339,13 @@ func getNodeSelectors(ctx context.Context, db *sqlDB, spiffeID string) ([]*commo for rows.Next() { selector := new(common.Selector) if err := rows.Scan(&selector.Type, &selector.Value); err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } selectors = append(selectors, selector) } if err := rows.Err(); err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return selectors, nil @@ -2361,7 +2356,7 @@ func listNodeSelectors(ctx context.Context, db *sqlDB, req *datastore.ListNodeSe query := maybeRebind(db.databaseType, rawQuery) rows, err := db.QueryContext(ctx, query, args...) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } defer rows.Close() @@ -2403,7 +2398,7 @@ func listNodeSelectors(ctx context.Context, db *sqlDB, req *datastore.ListNodeSe push("", nil) if err := rows.Err(); err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return resp, nil @@ -2447,7 +2442,7 @@ func createRegistrationEntry(tx *gorm.DB, entry *common.RegistrationEntry) (*com } if err := tx.Create(&newRegisteredEntry).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } federatesWith, err := makeFederatesWith(tx, entry.FederatesWith) @@ -2467,7 +2462,7 @@ func createRegistrationEntry(tx *gorm.DB, entry *common.RegistrationEntry) (*com } if err := tx.Create(&newSelector).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } } @@ -2478,7 +2473,7 @@ func createRegistrationEntry(tx *gorm.DB, entry *common.RegistrationEntry) (*com } if err := tx.Create(&newDNS).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } } @@ -2493,12 +2488,12 @@ func createRegistrationEntry(tx *gorm.DB, entry *common.RegistrationEntry) (*com func fetchRegistrationEntry(ctx context.Context, db *sqlDB, entryID string) (*common.RegistrationEntry, error) { query, args, err := buildFetchRegistrationEntryQuery(db.databaseType, db.supportsCTE, entryID) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } rows, err := db.QueryContext(ctx, query, args...) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } defer rows.Close() @@ -2518,7 +2513,7 @@ func fetchRegistrationEntry(ctx context.Context, db *sqlDB, entryID string) (*co } if err := rows.Err(); err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return entry, nil @@ -2540,7 +2535,7 @@ func buildFetchRegistrationEntryQuery(dbType string, supportsCTE bool, entryID s } return buildFetchRegistrationEntryQueryMySQL(entryID) default: - return "", nil, sqlError.New("unsupported db type: %q", dbType) + return "", nil, newSQLError("unsupported db type: %q", dbType) } } @@ -2857,12 +2852,12 @@ type queryContext interface { func listRegistrationEntriesOnce(ctx context.Context, db queryContext, databaseType string, supportsCTE bool, req *datastore.ListRegistrationEntriesRequest) (*datastore.ListRegistrationEntriesResponse, error) { query, args, err := buildListRegistrationEntriesQuery(databaseType, supportsCTE, req) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } rows, err := db.QueryContext(ctx, query, args...) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } defer rows.Close() entries := make([]*common.RegistrationEntry, 0, calculateResultPreallocation(req.Pagination)) @@ -2898,7 +2893,7 @@ func listRegistrationEntriesOnce(ctx context.Context, db queryContext, databaseT pushEntry(entry) if err := rows.Err(); err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } resp := &datastore.ListRegistrationEntriesResponse{ @@ -2933,7 +2928,7 @@ func buildListRegistrationEntriesQuery(dbType string, supportsCTE bool, req *dat } return buildListRegistrationEntriesQueryMySQL(req) default: - return "", nil, sqlError.New("unsupported db type: %q", dbType) + return "", nil, newSQLError("unsupported db type: %q", dbType) } } @@ -3453,7 +3448,7 @@ func indent(builder *strings.Builder, indentation int) { case 5: builder.WriteString("\t\t\t\t\t") default: - for i := 0; i < indentation; i++ { + for range indentation { builder.WriteString("\t") } } @@ -3525,7 +3520,7 @@ func appendListRegistrationEntriesFilterQuery(filterExp string, builder *strings }) } default: - return false, nil, errs.New("unhandled selectors match behavior %q", req.BySelectors.Match) + return false, nil, fmt.Errorf("unhandled selectors match behavior %q", req.BySelectors.Match) } for _, selector := range req.BySelectors.Selectors { args = append(args, selector.Type, selector.Value) @@ -3598,7 +3593,7 @@ func appendListRegistrationEntriesFilterQuery(filterExp string, builder *strings args = append(args, len(trustDomains)) default: - return false, nil, errs.New("unhandled federates with match behavior %q", req.ByFederatesWith.Match) + return false, nil, fmt.Errorf("unhandled federates with match behavior %q", req.ByFederatesWith.Match) } root.children = append(root.children, filterNode) } @@ -3689,7 +3684,7 @@ type nodeRow struct { } func scanNodeRow(rs *sql.Rows, r *nodeRow) error { - return sqlError.Wrap(rs.Scan( + return newWrappedSQLError(rs.Scan( &r.EId, &r.SpiffeID, &r.DataType, @@ -3730,7 +3725,7 @@ func fillNodeFromRow(node *common.AttestedNode, r *nodeRow) error { if r.SelectorType.Valid { if !r.SelectorValue.Valid { - return sqlError.New("expected non-nil selector.value value for attested node %s", node.SpiffeId) + return newSQLError("expected non-nil selector.value value for attested node %s", node.SpiffeId) } node.Selectors = append(node.Selectors, &common.Selector{ Type: r.SelectorType.String, @@ -3752,7 +3747,7 @@ type nodeSelectorRow struct { } func scanNodeSelectorRow(rs *sql.Rows, r *nodeSelectorRow) error { - return sqlError.Wrap(rs.Scan( + return newWrappedSQLError(rs.Scan( &r.SpiffeID, &r.Type, &r.Value, @@ -3792,7 +3787,7 @@ type entryRow struct { } func scanEntryRow(rs *sql.Rows, r *entryRow) error { - return sqlError.Wrap(rs.Scan( + return newWrappedSQLError(rs.Scan( &r.EId, &r.EntryID, &r.SpiffeID, @@ -3842,7 +3837,7 @@ func fillEntryFromRow(entry *common.RegistrationEntry, r *entryRow) error { } if r.SelectorType.Valid { if !r.SelectorValue.Valid { - return sqlError.New("expected non-nil selector.value value for entry id %s", entry.EntryId) + return newSQLError("expected non-nil selector.value value for entry id %s", entry.EntryId) } entry.Selectors = append(entry.Selectors, &common.Selector{ Type: r.SelectorType.String, @@ -3896,7 +3891,7 @@ func updateRegistrationEntry(tx *gorm.DB, e *common.RegistrationEntry, mask *com // Get the existing entry entry := RegisteredEntry{} if err := tx.Find(&entry, "entry_id = ?", e.EntryId).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if mask == nil || mask.StoreSvid { entry.StoreSvid = e.StoreSvid @@ -3904,7 +3899,7 @@ func updateRegistrationEntry(tx *gorm.DB, e *common.RegistrationEntry, mask *com if mask == nil || mask.Selectors { // Delete existing selectors - we will write new ones if err := tx.Exec("DELETE FROM selectors WHERE registered_entry_id = ?", entry.ID).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } selectors := []Selector{} @@ -3921,13 +3916,13 @@ func updateRegistrationEntry(tx *gorm.DB, e *common.RegistrationEntry, mask *com // Verify that final selectors contains the same 'type' when entry is used for store SVIDs if entry.StoreSvid && !equalSelectorTypes(entry.Selectors) { - return nil, validationError.New("invalid registration entry: selector types must be the same when store SVID is enabled") + return nil, newValidationError("invalid registration entry: selector types must be the same when store SVID is enabled") } if mask == nil || mask.DnsNames { // Delete existing DNSs - we will write new ones if err := tx.Exec("DELETE FROM dns_names WHERE registered_entry_id = ?", entry.ID).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } dnsList := []DNSName{} @@ -3970,7 +3965,7 @@ func updateRegistrationEntry(tx *gorm.DB, e *common.RegistrationEntry, mask *com entry.RevisionNumber++ if err := tx.Save(&entry).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if mask == nil || mask.FederatesWith { @@ -3996,7 +3991,7 @@ func updateRegistrationEntry(tx *gorm.DB, e *common.RegistrationEntry, mask *com func deleteRegistrationEntry(tx *gorm.DB, entryID string) (*common.RegistrationEntry, error) { entry := RegisteredEntry{} if err := tx.Find(&entry, "entry_id = ?", entryID).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } registrationEntry, err := modelToEntry(tx, entry) @@ -4018,17 +4013,17 @@ func deleteRegistrationEntrySupport(tx *gorm.DB, entry RegisteredEntry) error { } if err := tx.Delete(&entry).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } // Delete existing selectors if err := tx.Exec("DELETE FROM selectors WHERE registered_entry_id = ?", entry.ID).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } // Delete existing dns_names if err := tx.Exec("DELETE FROM dns_names WHERE registered_entry_id = ?", entry.ID).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -4066,7 +4061,7 @@ func createRegistrationEntryEvent(tx *gorm.DB, event *datastore.RegistrationEntr }, EntryID: event.EntryID, }).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -4075,7 +4070,7 @@ func createRegistrationEntryEvent(tx *gorm.DB, event *datastore.RegistrationEntr func fetchRegistrationEntryEvent(db *sqlDB, eventID uint) (*datastore.RegistrationEntryEvent, error) { event := RegisteredEntryEvent{} if err := db.Find(&event, "id = ?", eventID).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return &datastore.RegistrationEntryEvent{ @@ -4090,7 +4085,7 @@ func deleteRegistrationEntryEvent(tx *gorm.DB, eventID uint) error { ID: eventID, }, }).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -4102,15 +4097,15 @@ func listRegistrationEntryEvents(tx *gorm.DB, req *datastore.ListRegistrationEnt if req.GreaterThanEventID != 0 || req.LessThanEventID != 0 { query, id, err := buildListEventsQueryString(req.GreaterThanEventID, req.LessThanEventID) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if err := tx.Find(&events, query.String(), id).Order("id asc").Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } } else { if err := tx.Find(&events).Order("id asc").Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } } @@ -4127,7 +4122,7 @@ func listRegistrationEntryEvents(tx *gorm.DB, req *datastore.ListRegistrationEnt func pruneRegistrationEntryEvents(tx *gorm.DB, olderThan time.Duration) error { if err := tx.Where("created_at < ?", time.Now().Add(-olderThan)).Delete(&RegisteredEntryEvent{}).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -4160,7 +4155,7 @@ func createJoinToken(tx *gorm.DB, token *datastore.JoinToken) error { } if err := tx.Create(&t).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -4172,7 +4167,7 @@ func fetchJoinToken(tx *gorm.DB, token string) (*datastore.JoinToken, error) { if errors.Is(err, gorm.ErrRecordNotFound) { return nil, nil } else if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToJoinToken(model), nil @@ -4181,11 +4176,11 @@ func fetchJoinToken(tx *gorm.DB, token string) (*datastore.JoinToken, error) { func deleteJoinToken(tx *gorm.DB, token string) error { var model JoinToken if err := tx.Find(&model, "token = ?", token).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if err := tx.Delete(&model).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -4193,7 +4188,7 @@ func deleteJoinToken(tx *gorm.DB, token string) error { func pruneJoinTokens(tx *gorm.DB, expiresBefore time.Time) error { if err := tx.Where("expiry < ?", expiresBefore.Unix()).Delete(&JoinToken{}).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil @@ -4219,7 +4214,7 @@ func createFederationRelationship(tx *gorm.DB, fr *datastore.FederationRelations } if err := tx.Create(&model).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return fr, nil @@ -4228,10 +4223,10 @@ func createFederationRelationship(tx *gorm.DB, fr *datastore.FederationRelations func deleteFederationRelationship(tx *gorm.DB, trustDomain spiffeid.TrustDomain) error { model := new(FederatedTrustDomain) if err := tx.Find(model, "trust_domain = ?", trustDomain.Name()).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if err := tx.Delete(model).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil } @@ -4243,7 +4238,7 @@ func fetchFederationRelationship(tx *gorm.DB, trustDomain spiffeid.TrustDomain) case errors.Is(err, gorm.ErrRecordNotFound): return nil, nil case err != nil: - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToFederationRelationship(tx, &model) @@ -4266,7 +4261,7 @@ func listFederationRelationships(tx *gorm.DB, req *datastore.ListFederationRelat var federationRelationships []FederatedTrustDomain if err := tx.Find(&federationRelationships).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } if p != nil { @@ -4283,7 +4278,6 @@ func listFederationRelationships(tx *gorm.DB, req *datastore.ListFederationRelat FederationRelationships: []*datastore.FederationRelationship{}, } for _, model := range federationRelationships { - model := model // alias the loop variable since we pass it by reference below federationRelationship, err := modelToFederationRelationship(tx, &model) if err != nil { return nil, err @@ -4323,7 +4317,7 @@ func updateFederationRelationship(tx *gorm.DB, fr *datastore.FederationRelations } if err := tx.Save(&model).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToFederationRelationship(tx, &model) @@ -4365,7 +4359,7 @@ func modelToFederationRelationship(tx *gorm.DB, model *FederatedTrustDomain) (*d td, err := spiffeid.TrustDomainFromString(model.TrustDomain) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } fr := &datastore.FederationRelationship{ @@ -4400,7 +4394,7 @@ func modelToFederationRelationship(tx *gorm.DB, model *FederatedTrustDomain) (*d func modelToBundle(model *Bundle) (*common.Bundle, error) { bundle := new(common.Bundle) if err := proto.Unmarshal(model.Data, bundle); err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return bundle, nil @@ -4408,11 +4402,11 @@ func modelToBundle(model *Bundle) (*common.Bundle, error) { func validateRegistrationEntry(entry *common.RegistrationEntry) error { if entry == nil { - return validationError.New("invalid request: missing registered entry") + return newValidationError("invalid request: missing registered entry") } if len(entry.Selectors) == 0 { - return validationError.New("invalid registration entry: missing selector list") + return newValidationError("invalid registration entry: missing selector list") } // In case of StoreSvid is set, all entries 'must' be the same type, @@ -4423,31 +4417,31 @@ func validateRegistrationEntry(entry *common.RegistrationEntry) error { tpe := entry.Selectors[0].Type for _, t := range entry.Selectors { if tpe != t.Type { - return validationError.New("invalid registration entry: selector types must be the same when store SVID is enabled") + return newValidationError("invalid registration entry: selector types must be the same when store SVID is enabled") } } } if len(entry.EntryId) > 255 { - return validationError.New("invalid registration entry: entry ID too long") + return newValidationError("invalid registration entry: entry ID too long") } for _, e := range entry.EntryId { if !unicode.In(e, validEntryIDChars) { - return validationError.New("invalid registration entry: entry ID contains invalid characters") + return newValidationError("invalid registration entry: entry ID contains invalid characters") } } if len(entry.SpiffeId) == 0 { - return validationError.New("invalid registration entry: missing SPIFFE ID") + return newValidationError("invalid registration entry: missing SPIFFE ID") } if entry.X509SvidTtl < 0 { - return validationError.New("invalid registration entry: X509SvidTtl is not set") + return newValidationError("invalid registration entry: X509SvidTtl is not set") } if entry.JwtSvidTtl < 0 { - return validationError.New("invalid registration entry: JwtSvidTtl is not set") + return newValidationError("invalid registration entry: JwtSvidTtl is not set") } return nil @@ -4469,26 +4463,26 @@ func equalSelectorTypes(selectors []Selector) bool { func validateRegistrationEntryForUpdate(entry *common.RegistrationEntry, mask *common.RegistrationEntryMask) error { if entry == nil { - return validationError.New("invalid request: missing registered entry") + return newValidationError("invalid request: missing registered entry") } if (mask == nil || mask.Selectors) && len(entry.Selectors) == 0 { - return validationError.New("invalid registration entry: missing selector list") + return newValidationError("invalid registration entry: missing selector list") } if (mask == nil || mask.SpiffeId) && entry.SpiffeId == "" { - return validationError.New("invalid registration entry: missing SPIFFE ID") + return newValidationError("invalid registration entry: missing SPIFFE ID") } if (mask == nil || mask.X509SvidTtl) && (entry.X509SvidTtl < 0) { - return validationError.New("invalid registration entry: X509SvidTtl is not set") + return newValidationError("invalid registration entry: X509SvidTtl is not set") } if (mask == nil || mask.JwtSvidTtl) && (entry.JwtSvidTtl < 0) { - return validationError.New("invalid registration entry: JwtSvidTtl is not set") + return newValidationError("invalid registration entry: JwtSvidTtl is not set") } return nil @@ -4498,11 +4492,11 @@ func validateRegistrationEntryForUpdate(entry *common.RegistrationEntry, mask *c // performs validation, and fully parses certificates to form CACert embedded models. func bundleToModel(pb *common.Bundle) (*Bundle, error) { if pb == nil { - return nil, sqlError.New("missing bundle in request") + return nil, newSQLError("missing bundle in request") } data, err := proto.Marshal(pb) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return &Bundle{ @@ -4514,7 +4508,7 @@ func bundleToModel(pb *common.Bundle) (*Bundle, error) { func modelToEntry(tx *gorm.DB, model RegisteredEntry) (*common.RegistrationEntry, error) { var fetchedSelectors []*Selector if err := tx.Model(&model).Related(&fetchedSelectors).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } selectors := make([]*common.Selector, 0, len(fetchedSelectors)) @@ -4527,7 +4521,7 @@ func modelToEntry(tx *gorm.DB, model RegisteredEntry) (*common.RegistrationEntry var fetchedDNSs []*DNSName if err := tx.Model(&model).Related(&fetchedDNSs).Order("registered_entry_id ASC").Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } var dnsList []string @@ -4540,7 +4534,7 @@ func modelToEntry(tx *gorm.DB, model RegisteredEntry) (*common.RegistrationEntry var fetchedBundles []*Bundle if err := tx.Model(&model).Association("FederatesWith").Find(&fetchedBundles).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } var federatesWith []string @@ -4655,11 +4649,11 @@ func bindVarsFn(fn func(int) string, query string) string { func (cfg *configuration) Validate() error { if cfg.databaseTypeConfig.databaseType == "" { - return sqlError.New("database_type must be set") + return newSQLError("database_type must be set") } if cfg.ConnectionString == "" { - return sqlError.New("connection_string must be set") + return newSQLError("connection_string must be set") } if isMySQLDbType(cfg.databaseTypeConfig.databaseType) { @@ -4701,12 +4695,12 @@ func getConnectionString(cfg *configuration, isReadOnly bool) string { func queryVersion(gormDB *gorm.DB, query string) (string, error) { db := gormDB.DB() if db == nil { - return "", sqlError.New("unable to get raw database object") + return "", newSQLError("unable to get raw database object") } var version string if err := db.QueryRow(query).Scan(&version); err != nil { - return "", sqlError.Wrap(err) + return "", newWrappedSQLError(err) } return version, nil } @@ -4762,7 +4756,7 @@ func createCAJournal(tx *gorm.DB, caJournal *datastore.CAJournal) (*datastore.CA } if err := tx.Create(&model).