diff --git a/go.mod b/go.mod index d47f301abc1..a510d66fe42 100644 --- a/go.mod +++ b/go.mod @@ -4,14 +4,14 @@ go 1.13 require ( github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd - github.com/containers/buildah v1.14.11 - github.com/containers/common v0.8.4 - github.com/containers/image/v5 v5.4.3 + github.com/containers/buildah v1.15.2 + github.com/containers/common v0.14.0 + github.com/containers/image/v5 v5.5.1 github.com/containers/storage v1.20.2 github.com/docker/distribution v2.7.1+incompatible github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484 // indirect github.com/evanphx/json-patch v4.5.0+incompatible // indirect - github.com/fsouza/go-dockerclient v1.6.3 + github.com/fsouza/go-dockerclient v1.6.5 github.com/opencontainers/runc v1.0.0-rc91.0.20200707015106-819fcc687efb github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 github.com/openshift/api v0.0.0-20200326160804-ecb9283fe820 diff --git a/go.sum b/go.sum index ff7999030d9..951c5f617eb 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,4 @@ +bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bitbucket.org/bertimus9/systemstat v0.0.0-20180207000608-0eeff89b0690/go.mod h1:Ulb78X89vxKYgdL24HMTiXYHlyHEvruOj1ZPlqeNEZM= bitbucket.org/ww/goautoneg v0.0.0-20120707110453-75cd24fc2f2c/go.mod h1:1vhO7Mn/FZMgOgDVGLy5X1mE6rq1HbkBdkF/yj8zkcg= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -45,9 +46,10 @@ github.com/Microsoft/go-winio v0.4.12/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcy github.com/Microsoft/go-winio v0.4.13-0.20190408173621-84b4ab48a507/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= +github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 h1:93nQ7k53GjoMQ07HVP8g6Zj1fQZDDj7Xy2VkNNtvX8o= +github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= github.com/Microsoft/hcsshim v0.8.5/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= -github.com/Microsoft/hcsshim v0.8.7-0.20191101173118-65519b62243c/go.mod h1:7xhjOwRV2+0HXGmM0jxaEu+ZiXJFoVZOTfL/dmqbrD8= github.com/Microsoft/hcsshim v0.8.7 h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk= @@ -100,6 +102,8 @@ github.com/bifurcation/mint v0.0.0-20180715133206-93c51c6ce115/go.mod h1:zVt7zX3 github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.0+incompatible h1:CGxCgetQ64DKk7rdZ++Vfnb1+ogGNnB17OJKJXD2Cfs= github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= +github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/caddyserver/caddy v1.0.3/go.mod h1:G+ouvOY32gENkJC+jhgl62TyhvqEsFaDiZ4uw0RzP1E= @@ -141,6 +145,7 @@ github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVl github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190827140505-75bee3e2ccb6 h1:NmTXa/uVnDyp0TY5MKi197+3HWcnYWfnHGyaFthlnGw= github.com/containerd/continuity v0.0.0-20190827140505-75bee3e2ccb6/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/go-cni v0.0.0-20190610170741-5a4663dad645/go.mod h1:2wlRxCQdiBY+OcjNg5x8kI+5mEL1fGt25L4IzQHYJsM= @@ -158,20 +163,20 @@ github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 h1:rqUVL github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI= github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= -github.com/containers/buildah v1.14.11 h1:uCSFyuT8yf2TkoTQBG2HoRKb+DKgTUZ6gCe+ZUCufd0= -github.com/containers/buildah v1.14.11/go.mod h1:dw9G+L7OAZBdcGTshqNGIrIbChPZfWd3VlBBfEFPE50= -github.com/containers/common v0.8.4 h1:G9eNXQHUfZWkEOKaKDpXmDTcjVYc04K77dZe197SH44= -github.com/containers/common v0.8.4/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs= +github.com/containers/buildah v1.15.2 h1:c2wD1DhxmxPMP2ISacZU6PtVaFQ2MzDeY8LP1weI5Ok= +github.com/containers/buildah v1.15.2/go.mod h1:AQPeirYl0bqtXuJaxM9d/xslMm+1qrABc73AEFw0M9U= +github.com/containers/common v0.14.0 h1:hiZFDPf6ajKiDmojN5f5X3gboKPO73NLrYb0RXfrQiA= +github.com/containers/common v0.14.0/go.mod h1:9olhlE+WhYof1npnMJdyRMX14/yIUint6zyHzcyRVAg= github.com/containers/image/v5 v5.0.0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY= -github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs= -github.com/containers/image/v5 v5.4.3/go.mod