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToCAJournal(model), nil @@ -4775,7 +4769,7 @@ func fetchCAJournal(tx *gorm.DB, activeX509AuthorityID string) (*datastore.CAJou case errors.Is(err, gorm.ErrRecordNotFound): return nil, nil case err != nil: - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToCAJournal(model), nil @@ -4783,12 +4777,11 @@ func fetchCAJournal(tx *gorm.DB, activeX509AuthorityID string) (*datastore.CAJou func listCAJournalsForTesting(tx *gorm.DB) (caJournals []*datastore.CAJournal, err error) { var caJournalsModel []CAJournal - if err := tx.Find(&caJournals).Error; err != nil { - return nil, sqlError.Wrap(err) + if err := tx.Find(&caJournalsModel).Error; err != nil { + return nil, newWrappedSQLError(err) } for _, model := range caJournalsModel { - model := model // alias the loop variable since we pass it by reference below caJournals = append(caJournals, modelToCAJournal(model)) } return caJournals, nil @@ -4797,14 +4790,14 @@ func listCAJournalsForTesting(tx *gorm.DB) (caJournals []*datastore.CAJournal, e func updateCAJournal(tx *gorm.DB, caJournal *datastore.CAJournal) (*datastore.CAJournal, error) { var model CAJournal if err := tx.Find(&model, "id = ?", caJournal.ID).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } model.ActiveX509AuthorityID = caJournal.ActiveX509AuthorityID model.Data = caJournal.Data if err := tx.Save(&model).Error; err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } return modelToCAJournal(model), nil @@ -4821,10 +4814,10 @@ func validateCAJournal(caJournal *datastore.CAJournal) error { func deleteCAJournal(tx *gorm.DB, caJournalID uint) error { model := new(CAJournal) if err := tx.Find(model, "id = ?", caJournalID).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } if err := tx.Delete(model).Error; err != nil { - return sqlError.Wrap(err) + return newWrappedSQLError(err) } return nil } diff --git a/pkg/server/datastore/sqlstore/sqlstore_test.go b/pkg/server/datastore/sqlstore/sqlstore_test.go index e0d11ab020..270be92a35 100644 --- a/pkg/server/datastore/sqlstore/sqlstore_test.go +++ b/pkg/server/datastore/sqlstore/sqlstore_test.go @@ -421,7 +421,8 @@ func (s *PluginSuite) TestListBundlesWithPagination() { PageSize: 2, }, expectedList: []*common.Bundle{bundle1, bundle2}, - expectedPagination: &datastore.Pagination{Token: "2", + expectedPagination: &datastore.Pagination{ + Token: "2", PageSize: 2, }, }, @@ -463,7 +464,6 @@ func (s *PluginSuite) TestListBundlesWithPagination() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { resp, err := s.ds.ListBundles(ctx, &datastore.ListBundlesRequest{ Pagination: test.pagination, @@ -1180,7 +1180,6 @@ func (s *PluginSuite) TestListAttestedNodes() { byCanReattest: &canReattestFalse, }, } { - tt := tt for _, withPagination := range []bool{true, false} { for _, withSelectors := range []bool{true, false} { name := tt.test @@ -1390,7 +1389,6 @@ func (s *PluginSuite) TestUpdateAttestedNode() { }, }, } { - tt := tt s.T().Run(tt.name, func(t *testing.T) { s.ds = s.newPlugin() defer s.ds.Close() @@ -1726,7 +1724,7 @@ func (s *PluginSuite) TestListNodeSelectors() { const attestationDataType = "fake_nodeattestor" nonExpiredAttNodes := make([]*common.AttestedNode, numNonExpiredAttNodes) now := time.Now() - for i := 0; i < numNonExpiredAttNodes; i++ { + for i := range numNonExpiredAttNodes { nonExpiredAttNodes[i] = &common.AttestedNode{ SpiffeId: fmt.Sprintf("spiffe://example.org/non-expired-node-%d", i), AttestationDataType: attestationDataType, @@ -1739,7 +1737,7 @@ func (s *PluginSuite) TestListNodeSelectors() { const numExpiredAttNodes = 2 expiredAttNodes := make([]*common.AttestedNode, numExpiredAttNodes) - for i := 0; i < numExpiredAttNodes; i++ { + for i := range numExpiredAttNodes { expiredAttNodes[i] = &common.AttestedNode{ SpiffeId: fmt.Sprintf("spiffe://example.org/expired-node-%d", i), AttestationDataType: attestationDataType, @@ -1770,7 +1768,7 @@ func (s *PluginSuite) TestListNodeSelectors() { } nonExpiredSelectorsMap := make(map[string][]*common.Selector, numNonExpiredAttNodes) - for i := 0; i < numNonExpiredAttNodes; i++ { + for i := range numNonExpiredAttNodes { spiffeID := nonExpiredAttNodes[i].SpiffeId nonExpiredSelectorsMap[spiffeID] = selectorMap[spiffeID] } @@ -1824,10 +1822,10 @@ func (s *PluginSuite) TestSetNodeSelectorsUnderLoad() { resultCh := make(chan error, numWorkers) nextID := int32(0) - for i := 0; i < numWorkers; i++ { + for range numWorkers { go func() { id := fmt.Sprintf("ID%d", atomic.AddInt32(&nextID, 1)) - for j := 0; j < 10; j++ { + for range 10 { err := s.ds.SetNodeSelectors(ctx, id, selectors) if err != nil { resultCh <- err @@ -1837,7 +1835,7 @@ func (s *PluginSuite) TestSetNodeSelectorsUnderLoad() { }() } - for i := 0; i < numWorkers; i++ { + for range numWorkers { s.Require().NoError(<-resultCh) } } @@ -2076,7 +2074,6 @@ func (s *PluginSuite) TestFetchRegistrationEntry() { }, }, } { - tt := tt s.T().Run(tt.name, func(t *testing.T) { createdEntry, err := s.ds.CreateRegistrationEntry(ctx, tt.entry) s.Require().NoError(err) @@ -2149,7 +2146,6 @@ func (s *PluginSuite) TestPruneRegistrationEntries() { }, }, } { - tt := tt s.T().Run(tt.name, func(t *testing.T) { // Get latest event id resp, err := s.ds.ListRegistrationEntryEvents(ctx, &datastore.ListRegistrationEntryEventsRequest{}) @@ -2812,7 +2808,6 @@ func (s *PluginSuite) testListRegistrationEntries(dataConsistency datastore.Data expectPagedEntriesOut: [][]*common.RegistrationEntry{{foobarAD12}, {}}, }, } { - tt := tt for _, withPagination := range []bool{true, false} { name := tt.test if withPagination { @@ -2858,8 +2853,8 @@ func (s *PluginSuite) testListRegistrationEntries(dataConsistency datastore.Data } var tokensIn []string - var actualEntriesOut = make(map[string]*common.RegistrationEntry) - var expectedEntriesOut = make(map[string]*common.RegistrationEntry) + actualEntriesOut := make(map[string]*common.RegistrationEntry) + expectedEntriesOut := make(map[string]*common.RegistrationEntry) req := &datastore.ListRegistrationEntriesRequest{ Pagination: pagination, ByParentID: tt.byParentID, @@ -3095,111 +3090,160 @@ func (s *PluginSuite) TestUpdateRegistrationEntryWithMask() { result func(*common.RegistrationEntry) err error }{ // SPIFFE ID FIELD -- this field is validated so we check with good and bad data - {name: "Update Spiffe ID, Good Data, Mask True", + { + name: "Update Spiffe ID, Good Data, Mask True", mask: &common.RegistrationEntryMask{SpiffeId: true}, update: func(e *common.RegistrationEntry) { e.SpiffeId = newEntry.SpiffeId }, - result: func(e *common.RegistrationEntry) { e.SpiffeId = newEntry.SpiffeId }}, - {name: "Update Spiffe ID, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.SpiffeId = newEntry.SpiffeId }, + }, + { + name: "Update Spiffe ID, Good Data, Mask False", mask: &common.RegistrationEntryMask{SpiffeId: false}, update: func(e *common.RegistrationEntry) { e.SpiffeId = newEntry.SpiffeId }, - result: func(e *common.RegistrationEntry) {}}, - {name: "Update Spiffe ID, Bad Data, Mask True", + result: func(e *common.RegistrationEntry) {}, + }, + { + name: "Update Spiffe ID, Bad Data, Mask True", mask: &common.RegistrationEntryMask{SpiffeId: true}, update: func(e *common.RegistrationEntry) { e.SpiffeId = badEntry.SpiffeId }, - err: errors.New("invalid registration entry: missing SPIFFE ID")}, - {name: "Update Spiffe ID, Bad Data, Mask False", + err: errors.New("invalid registration entry: missing SPIFFE ID"), + }, + { + name: "Update Spiffe ID, Bad Data, Mask False", mask: &common.RegistrationEntryMask{SpiffeId: false}, update: func(e *common.RegistrationEntry) { e.SpiffeId = badEntry.SpiffeId }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // PARENT ID FIELD -- This field isn't validated so we just check with good data - {name: "Update Parent ID, Good Data, Mask True", + { + name: "Update Parent ID, Good Data, Mask True", mask: &common.RegistrationEntryMask{ParentId: true}, update: func(e *common.RegistrationEntry) { e.ParentId = newEntry.ParentId }, - result: func(e *common.RegistrationEntry) { e.ParentId = newEntry.ParentId }}, - {name: "Update Parent ID, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.ParentId = newEntry.ParentId }, + }, + { + name: "Update Parent ID, Good Data, Mask False", mask: &common.RegistrationEntryMask{ParentId: false}, update: func(e *common.RegistrationEntry) { e.ParentId = newEntry.ParentId }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // X509 SVID TTL FIELD -- This field is validated so we check with good and bad data - {name: "Update X509 SVID TTL, Good Data, Mask True", + { + name: "Update X509 SVID TTL, Good Data, Mask True", mask: &common.RegistrationEntryMask{X509SvidTtl: true}, update: func(e *common.RegistrationEntry) { e.X509SvidTtl = newEntry.X509SvidTtl }, - result: func(e *common.RegistrationEntry) { e.X509SvidTtl = newEntry.X509SvidTtl }}, - {name: "Update X509 SVID TTL, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.X509SvidTtl = newEntry.X509SvidTtl }, + }, + { + name: "Update X509 SVID TTL, Good Data, Mask False", mask: &common.RegistrationEntryMask{X509SvidTtl: false}, update: func(e *common.RegistrationEntry) { e.X509SvidTtl = badEntry.X509SvidTtl }, - result: func(e *common.RegistrationEntry) {}}, - {name: "Update X509 SVID TTL, Bad Data, Mask True", + result: func(e *common.RegistrationEntry) {}, + }, + { + name: "Update X509 SVID TTL, Bad Data, Mask True", mask: &common.RegistrationEntryMask{X509SvidTtl: true}, update: func(e *common.RegistrationEntry) { e.X509SvidTtl = badEntry.X509SvidTtl }, - err: errors.New("invalid registration entry: X509SvidTtl is not set")}, - {name: "Update X509 SVID TTL, Bad Data, Mask False", + err: errors.New("invalid registration entry: X509SvidTtl is not set"), + }, + { + name: "Update X509 SVID TTL, Bad Data, Mask False", mask: &common.RegistrationEntryMask{X509SvidTtl: false}, update: func(e *common.RegistrationEntry) { e.X509SvidTtl = badEntry.X509SvidTtl }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // JWT SVID TTL FIELD -- This field is validated so we check with good and bad data - {name: "Update JWT SVID TTL, Good Data, Mask True", + { + name: "Update JWT SVID TTL, Good Data, Mask True", mask: &common.RegistrationEntryMask{JwtSvidTtl: true}, update: func(e *common.RegistrationEntry) { e.JwtSvidTtl = newEntry.JwtSvidTtl }, - result: func(e *common.RegistrationEntry) { e.JwtSvidTtl = newEntry.JwtSvidTtl }}, - {name: "Update JWT SVID TTL, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.JwtSvidTtl = newEntry.JwtSvidTtl }, + }, + { + name: "Update JWT SVID TTL, Good Data, Mask False", mask: &common.RegistrationEntryMask{JwtSvidTtl: false}, update: func(e *common.RegistrationEntry) { e.JwtSvidTtl = badEntry.JwtSvidTtl }, - result: func(e *common.RegistrationEntry) {}}, - {name: "Update JWT SVID TTL, Bad Data, Mask True", + result: func(e *common.RegistrationEntry) {}, + }, + { + name: "Update JWT SVID TTL, Bad Data, Mask True", mask: &common.RegistrationEntryMask{JwtSvidTtl: true}, update: func(e *common.RegistrationEntry) { e.JwtSvidTtl = badEntry.JwtSvidTtl }, - err: errors.New("invalid registration entry: JwtSvidTtl is not set")}, - {name: "Update JWT SVID TTL, Bad Data, Mask False", + err: errors.New("invalid registration entry: JwtSvidTtl is not set"), + }, + { + name: "Update JWT SVID TTL, Bad Data, Mask False", mask: &common.RegistrationEntryMask{JwtSvidTtl: false}, update: func(e *common.RegistrationEntry) { e.JwtSvidTtl = badEntry.JwtSvidTtl }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // SELECTORS FIELD -- This field is validated so we check with good and bad data - {name: "Update Selectors, Good Data, Mask True", + { + name: "Update Selectors, Good Data, Mask True", mask: &common.RegistrationEntryMask{Selectors: true}, update: func(e *common.RegistrationEntry) { e.Selectors = newEntry.Selectors }, - result: func(e *common.RegistrationEntry) { e.Selectors = newEntry.Selectors }}, - {name: "Update Selectors, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.Selectors = newEntry.Selectors }, + }, + { + name: "Update Selectors, Good Data, Mask False", mask: &common.RegistrationEntryMask{Selectors: false}, update: func(e *common.RegistrationEntry) { e.Selectors = badEntry.Selectors }, - result: func(e *common.RegistrationEntry) {}}, - {name: "Update Selectors, Bad Data, Mask True", + result: func(e *common.RegistrationEntry) {}, + }, + { + name: "Update Selectors, Bad Data, Mask True", mask: &common.RegistrationEntryMask{Selectors: true}, update: func(e *common.RegistrationEntry) { e.Selectors = badEntry.Selectors }, - err: errors.New("invalid registration entry: missing selector list")}, - {name: "Update Selectors, Bad Data, Mask False", + err: errors.New("invalid registration entry: missing selector list"), + }, + { + name: "Update Selectors, Bad Data, Mask False", mask: &common.RegistrationEntryMask{Selectors: false}, update: func(e *common.RegistrationEntry) { e.Selectors = badEntry.Selectors }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // FEDERATESWITH FIELD -- This field isn't validated so we just check with good data - {name: "Update FederatesWith, Good Data, Mask True", + { + name: "Update FederatesWith, Good Data, Mask True", mask: &common.RegistrationEntryMask{FederatesWith: true}, update: func(e *common.RegistrationEntry) { e.FederatesWith = newEntry.FederatesWith }, - result: func(e *common.RegistrationEntry) { e.FederatesWith = newEntry.FederatesWith }}, - {name: "Update FederatesWith Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.FederatesWith = newEntry.FederatesWith }, + }, + { + name: "Update FederatesWith Good Data, Mask False", mask: &common.RegistrationEntryMask{FederatesWith: false}, update: func(e *common.RegistrationEntry) { e.FederatesWith = newEntry.FederatesWith }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // ADMIN FIELD -- This field isn't validated so we just check with good data - {name: "Update Admin, Good Data, Mask True", + { + name: "Update Admin, Good Data, Mask True", mask: &common.RegistrationEntryMask{Admin: true}, update: func(e *common.RegistrationEntry) { e.Admin = newEntry.Admin }, - result: func(e *common.RegistrationEntry) { e.Admin = newEntry.Admin }}, - {name: "Update Admin, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.Admin = newEntry.Admin }, + }, + { + name: "Update Admin, Good Data, Mask False", mask: &common.RegistrationEntryMask{Admin: false}, update: func(e *common.RegistrationEntry) { e.Admin = newEntry.Admin }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // STORESVID FIELD -- This field isn't validated so we just check with good data - {name: "Update StoreSvid, Good Data, Mask True", + { + name: "Update StoreSvid, Good Data, Mask True", mask: &common.RegistrationEntryMask{StoreSvid: true}, update: func(e *common.RegistrationEntry) { e.StoreSvid = newEntry.StoreSvid }, - result: func(e *common.RegistrationEntry) { e.StoreSvid = newEntry.StoreSvid }}, - {name: "Update StoreSvid, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.StoreSvid = newEntry.StoreSvid }, + }, + { + name: "Update StoreSvid, Good Data, Mask False", mask: &common.RegistrationEntryMask{Admin: false}, update: func(e *common.RegistrationEntry) { e.StoreSvid = newEntry.StoreSvid }, - result: func(e *common.RegistrationEntry) {}}, - {name: "Update StoreSvid, Invalid selectors, Mask True", + result: func(e *common.RegistrationEntry) {}, + }, + { + name: "Update StoreSvid, Invalid selectors, Mask True", mask: &common.RegistrationEntryMask{StoreSvid: true, Selectors: true}, update: func(e *common.RegistrationEntry) { e.StoreSvid = newEntry.StoreSvid @@ -3208,50 +3252,68 @@ func (s *PluginSuite) TestUpdateRegistrationEntryWithMask() { {Type: "Type2", Value: "Value2"}, } }, - err: validationError.New("invalid registration entry: selector types must be the same when store SVID is enabled"), + err: newValidationError("invalid registration entry: selector types must be the same when store SVID is enabled"), }, // ENTRYEXPIRY FIELD -- This field isn't validated so we just check with good data - {name: "Update EntryExpiry, Good Data, Mask True", + { + name: "Update EntryExpiry, Good Data, Mask True", mask: &common.RegistrationEntryMask{EntryExpiry: true}, update: func(e *common.RegistrationEntry) { e.EntryExpiry = newEntry.EntryExpiry }, - result: func(e *common.RegistrationEntry) { e.EntryExpiry = newEntry.EntryExpiry }}, - {name: "Update EntryExpiry, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.EntryExpiry = newEntry.EntryExpiry }, + }, + { + name: "Update EntryExpiry, Good Data, Mask False", mask: &common.RegistrationEntryMask{EntryExpiry: false}, update: func(e *common.RegistrationEntry) { e.EntryExpiry = newEntry.EntryExpiry }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // DNSNAMES FIELD -- This field isn't validated so we just check with good data - {name: "Update DnsNames, Good Data, Mask True", + { + name: "Update DnsNames, Good Data, Mask True", mask: &common.RegistrationEntryMask{DnsNames: true}, update: func(e *common.RegistrationEntry) { e.DnsNames = newEntry.DnsNames }, - result: func(e *common.RegistrationEntry) { e.DnsNames = newEntry.DnsNames }}, - {name: "Update DnsNames, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.DnsNames = newEntry.DnsNames }, + }, + { + name: "Update DnsNames, Good Data, Mask False", mask: &common.RegistrationEntryMask{DnsNames: false}, update: func(e *common.RegistrationEntry) { e.DnsNames = newEntry.DnsNames }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // DOWNSTREAM FIELD -- This field isn't validated so we just check with good data - {name: "Update DnsNames, Good Data, Mask True", + { + name: "Update DnsNames, Good Data, Mask True", mask: &common.RegistrationEntryMask{Downstream: true}, update: func(e *common.RegistrationEntry) { e.Downstream = newEntry.Downstream }, - result: func(e *common.RegistrationEntry) { e.Downstream = newEntry.Downstream }}, - {name: "Update DnsNames, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.Downstream = newEntry.Downstream }, + }, + { + name: "Update DnsNames, Good Data, Mask False", mask: &common.RegistrationEntryMask{Downstream: false}, update: func(e *common.RegistrationEntry) { e.Downstream = newEntry.Downstream }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // HINT -- This field isn't validated so we just check with good data - {name: "Update Hint, Good Data, Mask True", + { + name: "Update Hint, Good Data, Mask True", mask: &common.RegistrationEntryMask{Hint: true}, update: func(e *common.RegistrationEntry) { e.Hint = newEntry.Hint }, - result: func(e *common.RegistrationEntry) { e.Hint = newEntry.Hint }}, - {name: "Update Hint, Good Data, Mask False", + result: func(e *common.RegistrationEntry) { e.Hint = newEntry.Hint }, + }, + { + name: "Update Hint, Good Data, Mask False", mask: &common.RegistrationEntryMask{Hint: false}, update: func(e *common.RegistrationEntry) { e.Hint = newEntry.Hint }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, // This should update all fields - {name: "Test With Nil Mask", + { + name: "Test With Nil Mask", mask: nil, update: func(e *common.RegistrationEntry) { proto.Merge(e, oldEntry) }, - result: func(e *common.RegistrationEntry) {}}, + result: func(e *common.RegistrationEntry) {}, + }, } { tt := testcase s.Run(tt.name, func() { @@ -3350,7 +3412,6 @@ func (s *PluginSuite) TestListParentIDEntries() { expectedList []*common.RegistrationEntry }{ { - name: "test_parentID_found", registrationEntries: allEntries, parentID: "spiffe://parent", @@ -3364,7 +3425,6 @@ func (s *PluginSuite) TestListParentIDEntries() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { ds := s.newPlugin() defer ds.Close() @@ -3414,7 +3474,6 @@ func (s *PluginSuite) TestListSelectorEntries() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { ds := s.newPlugin() defer ds.Close() @@ -3471,7 +3530,6 @@ func (s *PluginSuite) TestListEntriesBySelectorSubset() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { ds := s.newPlugin() defer ds.Close() @@ -3528,7 +3586,6 @@ func (s *PluginSuite) TestListSelectorEntriesSuperset() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { ds := s.newPlugin() defer ds.Close() @@ -3596,7 +3653,6 @@ func (s *PluginSuite) TestListEntriesBySelectorMatchAny() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { ds := s.newPlugin() defer ds.Close() @@ -3664,7 +3720,6 @@ func (s *PluginSuite) TestListEntriesByFederatesWithExact() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { ds := s.newPlugin() defer ds.Close() @@ -3732,7 +3787,6 @@ func (s *PluginSuite) TestListEntriesByFederatesWithSubset() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { ds := s.newPlugin() defer ds.Close() @@ -3805,7 +3859,6 @@ func (s *PluginSuite) TestListEntriesByFederatesWithMatchAny() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { ds := s.newPlugin() defer ds.Close() @@ -3877,7 +3930,6 @@ func (s *PluginSuite) TestListEntriesByFederatesWithSuperset() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { ds := s.newPlugin() defer ds.Close() @@ -4627,7 +4679,8 @@ func (s *PluginSuite) TestListFederationRelationships() { PageSize: 2, }, expectedList: []*datastore.FederationRelationship{fr1, fr2}, - expectedPagination: &datastore.Pagination{Token: "2", + expectedPagination: &datastore.Pagination{ + Token: "2", PageSize: 2, }, }, @@ -4669,7 +4722,6 @@ func (s *PluginSuite) TestListFederationRelationships() { }, } for _, test := range tests { - test := test s.T().Run(test.name, func(t *testing.T) { resp, err := s.ds.ListFederationRelationships(ctx, &datastore.ListFederationRelationshipsRequest{ Pagination: test.pagination, @@ -4892,7 +4944,7 @@ func (s *PluginSuite) TestUpdateFederationRelationship() { } func (s *PluginSuite) TestMigration() { - for schemaVersion := 0; schemaVersion < latestSchemaVersion; schemaVersion++ { + for schemaVersion := range latestSchemaVersion { s.T().Run(fmt.Sprintf("migration_from_schema_version_%d", schemaVersion), func(t *testing.T) { require := require.New(t) dbName := fmt.Sprintf("v%d.sqlite3", schemaVersion) @@ -5224,7 +5276,6 @@ func (s *PluginSuite) TestConfigure() { } for _, tt := range tests { - tt := tt s.T().Run(tt.desc, func(t *testing.T) { dbPath := filepath.ToSlash(filepath.Join(s.dir, "test-datastore-configure.sqlite3")) @@ -5245,7 +5296,7 @@ func (s *PluginSuite) TestConfigure() { // begin many queries simultaneously numQueries := 100 var rowsList []*sql.Rows - for i := 0; i < numQueries; i++ { + for range numQueries { rows, err := db.Query("SELECT * FROM bundles") require.NoError(t, err) rowsList = append(rowsList, rows) diff --git a/pkg/server/datastore/sqlstore/stmt_cache.go b/pkg/server/datastore/sqlstore/stmt_cache.go index f3fb354140..a934d2a880 100644 --- a/pkg/server/datastore/sqlstore/stmt_cache.go +++ b/pkg/server/datastore/sqlstore/stmt_cache.go @@ -25,7 +25,7 @@ func (cache *stmtCache) get(ctx context.Context, query string) (*sql.Stmt, error stmt, err := cache.db.PrepareContext(ctx, query) if err != nil { - return nil, sqlError.Wrap(err) + return nil, newWrappedSQLError(err) } value, loaded = cache.stmts.LoadOrStore(query, stmt) if loaded { diff --git a/pkg/server/endpoints/auth_test.go b/pkg/server/endpoints/auth_test.go index b2ff8e5117..cbc63e3efb 100644 --- a/pkg/server/endpoints/auth_test.go +++ b/pkg/server/endpoints/auth_test.go @@ -105,7 +105,7 @@ func TestBundleSource(t *testing.T) { { name: "success, with authorities", getter: func(domain spiffeid.TrustDomain) ([]*x509.Certificate, error) { - return []*x509.Certificate{&x509.Certificate{}}, nil + return []*x509.Certificate{{}}, nil }, trustDomain: spiffeid.RequireTrustDomainFromString("example.org"), want: x509bundle.FromX509Authorities( diff --git a/pkg/server/endpoints/authorized_entryfetcher_attested_nodes.go b/pkg/server/endpoints/authorized_entryfetcher_attested_nodes.go index 32b854f213..a514f67d89 100644 --- a/pkg/server/endpoints/authorized_entryfetcher_attested_nodes.go +++ b/pkg/server/endpoints/authorized_entryfetcher_attested_nodes.go @@ -212,7 +212,7 @@ func (a *attestedNodes) updateCache(ctx context.Context) error { } func (a *attestedNodes) updateCachedNodes(ctx context.Context) error { - for spiffeId, _ := range a.fetchNodes { + for spiffeId := range a.fetchNodes { node, err := a.ds.FetchAttestedNode(ctx, spiffeId) if err != nil { return err diff --git a/pkg/server/endpoints/authorized_entryfetcher_attested_nodes_test.go b/pkg/server/endpoints/authorized_entryfetcher_attested_nodes_test.go index 7e4b8b187d..c9fe8d4acd 100644 --- a/pkg/server/endpoints/authorized_entryfetcher_attested_nodes_test.go +++ b/pkg/server/endpoints/authorized_entryfetcher_attested_nodes_test.go @@ -41,11 +41,11 @@ var ( }, } defaultNodeEventsStartingAt60 = []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 60, SpiffeID: "spiffe://example.org/test_node_2", }, - &datastore.AttestedNodeEvent{ + { EventID: 61, SpiffeID: "spiffe://example.org/test_node_3", }, @@ -94,9 +94,9 @@ func TestLoadNodeCache(t *testing.T) { "spiffe://example.org/test_node_1", }, expectedGauges: []expectedGauge{ - expectedGauge{Key: skippedNodeEventID, Value: 0}, - expectedGauge{Key: cachedAgentsByID, Value: 1}, - expectedGauge{Key: cachedAgentsByExpiresAt, Value: 1}, + {Key: skippedNodeEventID, Value: 0}, + {Key: cachedAgentsByID, Value: 1}, + {Key: cachedAgentsByExpiresAt, Value: 1}, }, }, { @@ -265,7 +265,7 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { waitToPoll: time.Duration(2) * defaultSQLTransactionTimeout, // even with new before first events, they shouldn't load polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 58, SpiffeID: "spiffe://example.org/test_node_1", }, @@ -294,7 +294,7 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { attestedNodeEvents: defaultNodeEventsStartingAt60, }, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 58, SpiffeID: "spiffe://example.org/test_node_1", }, @@ -311,7 +311,7 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { attestedNodeEvents: defaultNodeEventsStartingAt60, }, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 64, SpiffeID: "spiffe://example.org/test_node_1", }, @@ -329,7 +329,7 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { }, eventsBeforeFirst: []uint{58}, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 58, SpiffeID: "spiffe://example.org/test_node_1", }, @@ -347,11 +347,11 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { }, eventsBeforeFirst: []uint{58}, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: defaultFirstNodeEvent - 2, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: defaultLastNodeEvent + 2, SpiffeID: "spiffe://example.org/test_node_4", }, @@ -368,23 +368,23 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { attestedNodeEvents: defaultNodeEventsStartingAt60, }, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 48, SpiffeID: "spiffe://example.org/test_node_10", }, - &datastore.AttestedNodeEvent{ + { EventID: 49, SpiffeID: "spiffe://example.org/test_node_11", }, - &datastore.AttestedNodeEvent{ + { EventID: 53, SpiffeID: "spiffe://example.org/test_node_12", }, - &datastore.AttestedNodeEvent{ + { EventID: 56, SpiffeID: "spiffe://example.org/test_node_13", }, - &datastore.AttestedNodeEvent{ + { EventID: 57, SpiffeID: "spiffe://example.org/test_node_14", }, @@ -407,23 +407,23 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { attestedNodeEvents: defaultNodeEventsStartingAt60, }, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 48, SpiffeID: "spiffe://example.org/test_node_10", }, - &datastore.AttestedNodeEvent{ + { EventID: 49, SpiffeID: "spiffe://example.org/test_node_11", }, - &datastore.AttestedNodeEvent{ + { EventID: 53, SpiffeID: "spiffe://example.org/test_node_12", }, - &datastore.AttestedNodeEvent{ + { EventID: 56, SpiffeID: "spiffe://example.org/test_node_13", }, - &datastore.AttestedNodeEvent{ + { EventID: defaultLastNodeEvent + 1, SpiffeID: "spiffe://example.org/test_node_14", }, @@ -446,23 +446,23 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { eventsBeforeFirst: []uint{48, 49}, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 48, SpiffeID: "spiffe://example.org/test_node_10", }, - &datastore.AttestedNodeEvent{ + { EventID: 49, SpiffeID: "spiffe://example.org/test_node_11", }, - &datastore.AttestedNodeEvent{ + { EventID: 53, SpiffeID: "spiffe://example.org/test_node_12", }, - &datastore.AttestedNodeEvent{ + { EventID: 56, SpiffeID: "spiffe://example.org/test_node_13", }, - &datastore.AttestedNodeEvent{ + { EventID: 57, SpiffeID: "spiffe://example.org/test_node_14", }, @@ -483,23 +483,23 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { }, eventsBeforeFirst: []uint{48, 49}, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 48, SpiffeID: "spiffe://example.org/test_node_10", }, - &datastore.AttestedNodeEvent{ + { EventID: 49, SpiffeID: "spiffe://example.org/test_node_11", }, - &datastore.AttestedNodeEvent{ + { EventID: 53, SpiffeID: "spiffe://example.org/test_node_12", }, - &datastore.AttestedNodeEvent{ + { EventID: 56, SpiffeID: "spiffe://example.org/test_node_13", }, - &datastore.AttestedNodeEvent{ + { EventID: defaultLastNodeEvent + 1, SpiffeID: "spiffe://example.org/test_node_14", }, @@ -520,23 +520,23 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { eventsBeforeFirst: []uint{48, 49, 53, 56, 57}, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 48, SpiffeID: "spiffe://example.org/test_node_10", }, - &datastore.AttestedNodeEvent{ + { EventID: 49, SpiffeID: "spiffe://example.org/test_node_11", }, - &datastore.AttestedNodeEvent{ + { EventID: 53, SpiffeID: "spiffe://example.org/test_node_12", }, - &datastore.AttestedNodeEvent{ + { EventID: 56, SpiffeID: "spiffe://example.org/test_node_13", }, - &datastore.AttestedNodeEvent{ + { EventID: 57, SpiffeID: "spiffe://example.org/test_node_14", }, @@ -554,27 +554,27 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { eventsBeforeFirst: []uint{48, 49, 53, 56, 57}, polledEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 48, SpiffeID: "spiffe://example.org/test_node_10", }, - &datastore.AttestedNodeEvent{ + { EventID: 49, SpiffeID: "spiffe://example.org/test_node_11", }, - &datastore.AttestedNodeEvent{ + { EventID: 53, SpiffeID: "spiffe://example.org/test_node_12", }, - &datastore.AttestedNodeEvent{ + { EventID: 56, SpiffeID: "spiffe://example.org/test_node_13", }, - &datastore.AttestedNodeEvent{ + { EventID: 57, SpiffeID: "spiffe://example.org/test_node_14", }, - &datastore.AttestedNodeEvent{ + { EventID: defaultLastNodeEvent + 1, SpiffeID: "spiffe://example.org/test_node_28", }, @@ -584,7 +584,6 @@ func TestSearchBeforeFirstNodeEvent(t *testing.T) { expectedFetches: []string{}, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { scenario := NewNodeScenario(t, tt.setup) attestedNodes, err := scenario.buildAttestedNodesCache() @@ -640,7 +639,7 @@ func TestSelectedPolledNodeEvents(t *testing.T) { name: "nothing to poll, no action take, one event", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 100, SpiffeID: "spiffe://example.org/test_node_1", }, @@ -651,23 +650,23 @@ func TestSelectedPolledNodeEvents(t *testing.T) { name: "nothing to poll, no action taken, five events", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_2", }, - &datastore.AttestedNodeEvent{ + { EventID: 103, SpiffeID: "spiffe://example.org/test_node_3", }, - &datastore.AttestedNodeEvent{ + { EventID: 104, SpiffeID: "spiffe://example.org/test_node_4", }, - &datastore.AttestedNodeEvent{ + { EventID: 105, SpiffeID: "spiffe://example.org/test_node_5", }, @@ -678,19 +677,19 @@ func TestSelectedPolledNodeEvents(t *testing.T) { name: "polling one item, not found", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_2", }, - &datastore.AttestedNodeEvent{ + { EventID: 104, SpiffeID: "spiffe://example.org/test_node_4", }, - &datastore.AttestedNodeEvent{ + { EventID: 105, SpiffeID: "spiffe://example.org/test_node_5", }, @@ -702,11 +701,11 @@ func TestSelectedPolledNodeEvents(t *testing.T) { name: "polling five items, not found", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 107, SpiffeID: "spiffe://example.org/test_node_7", }, @@ -718,15 +717,15 @@ func TestSelectedPolledNodeEvents(t *testing.T) { name: "polling one item, found", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_2", }, - &datastore.AttestedNodeEvent{ + { EventID: 103, SpiffeID: "spiffe://example.org/test_node_3", }, @@ -742,19 +741,19 @@ func TestSelectedPolledNodeEvents(t *testing.T) { name: "polling five items, two found", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 103, SpiffeID: "spiffe://example.org/test_node_3", }, - &datastore.AttestedNodeEvent{ + { EventID: 106, SpiffeID: "spiffe://example.org/test_node_6", }, - &datastore.AttestedNodeEvent{ + { EventID: 107, SpiffeID: "spiffe://example.org/test_node_7", }, @@ -771,31 +770,31 @@ func TestSelectedPolledNodeEvents(t *testing.T) { name: "polling five items, five found", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_2", }, - &datastore.AttestedNodeEvent{ + { EventID: 103, SpiffeID: "spiffe://example.org/test_node_3", }, - &datastore.AttestedNodeEvent{ + { EventID: 104, SpiffeID: "spiffe://example.org/test_node_4", }, - &datastore.AttestedNodeEvent{ + { EventID: 105, SpiffeID: "spiffe://example.org/test_node_5", }, - &datastore.AttestedNodeEvent{ + { EventID: 106, SpiffeID: "spiffe://example.org/test_node_6", }, - &datastore.AttestedNodeEvent{ + { EventID: 107, SpiffeID: "spiffe://example.org/test_node_7", }, @@ -812,7 +811,6 @@ func TestSelectedPolledNodeEvents(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { scenario := NewNodeScenario(t, tt.setup) attestedNodes, err := scenario.buildAttestedNodesCache() @@ -851,7 +849,7 @@ func TestScanForNewNodeEvents(t *testing.T) { name: "no new event, with first event", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, @@ -865,14 +863,14 @@ func TestScanForNewNodeEvents(t *testing.T) { name: "one new event", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, }, }, newEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_1", }, @@ -887,14 +885,14 @@ func TestScanForNewNodeEvents(t *testing.T) { name: "one new event, skipping an event", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, }, }, newEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 103, SpiffeID: "spiffe://example.org/test_node_1", }, @@ -909,18 +907,18 @@ func TestScanForNewNodeEvents(t *testing.T) { name: "two new events, same attested node", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, }, }, newEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 103, SpiffeID: "spiffe://example.org/test_node_1", }, @@ -935,18 +933,18 @@ func TestScanForNewNodeEvents(t *testing.T) { name: "two new events, different attested nodes", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, }, }, newEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 103, SpiffeID: "spiffe://example.org/test_node_2", }, @@ -962,18 +960,18 @@ func TestScanForNewNodeEvents(t *testing.T) { name: "two new events, with a skipped event", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, }, }, newEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 104, SpiffeID: "spiffe://example.org/test_node_2", }, @@ -989,18 +987,18 @@ func TestScanForNewNodeEvents(t *testing.T) { name: "two new events, with three skipped events", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, }, }, newEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 106, SpiffeID: "spiffe://example.org/test_node_2", }, @@ -1016,42 +1014,42 @@ func TestScanForNewNodeEvents(t *testing.T) { name: "five events, four new events, two skip regions", setup: &nodeScenarioSetup{ attestedNodeEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 101, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 102, SpiffeID: "spiffe://example.org/test_node_2", }, - &datastore.AttestedNodeEvent{ + { EventID: 103, SpiffeID: "spiffe://example.org/test_node_3", }, - &datastore.AttestedNodeEvent{ + { EventID: 104, SpiffeID: "spiffe://example.org/test_node_4", }, - &datastore.AttestedNodeEvent{ + { EventID: 105, SpiffeID: "spiffe://example.org/test_node_5", }, }, }, newEvents: []*datastore.AttestedNodeEvent{ - &datastore.AttestedNodeEvent{ + { EventID: 108, SpiffeID: "spiffe://example.org/test_node_1", }, - &datastore.AttestedNodeEvent{ + { EventID: 109, SpiffeID: "spiffe://example.org/test_node_2", }, - &datastore.AttestedNodeEvent{ + { EventID: 110, SpiffeID: "spiffe://example.org/test_node_2", }, - &datastore.AttestedNodeEvent{ + { EventID: 112, SpiffeID: "spiffe://example.org/test_node_11", }, @@ -1065,7 +1063,6 @@ func TestScanForNewNodeEvents(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { scenario := NewNodeScenario(t, tt.setup) attestedNodes, err := scenario.buildAttestedNodesCache() @@ -1435,7 +1432,6 @@ func TestUpdateAttestedNodesCache(t *testing.T) { expectedAuthorizedEntries: []string{}, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { scenario := NewNodeScenario(t, tt.setup) attestedNodes, err := scenario.buildAttestedNodesCache() @@ -1539,7 +1535,7 @@ func (s *scenario) buildAttestedNodesCache() (*attestedNodes, error) { attestedNodes, err := buildAttestedNodesCache(s.ctx, s.log, s.metrics, s.ds, s.clk, s.cache, defaultCacheReloadInterval, defaultSQLTransactionTimeout) if attestedNodes != nil { // clear out the fetches - for node, _ := range attestedNodes.fetchNodes { + for node := range attestedNodes.fetchNodes { delete(attestedNodes.fetchNodes, node) } } diff --git a/pkg/server/endpoints/authorized_entryfetcher_registration_entries.go b/pkg/server/endpoints/authorized_entryfetcher_registration_entries.go index 3fd9914c6d..cc32536cef 100644 --- a/pkg/server/endpoints/authorized_entryfetcher_registration_entries.go +++ b/pkg/server/endpoints/authorized_entryfetcher_registration_entries.go @@ -224,7 +224,7 @@ func (a *registrationEntries) updateCache(ctx context.Context) error { // updateCacheEntry update/deletes/creates an individual registration entry in the cache. func (a *registrationEntries) updateCachedEntries(ctx context.Context) error { - for entryId, _ := range a.fetchEntries { + for entryId := range a.fetchEntries { commonEntry, err := a.ds.FetchRegistrationEntry(ctx, entryId) if err != nil { return err diff --git a/pkg/server/endpoints/authorized_entryfetcher_registration_entries_test.go b/pkg/server/endpoints/authorized_entryfetcher_registration_entries_test.go index d9e4d6d4e1..a49f6470e4 100644 --- a/pkg/server/endpoints/authorized_entryfetcher_registration_entries_test.go +++ b/pkg/server/endpoints/authorized_entryfetcher_registration_entries_test.go @@ -29,7 +29,7 @@ var ( skippedEntryEventID = []string{telemetry.Entry, telemetry.SkippedEntryEventIDs, telemetry.Count} defaultRegistrationEntries = []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "47c96201-a4b1-4116-97fe-8aa9c2440aad", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_2", @@ -37,7 +37,7 @@ var ( {Type: "testjob", Value: "2"}, }, }, - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -47,11 +47,11 @@ var ( }, } defaultRegistrationEntryEventsStartingAt60 = []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 60, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 61, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, @@ -96,7 +96,7 @@ func TestLoadEntryCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 0, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -113,7 +113,7 @@ func TestLoadEntryCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1000, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -127,11 +127,11 @@ func TestLoadEntryCache(t *testing.T) { "6837984a-bc44-462b-9ca6-5cd59be35066", }, expectedGauges: []expectedGauge{ - expectedGauge{Key: skippedEntryEventID, Value: 0}, - expectedGauge{Key: nodeAliasesByEntryID, Value: 0}, - expectedGauge{Key: nodeAliasesBySelector, Value: 0}, - expectedGauge{Key: entriesByEntryID, Value: 1}, - expectedGauge{Key: entriesByParentID, Value: 1}, + {Key: skippedEntryEventID, Value: 0}, + {Key: nodeAliasesByEntryID, Value: 0}, + {Key: nodeAliasesBySelector, Value: 0}, + {Key: entriesByEntryID, Value: 1}, + {Key: entriesByParentID, Value: 1}, }, }, { @@ -139,7 +139,7 @@ func TestLoadEntryCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 0, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -147,7 +147,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "1"}, }, }, - &common.RegistrationEntry{ + { EntryId: "47c96201-a4b1-4116-97fe-8aa9c2440aad", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_2", @@ -155,7 +155,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "2"}, }, }, - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -163,7 +163,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "3"}, }, }, - &common.RegistrationEntry{ + { EntryId: "8cbf7d48-9d43-41ae-ab63-77d66891f948", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_4", @@ -171,7 +171,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "4"}, }, }, - &common.RegistrationEntry{ + { EntryId: "354c16f4-4e61-4c17-8596-7baa7744d504", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_5", @@ -188,7 +188,7 @@ func TestLoadEntryCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1000, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -196,7 +196,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "1"}, }, }, - &common.RegistrationEntry{ + { EntryId: "47c96201-a4b1-4116-97fe-8aa9c2440aad", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_2", @@ -204,7 +204,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "2"}, }, }, - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -212,7 +212,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "3"}, }, }, - &common.RegistrationEntry{ + { EntryId: "8cbf7d48-9d43-41ae-ab63-77d66891f948", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_4", @@ -220,7 +220,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "4"}, }, }, - &common.RegistrationEntry{ + { EntryId: "354c16f4-4e61-4c17-8596-7baa7744d504", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_5", @@ -238,11 +238,11 @@ func TestLoadEntryCache(t *testing.T) { "354c16f4-4e61-4c17-8596-7baa7744d504", }, expectedGauges: []expectedGauge{ - expectedGauge{Key: skippedEntryEventID, Value: 0}, - expectedGauge{Key: nodeAliasesByEntryID, Value: 0}, - expectedGauge{Key: nodeAliasesBySelector, Value: 0}, - expectedGauge{Key: entriesByEntryID, Value: 5}, - expectedGauge{Key: entriesByParentID, Value: 5}, + {Key: skippedEntryEventID, Value: 0}, + {Key: nodeAliasesByEntryID, Value: 0}, + {Key: nodeAliasesBySelector, Value: 0}, + {Key: entriesByEntryID, Value: 5}, + {Key: entriesByParentID, Value: 5}, }, }, { @@ -250,7 +250,7 @@ func TestLoadEntryCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 5, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -258,7 +258,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "1"}, }, }, - &common.RegistrationEntry{ + { EntryId: "47c96201-a4b1-4116-97fe-8aa9c2440aad", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_2", @@ -266,7 +266,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "2"}, }, }, - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -274,7 +274,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "3"}, }, }, - &common.RegistrationEntry{ + { EntryId: "8cbf7d48-9d43-41ae-ab63-77d66891f948", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_4", @@ -282,7 +282,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "4"}, }, }, - &common.RegistrationEntry{ + { EntryId: "354c16f4-4e61-4c17-8596-7baa7744d504", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_5", @@ -300,11 +300,11 @@ func TestLoadEntryCache(t *testing.T) { "354c16f4-4e61-4c17-8596-7baa7744d504", }, expectedGauges: []expectedGauge{ - expectedGauge{Key: skippedEntryEventID, Value: 0}, - expectedGauge{Key: nodeAliasesByEntryID, Value: 0}, - expectedGauge{Key: nodeAliasesBySelector, Value: 0}, - expectedGauge{Key: entriesByEntryID, Value: 5}, - expectedGauge{Key: entriesByParentID, Value: 5}, + {Key: skippedEntryEventID, Value: 0}, + {Key: nodeAliasesByEntryID, Value: 0}, + {Key: nodeAliasesBySelector, Value: 0}, + {Key: entriesByEntryID, Value: 5}, + {Key: entriesByParentID, Value: 5}, }, }, { @@ -312,7 +312,7 @@ func TestLoadEntryCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 3, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -320,7 +320,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "1"}, }, }, - &common.RegistrationEntry{ + { EntryId: "47c96201-a4b1-4116-97fe-8aa9c2440aad", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_2", @@ -328,7 +328,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "2"}, }, }, - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -336,7 +336,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "3"}, }, }, - &common.RegistrationEntry{ + { EntryId: "8cbf7d48-9d43-41ae-ab63-77d66891f948", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_4", @@ -344,7 +344,7 @@ func TestLoadEntryCache(t *testing.T) { {Type: "testjob", Value: "4"}, }, }, - &common.RegistrationEntry{ + { EntryId: "354c16f4-4e61-4c17-8596-7baa7744d504", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_5", @@ -362,11 +362,11 @@ func TestLoadEntryCache(t *testing.T) { "354c16f4-4e61-4c17-8596-7baa7744d504", }, expectedGauges: []expectedGauge{ - expectedGauge{Key: skippedEntryEventID, Value: 0}, - expectedGauge{Key: nodeAliasesByEntryID, Value: 0}, - expectedGauge{Key: nodeAliasesBySelector, Value: 0}, - expectedGauge{Key: entriesByEntryID, Value: 5}, - expectedGauge{Key: entriesByParentID, Value: 5}, + {Key: skippedEntryEventID, Value: 0}, + {Key: nodeAliasesByEntryID, Value: 0}, + {Key: nodeAliasesBySelector, Value: 0}, + {Key: entriesByEntryID, Value: 5}, + {Key: entriesByParentID, Value: 5}, }, }, } { @@ -450,7 +450,7 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { waitToPoll: time.Duration(2) * defaultSQLTransactionTimeout, // even with new before first events, they shouldn't load polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 58, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, @@ -481,7 +481,7 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { registrationEntryEvents: defaultRegistrationEntryEventsStartingAt60, }, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 58, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, @@ -501,7 +501,7 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { registrationEntryEvents: defaultRegistrationEntryEventsStartingAt60, }, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 64, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, @@ -520,7 +520,7 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { }, eventsBeforeFirst: []uint{58}, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 58, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, @@ -539,11 +539,11 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { }, eventsBeforeFirst: []uint{58}, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: defaultFirstEntryEvent - 2, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: defaultLastEntryEvent + 2, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, @@ -561,23 +561,23 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { registrationEntryEvents: defaultRegistrationEntryEventsStartingAt60, }, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 48, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 49, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 53, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 56, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: 57, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, @@ -601,23 +601,23 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { registrationEntryEvents: defaultRegistrationEntryEventsStartingAt60, }, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 48, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 49, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 53, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 56, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: defaultLastEntryEvent + 1, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, @@ -641,23 +641,23 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { eventsBeforeFirst: []uint{48, 49}, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 48, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 49, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 53, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 56, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: 57, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, @@ -679,23 +679,23 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { }, eventsBeforeFirst: []uint{48, 49}, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 48, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 49, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 53, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 56, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: defaultLastEntryEvent + 1, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, @@ -717,23 +717,23 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { eventsBeforeFirst: []uint{48, 49, 53, 56, 57}, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 48, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 49, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 53, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 56, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: 57, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, @@ -752,27 +752,27 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { eventsBeforeFirst: []uint{48, 49, 53, 56, 57}, polledEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 48, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 49, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 53, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 56, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: 57, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, - &datastore.RegistrationEntryEvent{ + { EventID: defaultLastEntryEvent + 1, EntryID: "aeb603b2-e1d1-4832-8809-60a1d14b42e0", }, @@ -782,7 +782,6 @@ func TestSearchBeforeFirstEntryEvent(t *testing.T) { expectedFetches: []string{}, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { scenario := NewEntryScenario(t, tt.setup) registrationEntries, err := scenario.buildRegistrationEntriesCache() @@ -837,7 +836,7 @@ func TestSelectedPolledEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 100, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, @@ -849,23 +848,23 @@ func TestSelectedPolledEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 103, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 104, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: 105, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, @@ -877,19 +876,19 @@ func TestSelectedPolledEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 104, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: 105, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, @@ -902,11 +901,11 @@ func TestSelectedPolledEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 107, EntryID: "c3f4ada0-3f8d-421e-b5d1-83aaee203d94", }, @@ -919,15 +918,15 @@ func TestSelectedPolledEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 103, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, @@ -944,19 +943,19 @@ func TestSelectedPolledEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 103, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 106, EntryID: "aeb603b2-e1d1-4832-8809-60a1d14b42e0", }, - &datastore.RegistrationEntryEvent{ + { EventID: 107, EntryID: "c3f4ada0-3f8d-421e-b5d1-83aaee203d94", }, @@ -974,31 +973,31 @@ func TestSelectedPolledEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 103, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 104, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: 105, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, - &datastore.RegistrationEntryEvent{ + { EventID: 106, EntryID: "aeb603b2-e1d1-4832-8809-60a1d14b42e0", }, - &datastore.RegistrationEntryEvent{ + { EventID: 107, EntryID: "c3f4ada0-3f8d-421e-b5d1-83aaee203d94", }, @@ -1015,7 +1014,6 @@ func TestSelectedPolledEntryEvents(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { scenario := NewEntryScenario(t, tt.setup) registrationEntries, err := scenario.buildRegistrationEntriesCache() @@ -1058,7 +1056,7 @@ func TestScanForNewEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, @@ -1073,14 +1071,14 @@ func TestScanForNewEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, }, }, newEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, @@ -1096,14 +1094,14 @@ func TestScanForNewEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, }, }, newEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 103, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, @@ -1119,18 +1117,18 @@ func TestScanForNewEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, }, }, newEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 103, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, @@ -1146,18 +1144,18 @@ func TestScanForNewEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, }, }, newEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 103, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, @@ -1174,18 +1172,18 @@ func TestScanForNewEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, }, }, newEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 104, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, @@ -1202,18 +1200,18 @@ func TestScanForNewEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, }, }, newEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 106, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, @@ -1230,42 +1228,42 @@ func TestScanForNewEntryEvents(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntryEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 101, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 102, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 103, EntryID: "1d78521b-cc92-47c1-85a5-28ce47f121f2", }, - &datastore.RegistrationEntryEvent{ + { EventID: 104, EntryID: "8cbf7d48-9d43-41ae-ab63-77d66891f948", }, - &datastore.RegistrationEntryEvent{ + { EventID: 105, EntryID: "354c16f4-4e61-4c17-8596-7baa7744d504", }, }, }, newEvents: []*datastore.RegistrationEntryEvent{ - &datastore.RegistrationEntryEvent{ + { EventID: 108, EntryID: "6837984a-bc44-462b-9ca6-5cd59be35066", }, - &datastore.RegistrationEntryEvent{ + { EventID: 109, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 110, EntryID: "47c96201-a4b1-4116-97fe-8aa9c2440aad", }, - &datastore.RegistrationEntryEvent{ + { EventID: 112, EntryID: "c3f4ada0-3f8d-421e-b5d1-83aaee203d94", }, @@ -1279,7 +1277,6 @@ func TestScanForNewEntryEvents(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { scenario := NewEntryScenario(t, tt.setup) attestedEntries, err := scenario.buildRegistrationEntriesCache() @@ -1324,7 +1321,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { pageSize: 1024, }, createRegistrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1356,7 +1353,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { pageSize: 1024, }, createRegistrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -1364,7 +1361,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "1"}, }, }, - &common.RegistrationEntry{ + { EntryId: "47c96201-a4b1-4116-97fe-8aa9c2440aad", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_2", @@ -1372,7 +1369,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "2"}, }, }, - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1380,7 +1377,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "3"}, }, }, - &common.RegistrationEntry{ + { EntryId: "8cbf7d48-9d43-41ae-ab63-77d66891f948", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_4", @@ -1388,7 +1385,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "4"}, }, }, - &common.RegistrationEntry{ + { EntryId: "354c16f4-4e61-4c17-8596-7baa7744d504", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_5", @@ -1419,7 +1416,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { pageSize: 1024, }, createRegistrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -1427,7 +1424,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "1"}, }, }, - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1435,7 +1432,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "3"}, }, }, - &common.RegistrationEntry{ + { EntryId: "8cbf7d48-9d43-41ae-ab63-77d66891f948", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_4", @@ -1478,7 +1475,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1498,7 +1495,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1509,7 +1506,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { }, }, createRegistrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "8cbf7d48-9d43-41ae-ab63-77d66891f948", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_4", @@ -1532,7 +1529,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1555,7 +1552,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1579,7 +1576,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1590,7 +1587,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { }, }, createRegistrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -1598,7 +1595,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "1"}, }, }, - &common.RegistrationEntry{ + { EntryId: "47c96201-a4b1-4116-97fe-8aa9c2440aad", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_2", @@ -1606,7 +1603,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "2"}, }, }, - &common.RegistrationEntry{ + { EntryId: "8cbf7d48-9d43-41ae-ab63-77d66891f948", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_4", @@ -1614,7 +1611,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "4"}, }, }, - &common.RegistrationEntry{ + { EntryId: "354c16f4-4e61-4c17-8596-7baa7744d504", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_5", @@ -1622,7 +1619,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "5"}, }, }, - &common.RegistrationEntry{ + { EntryId: "aeb603b2-e1d1-4832-8809-60a1d14b42e0", ParentId: "spiffe://example.org/test_node_3", SpiffeId: "spiffe://example.org/test_job_6", @@ -1653,7 +1650,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1664,7 +1661,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { }, }, createRegistrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -1672,7 +1669,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "1"}, }, }, - &common.RegistrationEntry{ + { EntryId: "47c96201-a4b1-4116-97fe-8aa9c2440aad", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_2", @@ -1680,7 +1677,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "2"}, }, }, - &common.RegistrationEntry{ + { EntryId: "8cbf7d48-9d43-41ae-ab63-77d66891f948", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_4", @@ -1688,7 +1685,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "4"}, }, }, - &common.RegistrationEntry{ + { EntryId: "354c16f4-4e61-4c17-8596-7baa7744d504", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_5", @@ -1718,7 +1715,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1729,7 +1726,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { }, }, createRegistrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "6837984a-bc44-462b-9ca6-5cd59be35066", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_1", @@ -1737,7 +1734,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { {Type: "testjob", Value: "1"}, }, }, - &common.RegistrationEntry{ + { EntryId: "47c96201-a4b1-4116-97fe-8aa9c2440aad", ParentId: "spiffe://example.org/test_node_1", SpiffeId: "spiffe://example.org/test_job_2", @@ -1767,7 +1764,7 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { setup: &entryScenarioSetup{ pageSize: 1024, registrationEntries: []*common.RegistrationEntry{ - &common.RegistrationEntry{ + { EntryId: "1d78521b-cc92-47c1-85a5-28ce47f121f2", ParentId: "spiffe://example.org/test_node_2", SpiffeId: "spiffe://example.org/test_job_3", @@ -1791,7 +1788,6 @@ func TestUpdateRegistrationEntriesCache(t *testing.T) { expectedAuthorizedEntries: []string{}, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { scenario := NewEntryScenario(t, tt.setup) registeredEntries, err := scenario.buildRegistrationEntriesCache() @@ -1911,7 +1907,7 @@ func (s *entryScenario) buildRegistrationEntriesCache() (*registrationEntries, e registrationEntries, err := buildRegistrationEntriesCache(s.ctx, s.log, s.metrics, s.ds, s.clk, s.cache, s.pageSize, defaultCacheReloadInterval, defaultSQLTransactionTimeout) if registrationEntries != nil { // clear out the fetches - for entry, _ := range registrationEntries.fetchEntries { + for entry := range registrationEntries.fetchEntries { delete(registrationEntries.fetchEntries, entry) } } diff --git a/pkg/server/endpoints/bundle/acme_auth.go b/pkg/server/endpoints/bundle/acme_auth.go index a9d12c5bcc..45e5fbb72b 100644 --- a/pkg/server/endpoints/bundle/acme_auth.go +++ b/pkg/server/endpoints/bundle/acme_auth.go @@ -4,12 +4,12 @@ import ( "context" "crypto" "crypto/tls" + "fmt" "github.com/sirupsen/logrus" "github.com/spiffe/spire/pkg/common/version" "github.com/spiffe/spire/pkg/server/endpoints/bundle/internal/autocert" "github.com/spiffe/spire/pkg/server/plugin/keymanager" - "github.com/zeebo/errs" "golang.org/x/crypto/acme" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -122,7 +122,7 @@ func (ks *acmeKeyStore) NewPrivateKey(ctx context.Context, id string, keyType au case autocert.EC256: kmKeyType = keymanager.ECP256 default: - return nil, errs.New("unsupported key type: %d", keyType) + return nil, fmt.Errorf("unsupported key type: %d", keyType) } key, err := ks.km.GenerateKey(ctx, keyID, kmKeyType) diff --git a/pkg/server/endpoints/bundle/server.go b/pkg/server/endpoints/bundle/server.go index d96490e476..e9c7a39bdf 100644 --- a/pkg/server/endpoints/bundle/server.go +++ b/pkg/server/endpoints/bundle/server.go @@ -11,7 +11,6 @@ import ( "github.com/sirupsen/logrus" "github.com/spiffe/go-spiffe/v2/bundle/spiffebundle" "github.com/spiffe/spire/pkg/common/bundleutil" - "github.com/zeebo/errs" ) type Getter interface { @@ -57,7 +56,7 @@ func (s *Server) ListenAndServe(ctx context.Context) error { // it gives us the ability to use/inspect an ephemeral port during testing. listener, err := s.c.listen("tcp", s.c.Address) if err != nil { - return errs.Wrap(err) + return err } // Set up the TLS config, setting TLS 1.2 as the minimum. @@ -72,7 +71,7 @@ func (s *Server) ListenAndServe(ctx context.Context) error { errCh := make(chan error, 1) go func() { - errCh <- errs.Wrap(server.ServeTLS(listener, "", "")) + errCh <- server.ServeTLS(listener, "", "") }() select { diff --git a/pkg/server/endpoints/bundle/server_test.go b/pkg/server/endpoints/bundle/server_test.go index a27dba182a..7c22159386 100644 --- a/pkg/server/endpoints/bundle/server_test.go +++ b/pkg/server/endpoints/bundle/server_test.go @@ -146,7 +146,6 @@ func TestServer(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { addr, done := newTestServer(t, testGetter(testCase.bundle), diff --git a/pkg/server/endpoints/endpoints_posix_test.go b/pkg/server/endpoints/endpoints_posix_test.go index 3892b31fd2..e85a3a6518 100644 --- a/pkg/server/endpoints/endpoints_posix_test.go +++ b/pkg/server/endpoints/endpoints_posix_test.go @@ -3,7 +3,6 @@ package endpoints import ( - "context" "net" "path/filepath" "testing" @@ -16,6 +15,6 @@ func getLocalAddr(t *testing.T) net.Addr { return &net.UnixAddr{Net: "unix", Name: filepath.Join(tempdir, "sockets")} } -func testRemoteCaller(context.Context, *testing.T, string) { +func testRemoteCaller(*testing.T, string) { // No testing for UDS endpoints } diff --git a/pkg/server/endpoints/endpoints_test.go b/pkg/server/endpoints/endpoints_test.go index aee6ee95fd..edf3a02fee 100644 --- a/pkg/server/endpoints/endpoints_test.go +++ b/pkg/server/endpoints/endpoints_test.go @@ -249,8 +249,8 @@ func TestListenAndServe(t *testing.T) { }() dialTCP := func(tlsConfig *tls.Config) *grpc.ClientConn { - conn, err := grpc.DialContext(ctx, endpoints.TCPAddr.String(), //nolint: staticcheck // It is going to be resolved on #5152 - grpc.WithBlock(), //nolint: staticcheck // It is going to be resolved on #5152 + conn, err := grpc.NewClient( + endpoints.TCPAddr.String(), grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)), ) require.NoError(t, err) @@ -260,7 +260,7 @@ func TestListenAndServe(t *testing.T) { target, err := util.GetTargetName(endpoints.LocalAddr) require.NoError(t, err) - localConn, err := util.GRPCDialContext(ctx, target, grpc.WithBlock()) //nolint: staticcheck // It is going to be resolved on #5152 + localConn, err := util.NewGRPCClient(target) require.NoError(t, err) defer localConn.Close() @@ -291,15 +291,20 @@ func TestListenAndServe(t *testing.T) { // Create an SVID from a different CA. This ensures that we verify // incoming certificates against the trust bundle. badSVID := testca.New(t, testTD).CreateX509SVID(agentID) - ctx, cancel := context.WithTimeout(ctx, time.Second) - defer cancel() tlsConfig := tlsconfig.MTLSClientConfig(badSVID, ca.X509Bundle(), tlsconfig.AuthorizeID(serverID)) require.NoError(t, tlspolicy.ApplyPolicy(tlsConfig, endpoints.TLSPolicy)) - badConn, err := grpc.DialContext(ctx, endpoints.TCPAddr.String(), grpc.WithBlock(), grpc.FailOnNonTempDialError(true), //nolint: staticcheck // It is going to be resolved on #5152 + badConn, err := grpc.NewClient( + endpoints.TCPAddr.String(), grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)), ) + + require.NoError(t, err) + + // Call an API using the server clientConn to cause gRPC to attempt to dial the server + healthClient := grpc_health_v1.NewHealthClient(badConn) + _, err = healthClient.Check(ctx, &grpc_health_v1.HealthCheckRequest{}) if !assert.Error(t, err, "dialing should have failed") { // close the conn if the dialing unexpectedly succeeded badConn.Close() @@ -345,7 +350,7 @@ func TestListenAndServe(t *testing.T) { }) t.Run("Access denied to remote caller", func(t *testing.T) { - testRemoteCaller(ctx, t, target) + testRemoteCaller(t, target) }) t.Run("Invalidate connection with misconfigured foreign admin caller", func(t *testing.T) { @@ -1022,7 +1027,7 @@ func testAuthorization(ctx context.Context, t *testing.T, client any, expectedAu cv := reflect.ValueOf(client) ct := cv.Type() - for i := 0; i < ct.NumMethod(); i++ { + for i := range ct.NumMethod() { mv := cv.Method(i) methodName := ct.Method(i).Name t.Run(methodName, func(t *testing.T) { @@ -1065,7 +1070,7 @@ func assertServiceUnavailable(ctx context.Context, t *testing.T, client any) { cv := reflect.ValueOf(client) ct := cv.Type() - for i := 0; i < ct.NumMethod(); i++ { + for i := range ct.NumMethod() { mv := cv.Method(i) methodName := ct.Method(i).Name t.Run(methodName, func(t *testing.T) { diff --git a/pkg/server/endpoints/endpoints_windows_test.go b/pkg/server/endpoints/endpoints_windows_test.go index 6df5611522..d712802b60 100644 --- a/pkg/server/endpoints/endpoints_windows_test.go +++ b/pkg/server/endpoints/endpoints_windows_test.go @@ -14,21 +14,25 @@ import ( "github.com/spiffe/spire/test/spiretest" "github.com/stretchr/testify/require" "golang.org/x/sys/windows" - "google.golang.org/grpc" + "google.golang.org/grpc/health/grpc_health_v1" ) func getLocalAddr(*testing.T) net.Addr { return spiretest.GetRandNamedPipeAddr() } -func testRemoteCaller(ctx context.Context, t *testing.T, target string) { +func testRemoteCaller(t *testing.T, target string) { hostName, err := os.Hostname() require.NoError(t, err) // Use the host name instead of "." in the target, as it would be a remote caller targetAsRemote := strings.ReplaceAll(target, "\\\\.\\", fmt.Sprintf("\\\\%s\\", hostName)) - _, err = util.GRPCDialContext(ctx, targetAsRemote, grpc.WithBlock(), grpc.FailOnNonTempDialError(true)) //nolint: staticcheck // It is going to be resolved on #5152 + conn, err := util.NewGRPCClient(targetAsRemote) + require.NoError(t, err) + + healthClient := grpc_health_v1.NewHealthClient(conn) + _, err = healthClient.Check(context.Background(), &grpc_health_v1.HealthCheckRequest{}) // Remote calls must be denied - require.ErrorIs(t, err, windows.ERROR_ACCESS_DENIED) + require.ErrorContains(t, err, windows.ERROR_ACCESS_DENIED.Error()) } diff --git a/pkg/server/endpoints/entryfetcher_test.go b/pkg/server/endpoints/entryfetcher_test.go index 0e92f70190..5262f72676 100644 --- a/pkg/server/endpoints/entryfetcher_test.go +++ b/pkg/server/endpoints/entryfetcher_test.go @@ -224,7 +224,7 @@ func TestRunRebuildCacheTask(t *testing.T) { func setupExpectedEntriesData(t *testing.T, agentID spiffeid.ID) []*types.Entry { const numEntries = 2 entryIDs := make([]spiffeid.ID, numEntries) - for i := 0; i < numEntries; i++ { + for i := range numEntries { entryIDs[i] = spiffeid.RequireFromPathf(trustDomain, "/%d", i) } diff --git a/pkg/server/endpoints/eventTracker.go b/pkg/server/endpoints/eventTracker.go index 7be1913bb1..dcaf493b8c 100644 --- a/pkg/server/endpoints/eventTracker.go +++ b/pkg/server/endpoints/eventTracker.go @@ -58,7 +58,7 @@ func (et *eventTracker) StopTracking(event uint) { func (et *eventTracker) SelectEvents() []uint { pollList := *et.pool.Get().(*[]uint) - for event, _ := range et.events { + for event := range et.events { if et.events[event] >= et.pollPeriods { et.StopTracking(event) continue diff --git a/pkg/server/hostservice/agentstore/agentstore_test.go b/pkg/server/hostservice/agentstore/agentstore_test.go index 9090c20916..5e9910b60b 100644 --- a/pkg/server/hostservice/agentstore/agentstore_test.go +++ b/pkg/server/hostservice/agentstore/agentstore_test.go @@ -57,7 +57,6 @@ func TestAgentStore(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { assert := assert.New(t) require := require.New(t) diff --git a/pkg/server/hostservice/identityprovider/identityprovider.go b/pkg/server/hostservice/identityprovider/identityprovider.go index 79213beff8..7aaf243c36 100644 --- a/pkg/server/hostservice/identityprovider/identityprovider.go +++ b/pkg/server/hostservice/identityprovider/identityprovider.go @@ -13,7 +13,6 @@ import ( "github.com/spiffe/spire/pkg/common/coretypes/jwtkey" "github.com/spiffe/spire/pkg/common/coretypes/x509certificate" "github.com/spiffe/spire/pkg/server/datastore" - "github.com/zeebo/errs" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -124,7 +123,7 @@ func (v1 *identityProviderV1) FetchX509Identity(ctx context.Context, _ *identity privateKey, err := x509.MarshalPKCS8PrivateKey(x509Identity.PrivateKey) if err != nil { - return nil, errs.Wrap(err) + return nil, err } return &identityproviderv1.FetchX509IdentityResponse{ diff --git a/pkg/server/plugin/bundlepublisher/v1_test.go b/pkg/server/plugin/bundlepublisher/v1_test.go index c3740c2c2b..3b374b3101 100644 --- a/pkg/server/plugin/bundlepublisher/v1_test.go +++ b/pkg/server/plugin/bundlepublisher/v1_test.go @@ -49,7 +49,6 @@ func TestV1Publish(t *testing.T) { expectMessage: "bundlepublisher(test): bundle is invalid: trust domain is missing", }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { bundlepublisher := loadV1Plugin(t, &fakeV1Plugin{err: tt.pluginErr}) err := bundlepublisher.PublishBundle(context.Background(), tt.bundle) diff --git a/pkg/server/plugin/credentialcomposer/uniqueid/plugin.go b/pkg/server/plugin/credentialcomposer/uniqueid/plugin.go index 30cd1319a1..7d30d6e153 100644 --- a/pkg/server/plugin/credentialcomposer/uniqueid/plugin.go +++ b/pkg/server/plugin/credentialcomposer/uniqueid/plugin.go @@ -65,7 +65,7 @@ func (p *Plugin) ComposeWorkloadX509SVID(_ context.Context, req *credentialcompo // Add the attribute if it does not already exist. Otherwise, replace the old value. found := false - for i := 0; i < len(attributes.Subject.ExtraNames); i++ { + for i := range len(attributes.Subject.ExtraNames) { if attributes.Subject.ExtraNames[i].Oid == uniqueID.Oid { attributes.Subject.ExtraNames[i] = uniqueID found = true diff --git a/pkg/server/plugin/credentialcomposer/v1_test.go b/pkg/server/plugin/credentialcomposer/v1_test.go index fec6955bd0..d4e3073b46 100644 --- a/pkg/server/plugin/credentialcomposer/v1_test.go +++ b/pkg/server/plugin/credentialcomposer/v1_test.go @@ -236,7 +236,6 @@ func TestV1ComposeServerX509CA(t *testing.T) { expectMessage: `credentialcomposer(test): plugin returned invalid X509CA attributes: extra extensions: invalid OID: non-integer part "NOT AN OID"`, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := &fakeV1Plugin{err: tt.pluginErr, composeServerX509CAResponseOut: tt.responseOut} cc := loadV1Plugin(t, plugin) @@ -384,7 +383,6 @@ func TestV1ComposeServerX509SVID(t *testing.T) { expectMessage: `credentialcomposer(test): plugin returned invalid X509SVID attributes: extra extensions: invalid OID: non-integer part "NOT AN OID"`, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := &fakeV1Plugin{err: tt.pluginErr, composeServerX509SVIDResponseOut: tt.responseOut} cc := loadV1Plugin(t, plugin) @@ -567,7 +565,6 @@ func TestV1ComposeAgentX509SVID(t *testing.T) { expectMessage: `credentialcomposer(test): plugin returned invalid X509SVID attributes: extra extensions: invalid OID: non-integer part "NOT AN OID"`, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := &fakeV1Plugin{err: tt.pluginErr, composeAgentX509SVIDResponseOut: tt.responseOut} cc := loadV1Plugin(t, plugin) @@ -750,7 +747,6 @@ func TestV1ComposeWorkloadX509SVID(t *testing.T) { expectMessage: `credentialcomposer(test): plugin returned invalid X509SVID attributes: extra extensions: invalid OID: non-integer part "NOT AN OID"`, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := &fakeV1Plugin{err: tt.pluginErr, composeWorkloadX509SVIDResponseOut: tt.responseOut} cc := loadV1Plugin(t, plugin) @@ -847,7 +843,6 @@ func TestV1ComposeWorkloadJWTSVID(t *testing.T) { expectAttributesOut: credentialcomposer.JWTSVIDAttributes{Claims: map[string]any{"NEW_KEY": "NEW_VALUE"}}, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := &fakeV1Plugin{err: tt.pluginErr, composeWorkloadJWTSVIDResponseOut: tt.responseOut} cc := loadV1Plugin(t, plugin) diff --git a/pkg/server/plugin/keymanager/awskms/awskms.go b/pkg/server/plugin/keymanager/awskms/awskms.go index f2bdc74d1e..47980e4a17 100644 --- a/pkg/server/plugin/keymanager/awskms/awskms.go +++ b/pkg/server/plugin/keymanager/awskms/awskms.go @@ -528,7 +528,6 @@ func (p *Plugin) refreshAliases(ctx context.Context) error { defer p.mu.RUnlock() var errs []string for _, entry := range p.entries { - entry := entry _, err := p.kmsClient.UpdateAlias(ctx, &kms.UpdateAliasInput{ AliasName: &entry.AliasName, TargetKeyId: &entry.Arn, @@ -807,7 +806,7 @@ func (p *Plugin) createDefaultPolicy(ctx context.Context) (*string, error) { roleName, err := roleNameFromARN(*result.Arn) if err != nil { // the server has not assumed any role, use default KMS policy and log a warn message - p.log.Warn("In a future version of SPIRE, it will be mandatory for the SPIRE servers to assume an AWS IAM Role when using the default AWS KMS key policy. Please assign an IAM role to this SPIRE Server instance.") + p.log.Warn("In a future version of SPIRE, it will be mandatory for the SPIRE servers to assume an AWS IAM Role when using the default AWS KMS key policy. Please assign an IAM role to this SPIRE Server instance.", reasonTag, err) return nil, nil } diff --git a/pkg/server/plugin/keymanager/awskms/awskms_test.go b/pkg/server/plugin/keymanager/awskms/awskms_test.go index 2a1d8695fb..4d37827bfe 100644 --- a/pkg/server/plugin/keymanager/awskms/awskms_test.go +++ b/pkg/server/plugin/keymanager/awskms/awskms_test.go @@ -357,7 +357,6 @@ func TestConfigure(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -719,6 +718,7 @@ func TestGenerateKey(t *testing.T) { { Level: logrus.WarnLevel, Message: "In a future version of SPIRE, it will be mandatory for the SPIRE servers to assume an AWS IAM Role when using the default AWS KMS key policy. Please assign an IAM role to this SPIRE Server instance.", + Data: logrus.Fields{reasonTag: `incomplete resource, expected 'resource-type/resource-id' but got "example-account-id"`}, }, }, }, @@ -734,11 +734,11 @@ func TestGenerateKey(t *testing.T) { { Level: logrus.WarnLevel, Message: "In a future version of SPIRE, it will be mandatory for the SPIRE servers to assume an AWS IAM Role when using the default AWS KMS key policy. Please assign an IAM role to this SPIRE Server instance.", + Data: logrus.Fields{reasonTag: `arn does not contain an assumed role: "arn:aws:sts::example-account-id:user/development"`}, }, }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -1061,7 +1061,6 @@ func TestSignData(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -1131,7 +1130,6 @@ func TestGetPublicKey(t *testing.T) { code: codes.InvalidArgument, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -1176,7 +1174,6 @@ func TestGetPublicKeys(t *testing.T) { name: "non existing keys", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -1348,7 +1345,6 @@ func TestRefreshAliases(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -1580,7 +1576,6 @@ func TestDisposeAliases(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -1920,7 +1915,6 @@ func TestDisposeKeys(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) diff --git a/pkg/server/plugin/keymanager/azurekeyvault/azure_key_vault_test.go b/pkg/server/plugin/keymanager/azurekeyvault/azure_key_vault_test.go index bbda919591..0c9267bd12 100644 --- a/pkg/server/plugin/keymanager/azurekeyvault/azure_key_vault_test.go +++ b/pkg/server/plugin/keymanager/azurekeyvault/azure_key_vault_test.go @@ -209,7 +209,6 @@ func TestConfigure(t *testing.T) { getKeyErr: "get key error", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -316,7 +315,6 @@ func TestGenerateKey(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -633,7 +631,6 @@ func TestSignData(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -688,7 +685,6 @@ func TestGetPublicKey(t *testing.T) { generatedKeyID: "some-id", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -730,7 +726,6 @@ func TestGetPublicKeys(t *testing.T) { name: "non existing keys", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -796,7 +791,6 @@ func TestRefreshKeys(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) @@ -891,7 +885,6 @@ func TestDisposeKeys(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // setup ts := setupTest(t) diff --git a/pkg/server/plugin/keymanager/gcpkms/client_fake.go b/pkg/server/plugin/keymanager/gcpkms/client_fake.go index bdda4ecc56..32dde6bdc3 100644 --- a/pkg/server/plugin/keymanager/gcpkms/client_fake.go +++ b/pkg/server/plugin/keymanager/gcpkms/client_fake.go @@ -338,7 +338,7 @@ func (k *fakeKMSClient) setGetPublicKeySequentialErrs(fakeError error, count int k.mu.Lock() defer k.mu.Unlock() fakeErrors := make([]error, count) - for i := 0; i < count; i++ { + for i := range count { fakeErrors[i] = fakeError } k.getPublicKeyErrs = fakeErrors diff --git a/pkg/server/plugin/keymanager/gcpkms/gcpkms_test.go b/pkg/server/plugin/keymanager/gcpkms/gcpkms_test.go index 849103728e..257f157336 100644 --- a/pkg/server/plugin/keymanager/gcpkms/gcpkms_test.go +++ b/pkg/server/plugin/keymanager/gcpkms/gcpkms_test.go @@ -386,7 +386,6 @@ func TestConfigure(t *testing.T) { getPublicKeyErrCount: getPublicKeyMaxAttempts + 1, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ts := setupTest(t) ts.fakeKMSClient.putFakeCryptoKeys(tt.fakeCryptoKeys) @@ -966,7 +965,6 @@ func TestGenerateKey(t *testing.T) { getTokenInfoErr: errors.New("error getting token info"), }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ts := setupTest(t) ts.fakeKMSClient.setDestroyTime(fakeTime) @@ -1109,7 +1107,6 @@ func TestKeepActiveCryptoKeys(t *testing.T) { }, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ts := setupTest(t) ts.fakeKMSClient.putFakeCryptoKeys(tt.fakeCryptoKeys) @@ -1215,7 +1212,6 @@ func TestGetPublicKeys(t *testing.T) { name: "non existing keys", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ts := setupTest(t) ts.fakeKMSClient.putFakeCryptoKeys(tt.fakeCryptoKeys) @@ -1317,7 +1313,6 @@ func TestGetPublicKey(t *testing.T) { expectCodeGetPublicKey: codes.InvalidArgument, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ts := setupTest(t) ts.fakeKMSClient.setPEMCrc32C(tt.pemCrc32C) @@ -1413,7 +1408,6 @@ func TestSetIAMPolicy(t *testing.T) { useCustomPolicy: true, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ts := setupTest(t) ts.fakeKMSClient.fakeIAMHandle.setPolicyError(tt.policyErr) @@ -1650,7 +1644,6 @@ func TestSignData(t *testing.T) { signatureCrc32C: &wrapperspb.Int64Value{Value: 1}, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { ts := setupTest(t) ts.fakeKMSClient.setAsymmetricSignErr(tt.asymmetricSignErr) diff --git a/pkg/server/plugin/keymanager/test/keymanagertest.go b/pkg/server/plugin/keymanager/test/keymanagertest.go index 058c7e2df7..efa243ab8c 100644 --- a/pkg/server/plugin/keymanager/test/keymanagertest.go +++ b/pkg/server/plugin/keymanager/test/keymanagertest.go @@ -263,7 +263,6 @@ func assertRSAKey(t *testing.T, key keymanager.Key, bits int) { func testSignCertificates(t *testing.T, key keymanager.Key, signatureAlgorithms []x509.SignatureAlgorithm) { for _, signatureAlgorithm := range signatureAlgorithms { - signatureAlgorithm := signatureAlgorithm t.Run("sign data "+signatureAlgorithm.String(), func(t *testing.T) { assertSignCertificate(t, key, signatureAlgorithm) }) diff --git a/pkg/server/plugin/keymanager/v1_test.go b/pkg/server/plugin/keymanager/v1_test.go index c38941e306..a0c5eee0a6 100644 --- a/pkg/server/plugin/keymanager/v1_test.go +++ b/pkg/server/plugin/keymanager/v1_test.go @@ -71,7 +71,6 @@ func TestV1GenerateKey(t *testing.T) { expectCode: codes.OK, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := fakeV1Plugin{ generateKeyResponse: &keymanagerv1.GenerateKeyResponse{ @@ -136,7 +135,6 @@ func TestV1GetKey(t *testing.T) { expectCode: codes.OK, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := fakeV1Plugin{ getPublicKeyResponse: &keymanagerv1.GetPublicKeyResponse{ @@ -193,7 +191,6 @@ func TestV1GetKeys(t *testing.T) { expectCode: codes.OK, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { resp := &keymanagerv1.GetPublicKeysResponse{} if tt.publicKey != nil { @@ -290,7 +287,6 @@ func TestV1SignData(t *testing.T) { expectCode: codes.OK, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { plugin := fakeV1Plugin{ expectSignerOpts: tt.expectSignerOpts, diff --git a/pkg/server/plugin/nodeattestor/awsiid/spiffeid_test.go b/pkg/server/plugin/nodeattestor/awsiid/spiffeid_test.go index 34c7cfe2e8..b85fed7c82 100644 --- a/pkg/server/plugin/nodeattestor/awsiid/spiffeid_test.go +++ b/pkg/server/plugin/nodeattestor/awsiid/spiffeid_test.go @@ -43,7 +43,6 @@ func TestMakeSpiffeID(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { got, err := makeAgentID(trustDomain, tt.agentPathTemplate, tt.doc, tt.tags) require.NoError(t, err) diff --git a/pkg/server/plugin/nodeattestor/httpchallenge/httpchallenge_test.go b/pkg/server/plugin/nodeattestor/httpchallenge/httpchallenge_test.go index c0573027ef..b0ad9c13ae 100644 --- a/pkg/server/plugin/nodeattestor/httpchallenge/httpchallenge_test.go +++ b/pkg/server/plugin/nodeattestor/httpchallenge/httpchallenge_test.go @@ -106,7 +106,6 @@ func TestConfigure(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { plugin := httpchallenge.New() resp, err := plugin.Configure(context.Background(), &configv1.ConfigureRequest{ @@ -323,7 +322,6 @@ func TestAttestFailures(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { var testNonce string if tt.tofu { @@ -402,7 +400,6 @@ func TestAttestSucceeds(t *testing.T) { }, } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { testNonce := "123456789abcdefghijklmnopqrstuvwxyz" plugin := loadPlugin(t, tt.hclConf, !tt.tofu, client, testNonce) diff --git a/pkg/server/plugin/nodeattestor/jointoken/join_token.go b/pkg/server/plugin/nodeattestor/jointoken/join_token.go index 4237e58172..4192cbeb74 100644 --- a/pkg/server/plugin/nodeattestor/jointoken/join_token.go +++ b/pkg/server/plugin/nodeattestor/jointoken/join_token.go @@ -39,7 +39,7 @@ func buildConfig(coreConfig catalog.CoreConfig, hclText string, status *pluginco return nil } - for key, _ := range newConfig.Extra { + for key := range newConfig.Extra { status.ReportInfof("unknown setting \"%s\" encountered", key) } diff --git a/pkg/server/plugin/nodeattestor/tpmdevid/devid_test.go b/pkg/server/plugin/nodeattestor/tpmdevid/devid_test.go index 50e66ec549..90603286c9 100644 --- a/pkg/server/plugin/nodeattestor/tpmdevid/devid_test.go +++ b/pkg/server/plugin/nodeattestor/tpmdevid/devid_test.go @@ -138,7 +138,6 @@ func TestConfigure(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { plugin := tpmdevid.New() resp, err := plugin.Configure(context.Background(), &configv1.ConfigureRequest{ @@ -494,7 +493,6 @@ func TestAttestFailiures(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { plugin := loadPlugin(t, tt.hclConf) result, err := plugin.Attest(context.Background(), tt.payload, tt.challengeFn) @@ -611,7 +609,6 @@ func TestAttestSucceeds(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run(tt.name, func(t *testing.T) { // Create a TPM session to generate payload and challenge response data session, err := tpmutil.NewSession(&tpmutil.SessionConfig{ diff --git a/pkg/server/plugin/nodeattestor/v1_test.go b/pkg/server/plugin/nodeattestor/v1_test.go index 767e88f95a..3be8a6fc54 100644 --- a/pkg/server/plugin/nodeattestor/v1_test.go +++ b/pkg/server/plugin/nodeattestor/v1_test.go @@ -129,7 +129,6 @@ func TestV1(t *testing.T) { expectResult: resultWithSelectorsAndCanReattest, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { nodeattestor := loadV1Plugin(t, tt.plugin) result, err := nodeattestor.Attest(context.Background(), []byte(tt.payload), diff --git a/pkg/server/plugin/nodeattestor/x509pop/x509pop_test.go b/pkg/server/plugin/nodeattestor/x509pop/x509pop_test.go index 8c641b6987..d6b852c407 100644 --- a/pkg/server/plugin/nodeattestor/x509pop/x509pop_test.go +++ b/pkg/server/plugin/nodeattestor/x509pop/x509pop_test.go @@ -129,7 +129,6 @@ func (s *Suite) TestAttestSuccess() { } for _, tt := range tests { - tt := tt // alias loop variable as it is used in the closure s.T().Run(tt.desc, func(t *testing.T) { attestor := s.loadPlugin(t, tt.giveConfig) diff --git a/pkg/server/plugin/notifier/gcsbundle/gcsbundle_test.go b/pkg/server/plugin/notifier/gcsbundle/gcsbundle_test.go index d211bf816b..c02590f25a 100644 --- a/pkg/server/plugin/notifier/gcsbundle/gcsbundle_test.go +++ b/pkg/server/plugin/notifier/gcsbundle/gcsbundle_test.go @@ -85,7 +85,6 @@ func TestConfigure(t *testing.T) { } for _, tt := range testCases { - tt := tt t.Run(tt.name, func(t *testing.T) { idp := fakeidentityprovider.New() @@ -204,7 +203,6 @@ func testUpdateBundleObject(t *testing.T, notify func(notifier.Notifier) error) desc: "notifier(gcs_bundle): unable to update bundle object the-bucket/bundle.pem: googleapi: got HTTP response code 412 with body: ohno", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { // Create a raw instance so we can hook the bucket client creation, // possibly overriding with a test specific hook. diff --git a/pkg/server/plugin/notifier/k8sbundle/k8sbundle_test.go b/pkg/server/plugin/notifier/k8sbundle/k8sbundle_test.go index 68f002ab51..23abe7b760 100644 --- a/pkg/server/plugin/notifier/k8sbundle/k8sbundle_test.go +++ b/pkg/server/plugin/notifier/k8sbundle/k8sbundle_test.go @@ -693,7 +693,6 @@ func TestConfigure(t *testing.T) { `, }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { test := setupTest(t, withNoConfigure()) _, err := test.rawPlugin.Configure(context.Background(), &configv1.ConfigureRequest{ diff --git a/pkg/server/plugin/upstreamauthority/awspca/pca_test.go b/pkg/server/plugin/upstreamauthority/awspca/pca_test.go index f6eaa14f15..d5b8bc6639 100644 --- a/pkg/server/plugin/upstreamauthority/awspca/pca_test.go +++ b/pkg/server/plugin/upstreamauthority/awspca/pca_test.go @@ -202,7 +202,6 @@ badjson expectMsgPrefix: "failed to create client: MissingEndpoint: 'Endpoint' configuration is required for this service", }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { client := &pcaClientFake{t: t} clock := clock.NewMock() @@ -411,7 +410,6 @@ func TestMintX509CA(t *testing.T) { expectMsgPrefix: "upstreamauthority(aws_pca): failed to parse certificate chain from response: no PEM blocks", }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { client := &pcaClientFake{t: t} clk := clock.NewMock() diff --git a/pkg/server/plugin/upstreamauthority/awssecret/awssecret_test.go b/pkg/server/plugin/upstreamauthority/awssecret/awssecret_test.go index 4f6051679a..a2e907cec4 100644 --- a/pkg/server/plugin/upstreamauthority/awssecret/awssecret_test.go +++ b/pkg/server/plugin/upstreamauthority/awssecret/awssecret_test.go @@ -197,7 +197,6 @@ func TestConfigure(t *testing.T) { expectMsgPrefix: "unable to read missing_bundle: secret not found", }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { var err error @@ -328,7 +327,6 @@ func TestMintX509CA(t *testing.T) { expectMsgPrefix: "upstreamauthority(awssecret): unable to sign CSR: unable to parse CSR", }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { p := New() p.hooks.clock = clk diff --git a/pkg/server/plugin/upstreamauthority/certmanager/api.go b/pkg/server/plugin/upstreamauthority/certmanager/api.go index fdaf6d6c5f..203ecd3056 100644 --- a/pkg/server/plugin/upstreamauthority/certmanager/api.go +++ b/pkg/server/plugin/upstreamauthority/certmanager/api.go @@ -83,15 +83,15 @@ func (p *Plugin) cleanupStaleCertificateRequests(ctx context.Context) error { for i, cr := range crList.Items { for _, cond := range []cmapi.CertificateRequestCondition{ - cmapi.CertificateRequestCondition{ + { Type: cmapi.CertificateRequestConditionDenied, Status: cmapi.ConditionTrue, }, - cmapi.CertificateRequestCondition{ + { Type: cmapi.CertificateRequestConditionReady, Status: cmapi.ConditionTrue, }, - cmapi.CertificateRequestCondition{ + { Type: cmapi.CertificateRequestConditionReady, Status: cmapi.ConditionFalse, Reason: cmapi.CertificateRequestReasonFailed, diff --git a/pkg/server/plugin/upstreamauthority/certmanager/certmanager.go b/pkg/server/plugin/upstreamauthority/certmanager/certmanager.go index 3c93a775bf..db5e1df451 100644 --- a/pkg/server/plugin/upstreamauthority/certmanager/certmanager.go +++ b/pkg/server/plugin/upstreamauthority/certmanager/certmanager.go @@ -190,7 +190,7 @@ func (p *Plugin) MintX509CAAndSubscribe(request *upstreamauthorityv1.MintX509CAR // Poll the CertificateRequest until it is signed. If not signed after 300 // polls, error. obj := client.ObjectKey{Name: cr.GetName(), Namespace: cr.GetNamespace()} - for i := 0; true; i++ { + for i := 0; ; i++ { if i == 60*5 { // ~1.25 mins log.Error("Failed to wait for CertificateRequest to become ready in time") return status.Error(codes.Internal, "request did not become ready in time") diff --git a/pkg/server/plugin/upstreamauthority/disk/disk_test.go b/pkg/server/plugin/upstreamauthority/disk/disk_test.go index eb21fe2393..46279df189 100644 --- a/pkg/server/plugin/upstreamauthority/disk/disk_test.go +++ b/pkg/server/plugin/upstreamauthority/disk/disk_test.go @@ -122,7 +122,6 @@ func TestMintX509CA(t *testing.T) { expectedX509Authorities: []string{"spiffe://root"}, }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { p := New() p.clock = testData.Clock @@ -307,7 +306,6 @@ func TestConfigure(t *testing.T) { expectMsgPrefix: "server core configuration must contain trust_domain", }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { var err error diff --git a/pkg/server/plugin/upstreamauthority/ejbca/ejbca.go b/pkg/server/plugin/upstreamauthority/ejbca/ejbca.go index d023627b88..cdbc2b19f1 100644 --- a/pkg/server/plugin/upstreamauthority/ejbca/ejbca.go +++ b/pkg/server/plugin/upstreamauthority/ejbca/ejbca.go @@ -358,7 +358,7 @@ func (p *Plugin) setClient(client ejbcaClient) { func (p *Plugin) getEndEntityName(config *Config, csr *x509.CertificateRequest) (string, error) { logger := p.logger.Named("getEndEntityName") - eeName := "" + var eeName string // 1. If the endEntityName option is set, determine the end entity name based on the option // 2. If the endEntityName option is not set, determine the end entity name based on the CSR diff --git a/pkg/server/plugin/upstreamauthority/spire/spire_test.go b/pkg/server/plugin/upstreamauthority/spire/spire_test.go index 58ad8c78ae..6dae4c6e5a 100644 --- a/pkg/server/plugin/upstreamauthority/spire/spire_test.go +++ b/pkg/server/plugin/upstreamauthority/spire/spire_test.go @@ -80,7 +80,6 @@ func TestConfigure(t *testing.T) { } cases = append(cases, configureCasesOS(t)...) for _, tt := range cases { - tt := tt t.Run(tt.name, func(t *testing.T) { var err error @@ -261,7 +260,6 @@ func TestMintX509CA(t *testing.T) { cases = append(cases, mintX509CACasesOS(t)...) for _, c := range cases { - c := c t.Run(c.name, func(t *testing.T) { mockClock := clock.NewMock(t) diff --git a/pkg/server/plugin/upstreamauthority/v1_test.go b/pkg/server/plugin/upstreamauthority/v1_test.go index 159001b0c0..fad3e78f28 100644 --- a/pkg/server/plugin/upstreamauthority/v1_test.go +++ b/pkg/server/plugin/upstreamauthority/v1_test.go @@ -199,7 +199,6 @@ func TestV1MintX509CA(t *testing.T) { expectStreamMessage: "upstreamauthority(test): ohno", }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { log, logHook := test.NewNullLogger() @@ -364,7 +363,6 @@ func TestV1PublishJWTKey(t *testing.T) { expectStreamMessage: "upstreamauthority(test): ohno", }, } { - tt := tt t.Run(tt.test, func(t *testing.T) { log, logHook := test.NewNullLogger() diff --git a/pkg/server/plugin/upstreamauthority/vault/vault_client_test.go b/pkg/server/plugin/upstreamauthority/vault/vault_client_test.go index 941cabca9d..fae338bca4 100644 --- a/pkg/server/plugin/upstreamauthority/vault/vault_client_test.go +++ b/pkg/server/plugin/upstreamauthority/vault/vault_client_test.go @@ -91,7 +91,6 @@ func TestNewAuthenticatedClientCertAuth(t *testing.T) { namespace: "test-ns", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { fakeVaultServer.CertAuthResponse = tt.response @@ -176,7 +175,6 @@ func TestNewAuthenticatedClientTokenAuth(t *testing.T) { expectMsgPrefix: "token is empty", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { fakeVaultServer.LookupSelfResponse = tt.response @@ -244,7 +242,6 @@ func TestNewAuthenticatedClientAppRoleAuth(t *testing.T) { namespace: "test-ns", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { fakeVaultServer.AppRoleAuthResponse = tt.response @@ -308,7 +305,6 @@ func TestNewAuthenticatedClientK8sAuth(t *testing.T) { namespace: "test-ns", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { fakeVaultServer.K8sAuthResponse = tt.response diff --git a/pkg/server/plugin/upstreamauthority/vault/vault_test.go b/pkg/server/plugin/upstreamauthority/vault/vault_test.go index 65f704f728..a33abc236f 100644 --- a/pkg/server/plugin/upstreamauthority/vault/vault_test.go +++ b/pkg/server/plugin/upstreamauthority/vault/vault_test.go @@ -166,7 +166,6 @@ func TestConfigure(t *testing.T) { expectMsgPrefix: "token_path is required", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { var err error @@ -179,7 +178,7 @@ func TestConfigure(t *testing.T) { return v, ok } - plainConfig := "" + var plainConfig string if tt.plainConfig != "" { plainConfig = tt.plainConfig } else { @@ -667,7 +666,6 @@ func TestMintX509CA(t *testing.T) { expectMsgPrefix: "upstreamauthority(vault): failed to parse CSR data:", }, } { - tt := tt t.Run(tt.name, func(t *testing.T) { fakeVaultServer := tt.fakeServer() diff --git a/pkg/server/server.go b/pkg/server/server.go index 6693e2fd2e..ef7996de1c 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -92,6 +92,7 @@ func (s *Server) run(ctx context.Context) (err error) { FileConfig: s.config.Telemetry, Logger: s.config.Log.WithField(telemetry.SubsystemName, telemetry.Telemetry), ServiceName: telemetry.SpireServer, + TrustDomain: s.config.TrustDomain.Name(), }) if err != nil { return err @@ -211,7 +212,7 @@ func (s *Server) run(ctx context.Context) (err error) { registrationManager.Run, bundlePublishingManager.Run, catalog.ReconfigureTask(s.config.Log.WithField(telemetry.SubsystemName, "reconfigurer"), cat), - util.SerialRun(s.waitForTestDial, healthChecker.ListenAndServe), + healthChecker.ListenAndServe, } if s.config.LogReopener != nil { @@ -283,7 +284,8 @@ func (s *Server) setupProfiling(ctx context.Context) (stop func()) { } func (s *Server) loadCatalog(ctx context.Context, metrics telemetry.Metrics, identityProvider *identityprovider.IdentityProvider, agentStore *agentstore.AgentStore, - healthChecker health.Checker) (*catalog.Repository, error) { + healthChecker health.Checker, +) (*catalog.Repository, error) { return catalog.Load(ctx, catalog.Config{ Log: s.config.Log.WithField(telemetry.SubsystemName, telemetry.Catalog), Metrics: metrics, @@ -447,8 +449,8 @@ func (s *Server) validateTrustDomain(ctx context.Context, ds datastore.DataStore Pagination: &datastore.Pagination{ Token: "", PageSize: pageSize, - }}) - + }, + }) if err != nil { return err } @@ -469,7 +471,8 @@ func (s *Server) validateTrustDomain(ctx context.Context, ds datastore.DataStore Pagination: &datastore.Pagination{ Token: "", PageSize: pageSize, - }}) + }, + }) if err != nil { return err } @@ -489,14 +492,6 @@ func (s *Server) validateTrustDomain(ctx context.Context, ds datastore.DataStore return nil } -// waitForTestDial calls health.WaitForTestDial to wait for a connection to the -// SPIRE Server API socket. This function always returns nil, even if -// health.WaitForTestDial exited due to a timeout. -func (s *Server) waitForTestDial(ctx context.Context) error { - health.WaitForTestDial(ctx, s.config.BindLocalAddress) - return nil -} - // CheckHealth is used as a top-level health check for the Server. func (s *Server) CheckHealth() health.State { err := s.tryGetBundle() @@ -518,9 +513,14 @@ func (s *Server) CheckHealth() health.State { } func (s *Server) tryGetBundle() error { - client, err := server_util.NewServerClient(s.config.BindLocalAddress) + addr, err := util.GetTargetName(s.config.BindLocalAddress) + if err != nil { + return fmt.Errorf("cannot get local gRPC address: %w", err) + } + + client, err := server_util.NewServerClient(addr) if err != nil { - return errors.New("cannot create registration client") + return fmt.Errorf("cannot create registration client: %w", err) } defer client.Release() @@ -531,7 +531,7 @@ func (s *Server) tryGetBundle() error { // As currently coded however, the API isn't served until after // the server CA has been signed by upstream. if _, err := bundleClient.GetBundle(context.Background(), &bundlev1.GetBundleRequest{}); err != nil { - return errors.New("unable to fetch bundle") + return fmt.Errorf("unable to fetch bundle: %w", err) } return nil } diff --git a/proto/private/server/journal/journal.pb.go b/proto/private/server/journal/journal.pb.go index 1cb96a9d65..d33537121a 100644 --- a/proto/private/server/journal/journal.pb.go +++ b/proto/private/server/journal/journal.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.1 +// protoc-gen-go v1.36.4 // protoc v4.24.4 // source: private/server/journal/journal.proto @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -338,7 +339,7 @@ func (x *Entries) GetJwtKeys() []*JWTKeyEntry { var File_private_server_journal_journal_proto protoreflect.FileDescriptor -var file_private_server_journal_journal_proto_rawDesc = []byte{ +var file_private_server_journal_journal_proto_rawDesc = string([]byte{ 0x0a, 0x24, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6a, 0x6f, 0x75, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x6a, 0x6f, 0x75, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa1, 0x02, 0x0a, 0x0b, 0x58, 0x35, 0x30, 0x39, 0x43, @@ -387,16 +388,16 @@ var file_private_server_journal_journal_proto_rawDesc = []byte{ 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6a, 0x6f, 0x75, 0x72, 0x6e, 0x61, 0x6c, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +}) var ( file_private_server_journal_journal_proto_rawDescOnce sync.Once - file_private_server_journal_journal_proto_rawDescData = file_private_server_journal_journal_proto_rawDesc + file_private_server_journal_journal_proto_rawDescData []byte ) func file_private_server_journal_journal_proto_rawDescGZIP() []byte { file_private_server_journal_journal_proto_rawDescOnce.Do(func() { - file_private_server_journal_journal_proto_rawDescData = protoimpl.X.CompressGZIP(file_private_server_journal_journal_proto_rawDescData) + file_private_server_journal_journal_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_private_server_journal_journal_proto_rawDesc), len(file_private_server_journal_journal_proto_rawDesc))) }) return file_private_server_journal_journal_proto_rawDescData } @@ -430,7 +431,7 @@ func file_private_server_journal_journal_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_private_server_journal_journal_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_private_server_journal_journal_proto_rawDesc), len(file_private_server_journal_journal_proto_rawDesc)), NumEnums: 1, NumMessages: 3, NumExtensions: 0, @@ -442,7 +443,6 @@ func file_private_server_journal_journal_proto_init() { MessageInfos: file_private_server_journal_journal_proto_msgTypes, }.Build() File_private_server_journal_journal_proto = out.File - file_private_server_journal_journal_proto_rawDesc = nil file_private_server_journal_journal_proto_goTypes = nil file_private_server_journal_journal_proto_depIdxs = nil } diff --git a/proto/spire/common/common.pb.go b/proto/spire/common/common.pb.go index ac6ed37391..a98c5bc093 100644 --- a/proto/spire/common/common.pb.go +++ b/proto/spire/common/common.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.1 +// protoc-gen-go v1.36.4 // protoc v4.24.4 // source: spire/common/common.proto @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -1061,7 +1062,7 @@ func (x *AttestedNodeMask) GetCanReattest() bool { var File_spire_common_common_proto protoreflect.FileDescriptor -var file_spire_common_common_proto_rawDesc = []byte{ +var file_spire_common_common_proto_rawDesc = string([]byte{ 0x0a, 0x19, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x07, 0x0a, 0x05, 0x45, 0x6d, 0x70, @@ -1225,16 +1226,16 @@ var file_spire_common_common_proto_rawDesc = []byte{ 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +}) var ( file_spire_common_common_proto_rawDescOnce sync.Once - file_spire_common_common_proto_rawDescData = file_spire_common_common_proto_rawDesc + file_spire_common_common_proto_rawDescData []byte ) func file_spire_common_common_proto_rawDescGZIP() []byte { file_spire_common_common_proto_rawDescOnce.Do(func() { - file_spire_common_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_common_common_proto_rawDescData) + file_spire_common_common_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_common_common_proto_rawDesc), len(file_spire_common_common_proto_rawDesc))) }) return file_spire_common_common_proto_rawDescData } @@ -1278,7 +1279,7 @@ func file_spire_common_common_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_common_common_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_common_common_proto_rawDesc), len(file_spire_common_common_proto_rawDesc)), NumEnums: 0, NumMessages: 13, NumExtensions: 0, @@ -1289,7 +1290,6 @@ func file_spire_common_common_proto_init() { MessageInfos: file_spire_common_common_proto_msgTypes, }.Build() File_spire_common_common_proto = out.File - file_spire_common_common_proto_rawDesc = nil file_spire_common_common_proto_goTypes = nil file_spire_common_common_proto_depIdxs = nil } diff --git a/proto/spire/common/plugin/plugin.pb.go b/proto/spire/common/plugin/plugin.pb.go index a39b472a39..97e8d5d082 100644 --- a/proto/spire/common/plugin/plugin.pb.go +++ b/proto/spire/common/plugin/plugin.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.1 +// protoc-gen-go v1.36.4 // protoc v4.24.4 // source: spire/common/plugin/plugin.proto @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -403,7 +404,7 @@ func (x *ConfigureRequest_GlobalConfig) GetTrustDomain() string { var File_spire_common_plugin_plugin_proto protoreflect.FileDescriptor -var file_spire_common_plugin_plugin_proto_rawDesc = []byte{ +var file_spire_common_plugin_plugin_proto_rawDesc = string([]byte{ 0x0a, 0x20, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, @@ -458,16 +459,16 @@ var file_spire_common_plugin_plugin_proto_rawDesc = []byte{ 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +}) var ( file_spire_common_plugin_plugin_proto_rawDescOnce sync.Once - file_spire_common_plugin_plugin_proto_rawDescData = file_spire_common_plugin_plugin_proto_rawDesc + file_spire_common_plugin_plugin_proto_rawDescData []byte ) func file_spire_common_plugin_plugin_proto_rawDescGZIP() []byte { file_spire_common_plugin_plugin_proto_rawDescOnce.Do(func() { - file_spire_common_plugin_plugin_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_common_plugin_plugin_proto_rawDescData) + file_spire_common_plugin_plugin_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_common_plugin_plugin_proto_rawDesc), len(file_spire_common_plugin_plugin_proto_rawDesc))) }) return file_spire_common_plugin_plugin_proto_rawDescData } @@ -502,7 +503,7 @@ func file_spire_common_plugin_plugin_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_common_plugin_plugin_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_common_plugin_plugin_proto_rawDesc), len(file_spire_common_plugin_plugin_proto_rawDesc)), NumEnums: 0, NumMessages: 7, NumExtensions: 0, @@ -513,7 +514,6 @@ func file_spire_common_plugin_plugin_proto_init() { MessageInfos: file_spire_common_plugin_plugin_proto_msgTypes, }.Build() File_spire_common_plugin_plugin_proto = out.File - file_spire_common_plugin_plugin_proto_rawDesc = nil file_spire_common_plugin_plugin_proto_goTypes = nil file_spire_common_plugin_plugin_proto_depIdxs = nil } diff --git a/support/oidc-discovery-provider/config.go b/support/oidc-discovery-provider/config.go index c32600f940..f0cb81ed69 100644 --- a/support/oidc-discovery-provider/config.go +++ b/support/oidc-discovery-provider/config.go @@ -1,6 +1,8 @@ package main import ( + "errors" + "fmt" "net" "net/url" "os" @@ -8,7 +10,6 @@ import ( "github.com/hashicorp/hcl" "github.com/spiffe/spire/pkg/common/config" - "github.com/zeebo/errs" ) const ( @@ -189,7 +190,7 @@ type experimentalWorkloadAPIConfig struct { func LoadConfig(path string, expandEnv bool) (*Config, error) { hclBytes, err := os.ReadFile(path) if err != nil { - return nil, errs.New("unable to load configuration: %v", err) + return nil, fmt.Errorf("unable to load configuration: %w", err) } hclString := string(hclBytes) if expandEnv { @@ -201,7 +202,7 @@ func LoadConfig(path string, expandEnv bool) (*Config, error) { func ParseConfig(hclConfig string) (_ *Config, err error) { c := new(Config) if err := hcl.Decode(c, hclConfig); err != nil { - return nil, errs.New("unable to decode configuration: %v", err) + return nil, fmt.Errorf("unable to decode configuration: %w", err) } if c.LogLevel == "" { @@ -209,7 +210,7 @@ func ParseConfig(hclConfig string) (_ *Config, err error) { } if len(c.Domains) == 0 { - return nil, errs.New("at least one domain must be configured") + return nil, errors.New("at least one domain must be configured") } c.Domains = dedupeList(c.Domains) @@ -220,20 +221,20 @@ func ParseConfig(hclConfig string) (_ *Config, err error) { } switch { case c.InsecureAddr != "": - return nil, errs.New("insecure_addr and the acme section are mutually exclusive") + return nil, errors.New("insecure_addr and the acme section are mutually exclusive") case !c.ACME.ToSAccepted: - return nil, errs.New("tos_accepted must be set to true in the acme configuration section") + return nil, errors.New("tos_accepted must be set to true in the acme configuration section") case c.ACME.Email == "": - return nil, errs.New("email must be configured in the acme configuration section") + return nil, errors.New("email must be configured in the acme configuration section") } } if c.ServingCertFile != nil { if c.ServingCertFile.CertFilePath == "" { - return nil, errs.New("cert_file_path must be configured in the serving_cert_file configuration section") + return nil, errors.New("cert_file_path must be configured in the serving_cert_file configuration section") } if c.ServingCertFile.KeyFilePath == "" { - return nil, errs.New("key_file_path must be configured in the serving_cert_file configuration section") + return nil, errors.New("key_file_path must be configured in the serving_cert_file configuration section") } if c.ServingCertFile.RawAddr == "" { @@ -242,13 +243,13 @@ func ParseConfig(hclConfig string) (_ *Config, err error) { addr, err := net.ResolveTCPAddr("tcp", c.ServingCertFile.RawAddr) if err != nil { - return nil, errs.New("invalid addr in the serving_cert_file configuration section: %v", err) + return nil, fmt.Errorf("invalid addr in the serving_cert_file configuration section: %w", err) } c.ServingCertFile.Addr = addr c.ServingCertFile.FileSyncInterval, err = parseDurationField(c.ServingCertFile.RawFileSyncInterval, defaultFileSyncInterval) if err != nil { - return nil, errs.New("invalid file_sync_interval in the serving_cert_file configuration section: %v", err) + return nil, fmt.Errorf("invalid file_sync_interval in the serving_cert_file configuration section: %w", err) } } @@ -257,18 +258,18 @@ func ParseConfig(hclConfig string) (_ *Config, err error) { if c.ServerAPI != nil { c.ServerAPI.PollInterval, err = parseDurationField(c.ServerAPI.RawPollInterval, defaultPollInterval) if err != nil { - return nil, errs.New("invalid poll_interval in the server_api configuration section: %v", err) + return nil, fmt.Errorf("invalid poll_interval in the server_api configuration section: %w", err) } methodCount++ } if c.WorkloadAPI != nil { if c.WorkloadAPI.TrustDomain == "" { - return nil, errs.New("trust_domain must be configured in the workload_api configuration section") + return nil, errors.New("trust_domain must be configured in the workload_api configuration section") } c.WorkloadAPI.PollInterval, err = parseDurationField(c.WorkloadAPI.RawPollInterval, defaultPollInterval) if err != nil { - return nil, errs.New("invalid poll_interval in the workload_api configuration section: %v", err) + return nil, fmt.Errorf("invalid poll_interval in the workload_api configuration section: %w", err) } methodCount++ } @@ -291,15 +292,20 @@ func ParseConfig(hclConfig string) (_ *Config, err error) { switch methodCount { case 0: - return nil, errs.New("either the server_api or workload_api section must be configured") + return nil, errors.New("either the server_api or workload_api section must be configured") case 1: default: - return nil, errs.New("the server_api and workload_api sections are mutually exclusive") + return nil, errors.New("the server_api and workload_api sections are mutually exclusive") } if c.JWTIssuer != "" { jwtIssuer, err := url.Parse(c.JWTIssuer) - if err != nil || jwtIssuer.Scheme == "" || jwtIssuer.Host == "" { - return nil, errs.New("the jwt_issuer url could not be parsed") + switch { + case err != nil: + return nil, fmt.Errorf("the jwt_issuer url could not be parsed: %w", err) + case jwtIssuer.Scheme == "": + return nil, errors.New("the jwt_issuer url must contain a scheme") + case jwtIssuer.Host == "": + return nil, errors.New("the jwt_issuer url must contain a host") } } return c, nil diff --git a/support/oidc-discovery-provider/config_posix_test.go b/support/oidc-discovery-provider/config_posix_test.go index bba9706483..3401c6818f 100644 --- a/support/oidc-discovery-provider/config_posix_test.go +++ b/support/oidc-discovery-provider/config_posix_test.go @@ -697,7 +697,7 @@ func parseConfigCasesOS() []parseConfigCase { address = "unix:///some/socket/path" } `, - err: "the jwt_issuer url could not be parsed", + err: "the jwt_issuer url must contain a scheme", }, { name: "JWT issuer with missing host", @@ -712,7 +712,7 @@ func parseConfigCasesOS() []parseConfigCase { address = "unix:///some/socket/path" } `, - err: "the jwt_issuer url could not be parsed", + err: "the jwt_issuer url must contain a host", }, { name: "JWT issuer is invalid", diff --git a/support/oidc-discovery-provider/config_test.go b/support/oidc-discovery-provider/config_test.go index ebe3e6b1a4..49a8c83848 100644 --- a/support/oidc-discovery-provider/config_test.go +++ b/support/oidc-discovery-provider/config_test.go @@ -27,7 +27,7 @@ func TestLoadConfig(t *testing.T) { require.Error(err) require.Contains(err.Error(), "unable to load configuration:") - err = os.WriteFile(confPath, []byte(minimalEnvServerAPIConfig), 0600) + err = os.WriteFile(confPath, []byte(minimalEnvServerAPIConfig), 0o600) require.NoError(err) os.Setenv("SPIFFE_TRUST_DOMAIN", "domain.test") @@ -45,7 +45,7 @@ func TestLoadConfig(t *testing.T) { ServerAPI: serverAPIConfig, }, config) - err = os.WriteFile(confPath, []byte(minimalServerAPIConfig), 0600) + err = os.WriteFile(confPath, []byte(minimalServerAPIConfig), 0o600) require.NoError(err) config, err = LoadConfig(confPath, false) @@ -85,7 +85,6 @@ func TestParseConfig(t *testing.T) { testCases = append(testCases, parseConfigCasesOS()...) for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { actual, err := ParseConfig(testCase.in) if testCase.err != "" { diff --git a/support/oidc-discovery-provider/config_windows_test.go b/support/oidc-discovery-provider/config_windows_test.go index 728b81f440..7fd2efc266 100644 --- a/support/oidc-discovery-provider/config_windows_test.go +++ b/support/oidc-discovery-provider/config_windows_test.go @@ -645,7 +645,7 @@ func parseConfigCasesOS() []parseConfigCase { } } `, - err: "the jwt_issuer url could not be parsed", + err: "the jwt_issuer url must contain a scheme", }, { name: "JWT issuer with missing host", @@ -663,7 +663,7 @@ func parseConfigCasesOS() []parseConfigCase { } } `, - err: "the jwt_issuer url could not be parsed", + err: "the jwt_issuer url must contain a host", }, { name: "JWT issuer is invalid", diff --git a/support/oidc-discovery-provider/handler_test.go b/support/oidc-discovery-provider/handler_test.go index 25862ff364..27ff97ddfd 100644 --- a/support/oidc-discovery-provider/handler_test.go +++ b/support/oidc-discovery-provider/handler_test.go @@ -164,7 +164,6 @@ func TestHandlerHTTPS(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { source := new(FakeKeySetSource) source.SetKeySet(testCase.jwks, testCase.modTime, testCase.pollTime) @@ -277,7 +276,6 @@ func TestHandlerHTTPInsecure(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { source := new(FakeKeySetSource) source.SetKeySet(testCase.jwks, testCase.modTime, testCase.pollTime) @@ -442,7 +440,6 @@ func TestHandlerHTTP(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { source := new(FakeKeySetSource) source.SetKeySet(testCase.jwks, testCase.modTime, testCase.pollTime) @@ -559,7 +556,6 @@ func TestHandlerProxied(t *testing.T) { }, } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { source := new(FakeKeySetSource) source.SetKeySet(testCase.jwks, testCase.modTime, testCase.pollTime) @@ -697,7 +693,6 @@ func TestHandlerJWTIssuer(t *testing.T) { }, } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { source := new(FakeKeySetSource) source.SetKeySet(testCase.jwks, testCase.modTime, testCase.pollTime) diff --git a/support/oidc-discovery-provider/healthchecks_handler_test.go b/support/oidc-discovery-provider/healthchecks_handler_test.go index 2d373d67b3..4b9ee906f5 100644 --- a/support/oidc-discovery-provider/healthchecks_handler_test.go +++ b/support/oidc-discovery-provider/healthchecks_handler_test.go @@ -105,7 +105,6 @@ func TestHealthCheckHandler(t *testing.T) { } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { source := new(FakeKeySetSource) source.SetKeySet(testCase.jwks, testCase.modTime, testCase.pollTime) diff --git a/support/oidc-discovery-provider/main.go b/support/oidc-discovery-provider/main.go index feb5e9b216..de2d70bbf2 100644 --- a/support/oidc-discovery-provider/main.go +++ b/support/oidc-discovery-provider/main.go @@ -3,6 +3,7 @@ package main import ( "context" "crypto/tls" + "errors" "flag" "fmt" "net" @@ -17,7 +18,6 @@ import ( "github.com/spiffe/spire/pkg/common/log" "github.com/spiffe/spire/pkg/common/telemetry" "github.com/spiffe/spire/pkg/common/version" - "github.com/zeebo/errs" "golang.org/x/crypto/acme" "golang.org/x/crypto/acme/autocert" ) @@ -50,7 +50,7 @@ func run(configPath string, expandEnv bool) error { log, err := log.NewLogger(log.WithLevel(config.LogLevel), log.WithFormat(config.LogFormat), log.WithOutputFile(config.LogPath)) if err != nil { - return errs.Wrap(err) + return err } defer log.Close() @@ -158,7 +158,7 @@ func newSource(log logrus.FieldLogger, config *Config) (JWKSSource, error) { case config.WorkloadAPI != nil: workloadAPIAddr, err := config.getWorkloadAPIAddr() if err != nil { - return nil, errs.Wrap(err) + return nil, err } return NewWorkloadAPISource(WorkloadAPISourceConfig{ Log: log, @@ -168,7 +168,7 @@ func newSource(log logrus.FieldLogger, config *Config) (JWKSSource, error) { }) default: // This is defensive; LoadConfig should prevent this from happening. - return nil, errs.New("no source has been configured") + return nil, errors.New("no source has been configured") } } diff --git a/support/oidc-discovery-provider/main_posix.go b/support/oidc-discovery-provider/main_posix.go index d61d1091a6..4e6e75cee8 100644 --- a/support/oidc-discovery-provider/main_posix.go +++ b/support/oidc-discovery-provider/main_posix.go @@ -3,12 +3,12 @@ package main import ( + "errors" "net" "os" "strings" "github.com/spiffe/spire/pkg/common/util" - "github.com/zeebo/errs" ) func (c *Config) getWorkloadAPIAddr() (net.Addr, error) { @@ -23,33 +23,33 @@ func (c *Config) getServerAPITargetName() string { func (c *Config) validateOS() (err error) { switch { case c.ACME == nil && c.ListenSocketPath == "" && c.ServingCertFile == nil && c.InsecureAddr == "": - return errs.New("either acme, serving_cert_file, insecure_addr or listen_socket_path must be configured") + return errors.New("either acme, serving_cert_file, insecure_addr or listen_socket_path must be configured") case c.ACME != nil && c.ServingCertFile != nil: - return errs.New("acme and serving_cert_file are mutually exclusive") + return errors.New("acme and serving_cert_file are mutually exclusive") case c.ACME != nil && c.ListenSocketPath != "": - return errs.New("listen_socket_path and the acme section are mutually exclusive") + return errors.New("listen_socket_path and the acme section are mutually exclusive") case c.ServingCertFile != nil && c.InsecureAddr != "": - return errs.New("serving_cert_file and insecure_addr are mutually exclusive") + return errors.New("serving_cert_file and insecure_addr are mutually exclusive") case c.ServingCertFile != nil && c.ListenSocketPath != "": - return errs.New("serving_cert_file and listen_socket_path are mutually exclusive") + return errors.New("serving_cert_file and listen_socket_path are mutually exclusive") case c.ACME != nil && c.InsecureAddr != "": - return errs.New("acme and insecure_addr are mutually exclusive") + return errors.New("acme and insecure_addr are mutually exclusive") case c.InsecureAddr != "" && c.ListenSocketPath != "": - return errs.New("insecure_addr and listen_socket_path are mutually exclusive") + return errors.New("insecure_addr and listen_socket_path are mutually exclusive") } if c.ServerAPI != nil { if c.ServerAPI.Address == "" { - return errs.New("address must be configured in the server_api configuration section") + return errors.New("address must be configured in the server_api configuration section") } if !strings.HasPrefix(c.ServerAPI.Address, "unix:") { - return errs.New("address must use the unix name system in the server_api configuration section") + return errors.New("address must use the unix name system in the server_api configuration section") } } if c.WorkloadAPI != nil { if c.WorkloadAPI.SocketPath == "" { - return errs.New("socket_path must be configured in the workload_api configuration section") + return errors.New("socket_path must be configured in the workload_api configuration section") } } diff --git a/support/oidc-discovery-provider/main_windows.go b/support/oidc-discovery-provider/main_windows.go index a05b5fd32e..55d24ebdb6 100644 --- a/support/oidc-discovery-provider/main_windows.go +++ b/support/oidc-discovery-provider/main_windows.go @@ -3,6 +3,7 @@ package main import ( + "errors" "fmt" "net" "path/filepath" @@ -10,7 +11,6 @@ import ( "github.com/Microsoft/go-winio" "github.com/spiffe/spire/pkg/common/namedpipe" "github.com/spiffe/spire/pkg/common/sddl" - "github.com/zeebo/errs" ) func (c *Config) getWorkloadAPIAddr() (net.Addr, error) { @@ -25,29 +25,29 @@ func (c *Config) getServerAPITargetName() string { func (c *Config) validateOS() (err error) { switch { case c.ACME == nil && c.Experimental.ListenNamedPipeName == "" && c.ServingCertFile == nil && c.InsecureAddr == "": - return errs.New("either acme, serving_cert_file, insecure_addr or listen_named_pipe_name must be configured") + return errors.New("either acme, serving_cert_file, insecure_addr or listen_named_pipe_name must be configured") case c.ACME != nil && c.ServingCertFile != nil: - return errs.New("acme and serving_cert_file are mutually exclusive") + return errors.New("acme and serving_cert_file are mutually exclusive") case c.ACME != nil && c.Experimental.ListenNamedPipeName != "": - return errs.New("listen_named_pipe_name and the acme section are mutually exclusive") + return errors.New("listen_named_pipe_name and the acme section are mutually exclusive") case c.ACME != nil && c.InsecureAddr != "": - return errs.New("acme and insecure_addr are mutually exclusive") + return errors.New("acme and insecure_addr are mutually exclusive") case c.ServingCertFile != nil && c.InsecureAddr != "": - return errs.New("serving_cert_file and insecure_addr are mutually exclusive") + return errors.New("serving_cert_file and insecure_addr are mutually exclusive") case c.ServingCertFile != nil && c.Experimental.ListenNamedPipeName != "": - return errs.New("serving_cert_file and listen_named_pipe_name are mutually exclusive") + return errors.New("serving_cert_file and listen_named_pipe_name are mutually exclusive") case c.InsecureAddr != "" && c.Experimental.ListenNamedPipeName != "": - return errs.New("insecure_addr and listen_named_pipe_name are mutually exclusive") + return errors.New("insecure_addr and listen_named_pipe_name are mutually exclusive") } if c.ServerAPI != nil { if c.ServerAPI.Experimental.NamedPipeName == "" { - return errs.New("named_pipe_name must be configured in the server_api configuration section") + return errors.New("named_pipe_name must be configured in the server_api configuration section") } } if c.WorkloadAPI != nil { if c.WorkloadAPI.Experimental.NamedPipeName == "" { - return errs.New("named_pipe_name must be configured in the workload_api configuration section") + return errors.New("named_pipe_name must be configured in the workload_api configuration section") } } diff --git a/support/oidc-discovery-provider/server_api.go b/support/oidc-discovery-provider/server_api.go index 74724f1b36..8c9b1fec72 100644 --- a/support/oidc-discovery-provider/server_api.go +++ b/support/oidc-discovery-provider/server_api.go @@ -12,7 +12,6 @@ import ( bundlev1 "github.com/spiffe/spire-api-sdk/proto/spire/api/server/bundle/v1" "github.com/spiffe/spire-api-sdk/proto/spire/api/types" "github.com/spiffe/spire/pkg/common/util" - "github.com/zeebo/errs" "google.golang.org/grpc" "google.golang.org/protobuf/proto" ) @@ -49,9 +48,9 @@ func NewServerAPISource(config ServerAPISourceConfig) (*ServerAPISource, error) config.Clock = clock.New() } - conn, err := util.GRPCDialContext(context.Background(), config.GRPCTarget) + conn, err := util.NewGRPCClient(config.GRPCTarget) if err != nil { - return nil, errs.Wrap(err) + return nil, err } ctx, cancel := context.WithCancel(context.Background()) diff --git a/support/oidc-discovery-provider/workload_api.go b/support/oidc-discovery-provider/workload_api.go index 8db442d4f3..caaabf9c78 100644 --- a/support/oidc-discovery-provider/workload_api.go +++ b/support/oidc-discovery-provider/workload_api.go @@ -16,7 +16,6 @@ import ( "github.com/spiffe/go-spiffe/v2/workloadapi" "github.com/spiffe/spire/pkg/common/telemetry" "github.com/spiffe/spire/pkg/common/util" - "github.com/zeebo/errs" ) const ( @@ -56,19 +55,19 @@ func NewWorkloadAPISource(config WorkloadAPISourceConfig) (*WorkloadAPISource, e if config.Addr != nil { o, err := util.GetWorkloadAPIClientOption(config.Addr) if err != nil { - return nil, errs.Wrap(err) + return nil, err } opts = append(opts, o) } trustDomain, err := spiffeid.TrustDomainFromString(config.TrustDomain) if err != nil { - return nil, errs.Wrap(err) + return nil, err } client, err := workloadapi.New(context.Background(), opts...) if err != nil { - return nil, errs.Wrap(err) + return nil, err } ctx, cancel := context.WithCancel(context.Background()) diff --git a/test/clitest/addr_posix.go b/test/clitest/addr_posix.go new file mode 100644 index 0000000000..3e90ade2a0 --- /dev/null +++ b/test/clitest/addr_posix.go @@ -0,0 +1,11 @@ +//go:build !windows + +package clitest + +import ( + "net" +) + +func GetAddr(addr net.Addr) string { + return addr.String() +} diff --git a/test/clitest/addr_windows.go b/test/clitest/addr_windows.go new file mode 100644 index 0000000000..323c307281 --- /dev/null +++ b/test/clitest/addr_windows.go @@ -0,0 +1,13 @@ +//go:build windows + +package clitest + +import ( + "net" + + "github.com/spiffe/spire/pkg/common/namedpipe" +) + +func GetAddr(addr net.Addr) string { + return namedpipe.GetPipeName(addr.String()) +} diff --git a/cmd/spire-server/cli/common/common_posix.go b/test/clitest/common_posix.go similarity index 55% rename from cmd/spire-server/cli/common/common_posix.go rename to test/clitest/common_posix.go index ff1adea6d2..fec9a195b2 100644 --- a/cmd/spire-server/cli/common/common_posix.go +++ b/test/clitest/common_posix.go @@ -1,12 +1,10 @@ //go:build !windows -package common - -import "net" +package clitest var ( AddrArg = "-socketPath" - AddrError = "Error: connection error: desc = \"transport: error while dialing: dial unix /does-not-exist.sock: connect: no such file or directory\"\n" + AddrError = "rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: dial unix ///does-not-exist.sock: connect: no such file or directory\"\n" AddrOutputUsage = ` -output value Desired output format (pretty, json); default: pretty. @@ -15,7 +13,3 @@ var ( ` AddrValue = "/does-not-exist.sock" ) - -func GetAddr(addr net.Addr) string { - return addr.String() -} diff --git a/test/clitest/common_windows.go b/test/clitest/common_windows.go new file mode 100644 index 0000000000..746cf0c80f --- /dev/null +++ b/test/clitest/common_windows.go @@ -0,0 +1,15 @@ +//go:build windows + +package clitest + +var ( + AddrArg = "-namedPipeName" + AddrError = "rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: open \\\\\\\\.\\\\pipe\\\\does-not-exist: The system cannot find the file specified.\"\n" + AddrOutputUsage = ` + -namedPipeName string + Pipe name of the SPIRE Server API named pipe (default "\\spire-server\\private\\api") + -output value + Desired output format (pretty, json); default: pretty. +` + AddrValue = "\\does-not-exist" +) diff --git a/test/fakes/fakedatastore/fakedatastore.go b/test/fakes/fakedatastore/fakedatastore.go index 13728a13ea..33ed4e1cf7 100644 --- a/test/fakes/fakedatastore/fakedatastore.go +++ b/test/fakes/fakedatastore/fakedatastore.go @@ -3,8 +3,9 @@ package fakedatastore import ( "context" "fmt" + "net/url" + "path/filepath" "sort" - "sync/atomic" "testing" "time" @@ -21,8 +22,6 @@ import ( var ( ctx = context.Background() - - nextID uint32 ) type DataStore struct { @@ -38,12 +37,20 @@ func New(tb testing.TB) *DataStore { ds := sql.New(log) ds.SetUseServerTimestamps(true) + tmpDir := tb.TempDir() + dbPath := filepath.Join(tmpDir, "spire.db") + dbPath = url.PathEscape(dbPath) + err := ds.Configure(ctx, fmt.Sprintf(` database_type = "sqlite3" - connection_string = "file:memdb%d?mode=memory&cache=shared" - `, atomic.AddUint32(&nextID, 1))) + connection_string = "file:%s" + `, dbPath)) require.NoError(tb, err) + tb.Cleanup(func() { + ds.Close() + }) + return &DataStore{ ds: ds, } diff --git a/test/fakes/fakeentryclient/entryclient.go b/test/fakes/fakeentryclient/entryclient.go index da9d4d99bd..17cd669b0b 100644 --- a/test/fakes/fakeentryclient/entryclient.go +++ b/test/fakes/fakeentryclient/entryclient.go @@ -49,7 +49,6 @@ func New(t *testing.T, trustDomain spiffeid.TrustDomain, ds datastore.DataStore, service := entry.New(entry.Config{ TrustDomain: trustDomain, DataStore: ds, - //EntryFetcher: authorizedEntryFetcherWithCache, }) log, _ := test.NewNullLogger() @@ -68,7 +67,7 @@ func New(t *testing.T, trustDomain spiffeid.TrustDomain, ds datastore.DataStore, grpctest.Credentials(fakeTransportCreds{}), ) - conn := server.Dial(t) + conn := server.NewGRPCClient(t) c.done = server.Stop c.EntryClient = entryv1.NewEntryClient(conn) diff --git a/test/grpctest/server.go b/test/grpctest/server.go index 3ccf972dab..66a4c467c7 100644 --- a/test/grpctest/server.go +++ b/test/grpctest/server.go @@ -25,12 +25,12 @@ type Server struct { stop func() } -func (s *Server) Dial(tb testing.TB, extraOptions ...grpc.DialOption) grpc.ClientConnInterface { +func (s *Server) NewGRPCClient(tb testing.TB, extraOptions ...grpc.DialOption) grpc.ClientConnInterface { dialOptions := []grpc.DialOption{grpc.WithTransportCredentials(insecure.NewCredentials())} dialOptions = append(dialOptions, s.dialOptions...) dialOptions = append(dialOptions, extraOptions...) - conn, err := grpc.DialContext(context.Background(), s.dialTarget, dialOptions...) //nolint: staticcheck // It is going to be resolved on #5152 - require.NoError(tb, err, "failed to dial") + conn, err := grpc.NewClient(s.dialTarget, dialOptions...) + require.NoError(tb, err, "failed to create client") tb.Cleanup(func() { _ = conn.Close() }) @@ -80,8 +80,16 @@ func StartServer(tb testing.TB, registerFn func(s grpc.ServiceRegistrar), opts . switch config.net { case "": listener := bufconn.Listen(1024 * 32) - dialOptions = append(dialOptions, grpc.WithContextDialer(func(context.Context, string) (net.Conn, error) { - return listener.Dial() + // When grpc-go deprecated grpc.DialContext() in favor of grpc.NewClient(), + // they made a breaking change to always use the DNS resolver, even when overriding the context dialer. + // This is problematic for tests that rely on the grpc-go bufconn transport. + // grpc-go mentions that bufconn was only designed for internal testing of grpc-go, but we are relying on it in our tests. + // As a workaround, use the passthrough resolver to prevent using the DNS resolver, + // since the address is anyway being thrown away by the dialer method. + // More context can be found in this issue: https://github.com/grpc/grpc-go/issues/1786#issuecomment-2114124036 + dialTarget = "passthrough:dummyaddressthatisignoredbybufconntransport" + dialOptions = append(dialOptions, grpc.WithContextDialer(func(ctx context.Context, _ string) (net.Conn, error) { + return listener.DialContext(ctx) })) serverListener = listener case "unix": diff --git a/test/integration/setup/node-attestation/client.go b/test/integration/setup/node-attestation/client.go index 8f113ee4a9..5b8ced7e57 100644 --- a/test/integration/setup/node-attestation/client.go +++ b/test/integration/setup/node-attestation/client.go @@ -230,7 +230,7 @@ func doX509popStep(ctx context.Context) error { // Ban agent if err := banAgent(ctx, client, svidResp.Id); err != nil { - return errors.New("failed to ban agent") + return fmt.Errorf("failed to ban agent: %w", err) } // Reattest banned agent, it MUST fail diff --git a/test/integration/suites/datastore-mysql-replication/docker-compose.yaml b/test/integration/suites/datastore-mysql-replication/docker-compose.yaml index 1ce8f09d49..b43ad6f15e 100644 --- a/test/integration/suites/datastore-mysql-replication/docker-compose.yaml +++ b/test/integration/suites/datastore-mysql-replication/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3.5' services: # MySQL 8.0 containers mysql-8-0-readwrite: diff --git a/test/integration/suites/envoy-sds-v3-spiffe-auth/Dockerfile b/test/integration/suites/envoy-sds-v3-spiffe-auth/Dockerfile index 1bf9c313e2..6933af0cc7 100644 --- a/test/integration/suites/envoy-sds-v3-spiffe-auth/Dockerfile +++ b/test/integration/suites/envoy-sds-v3-spiffe-auth/Dockerfile @@ -1,4 +1,4 @@ -FROM spire-agent:latest-local as spire-agent +FROM spire-agent:latest-local AS spire-agent FROM envoyproxy/envoy-alpine:v1.19.0 AS envoy-agent-mashup COPY --from=spire-agent /opt/spire/bin/spire-agent /opt/spire/bin/spire-agent diff --git a/test/integration/suites/force-rotation-self-signed/Dockerfile b/test/integration/suites/force-rotation-self-signed/Dockerfile index 25e5bac214..d3e3896276 100644 --- a/test/integration/suites/force-rotation-self-signed/Dockerfile +++ b/test/integration/suites/force-rotation-self-signed/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 as nested-agent-alpine +FROM alpine:3.18 AS nested-agent-alpine RUN apk add --no-cache --update openssl COPY --from=spire-agent:latest-local /opt/spire/bin/spire-agent /opt/spire/bin/spire-agent ENTRYPOINT ["/opt/spire/bin/spire-agent", "run"] diff --git a/test/integration/suites/ghostunnel-federation/Dockerfile b/test/integration/suites/ghostunnel-federation/Dockerfile index fe7188cf5a..3a80af7c2b 100644 --- a/test/integration/suites/ghostunnel-federation/Dockerfile +++ b/test/integration/suites/ghostunnel-federation/Dockerfile @@ -1,4 +1,4 @@ -FROM spire-agent:latest-local as spire-agent +FROM spire-agent:latest-local AS spire-agent FROM ghostunnel/ghostunnel:latest AS ghostunnel-latest diff --git a/test/integration/suites/nested-rotation/Dockerfile b/test/integration/suites/nested-rotation/Dockerfile index 25e5bac214..d3e3896276 100644 --- a/test/integration/suites/nested-rotation/Dockerfile +++ b/test/integration/suites/nested-rotation/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 as nested-agent-alpine +FROM alpine:3.18 AS nested-agent-alpine RUN apk add --no-cache --update openssl COPY --from=spire-agent:latest-local /opt/spire/bin/spire-agent /opt/spire/bin/spire-agent ENTRYPOINT ["/opt/spire/bin/spire-agent", "run"] diff --git a/test/spiretest/assertions.go b/test/spiretest/assertions.go index 39b3044dd9..9761ed5b80 100644 --- a/test/spiretest/assertions.go +++ b/test/spiretest/assertions.go @@ -123,7 +123,7 @@ func AssertProtoListEqual(tb testing.TB, expected, actual any) bool { if !assert.Equal(tb, ev.Len(), av.Len(), "expected %d elements in list; got %d", ev.Len(), av.Len()) { return false } - for i := 0; i < ev.Len(); i++ { + for i := range ev.Len() { e := ev.Index(i).Interface().(proto.Message) a := av.Index(i).Interface().(proto.Message) if !AssertProtoEqual(tb, e, a, "proto %d in list is not equal", i) { diff --git a/test/spiretest/socketapi.go b/test/spiretest/socketapi.go index 22652a1fa2..3f2e8eadf1 100644 --- a/test/spiretest/socketapi.go +++ b/test/spiretest/socketapi.go @@ -33,7 +33,7 @@ func ServeGRPCServerOnTempUDSSocket(t *testing.T, server *grpc.Server) net.Addr func ServeGRPCServerOnUDSSocket(t *testing.T, server *grpc.Server, socketPath string) net.Addr { // ensure the directory holding the socket exists - require.NoError(t, os.MkdirAll(filepath.Dir(socketPath), 0755)) + require.NoError(t, os.MkdirAll(filepath.Dir(socketPath), 0o755)) listener, err := net.Listen("unix", socketPath) require.NoError(t, err) diff --git a/test/util/race.go b/test/util/race.go index dd1504a169..b1e3856806 100644 --- a/test/util/race.go +++ b/test/util/race.go @@ -22,10 +22,10 @@ func RaceTest(t *testing.T, fn func(*testing.T)) { // complete before this method returns. All subtests // will be run in parallel t.Run("group", func(t *testing.T) { - for i := 0; i < raceTestNumThreads; i++ { + for i := range raceTestNumThreads { t.Run(fmt.Sprintf("thread %v", i), func(t *testing.T) { t.Parallel() - for i := 0; i < raceTestNumLoops; i++ { + for range raceTestNumLoops { fn(t) } })