h1:pN0tvp3YbDd7BWavK2aE0mvJUqVd2HmhPjekyWSFm0U= +github.com/containers/image/v5 v5.4.4/go.mod h1:g7cxNXitiLi6pEr9/L9n/0wfazRuhDKXU15kV86N8h8= +github.com/containers/image/v5 v5.5.1 h1:h1FCOXH6Ux9/p/E4rndsQOC4yAdRU0msRTfLVeQ7FDQ= +github.com/containers/image/v5 v5.5.1/go.mod h1:4PyNYR0nwlGq/ybVJD9hWlhmIsNra4Q8uOQX2s6E2uM= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.2 h1:Q0/IPs8ohfbXNxEfyJ2pFVmvJu5BhqJUAmc6ES9NKbo= github.com/containers/ocicrypt v1.0.2/go.mod h1:nsOhbP19flrX6rE7ieGFvBlr7modwmNjsqWarIUce4M= github.com/containers/storage v1.13.4/go.mod h1:6D8nK2sU9V7nEmAraINRs88ZEscM5C5DK+8Npp27GeA= -github.com/containers/storage v1.18.2 h1:4cgFbrrgr9nR9xCeOmfpyxk1MtXYZGr7XGPJfAVkGmc= -github.com/containers/storage v1.18.2/go.mod h1:WTBMf+a9ZZ/LbmEVeLHH2TX4CikWbO1Bt+/m58ZHVPg= +github.com/containers/storage v1.19.1/go.mod h1:KbXjSwKnx17ejOsjFcCXSf78mCgZkQSLPBNTMRc3XrQ= github.com/containers/storage v1.20.2 h1:tw/uKRPDnmVrluIzer3dawTFG/bTJLP8IEUyHFhltYk= github.com/containers/storage v1.20.2/go.mod h1:oOB9Ie8OVPojvoaKWEGSEtHbXUAs+tSyr7RO7ZGteMc= github.com/coredns/corefile-migration v1.0.10/go.mod h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI= @@ -279,8 +284,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsouza/go-dockerclient v0.0.0-20171004212419-da3951ba2e9e/go.mod h1:KpcjM623fQYE9MZiTGzKhjfxXAV9wbyX2C1cyRHfhl0= -github.com/fsouza/go-dockerclient v1.6.3 h1:VS/I3mxieZVIeaWXd57JKvSjheELafUJYtblGg75RIQ= -github.com/fsouza/go-dockerclient v1.6.3/go.mod h1:OiSy/IhZIF+zheikZkXK7LVpGzxWchJPJKGWhBqOK4M= +github.com/fsouza/go-dockerclient v1.6.5 h1:vuFDnPcds3LvTWGYb9h0Rty14FLgkjHZdwLDROCdgsw= +github.com/fsouza/go-dockerclient v1.6.5/go.mod h1:GOdftxWLWIbIWKbIMDroKFJzPdg6Iw7r+jX1DDZdVsA= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/getsentry/raven-go v0.0.0-20190513200303-c977f96e1095 h1:F2m41rgyxoveZKD+Z6xwyAbtdNeVvhpi9BpQLvt5oRU= @@ -366,7 +371,6 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= @@ -537,10 +541,11 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.7.2/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.8.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.10.3 h1:OP96hzwJVBIHYU52pVTI6CczrxPvrGfgqF9N5eTO0Q8= -github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.10.7 h1:7rix8v8GpI3ZBb0nSozFRgbtXKv+hOe+qfEpZqybrAg= github.com/klauspost/compress v1.10.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.8 h1:eLeJ3dr/Y9+XRfJT4l+8ZjmtB5RPJhucH2HeCV5+IZY= +github.com/klauspost/compress v1.10.8/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.1 h1:vJi+O/nMdFt0vqm8NZBI6wzALWdA2X+egi0ogNyrC/w= github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= @@ -590,7 +595,11 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.5 h1:JhhFTIOslh5ZsPrpa3Wdg8bF0WI3b44EMblmU9wIsXc= github.com/mattn/go-shellwords v1.0.5/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= @@ -651,15 +660,19 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E= +github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU= -github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.13.0 h1:M76yO2HkZASFjXL0HSoZJ1AYEmQxNJmY41Jx1zNUq1Y= +github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -667,8 +680,8 @@ github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1 h1:K0jcRCwNQM3vFGh1ppMtDh/+7ApJrjldlX8fA0jDTLQ= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.9.0 h1:R1uwffexN6Pr340GtYRIdZmAiN4J+iw6WG4wog1DUXg= -github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= +github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -687,19 +700,17 @@ github.com/opencontainers/runtime-tools v0.8.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pK github.com/opencontainers/selinux v1.2.2 h1:Kx9J6eDG5/24A6DtUquGSpJQ+m2MUTahn4FtGEe8bFg= github.com/opencontainers/selinux v1.2.2/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= -github.com/opencontainers/selinux v1.4.0/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= github.com/opencontainers/selinux v1.5.1 h1:jskKwSMFYqyTrHEuJgQoUlTcId0av64S6EWObrIfn5Y= github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= github.com/opencontainers/selinux v1.5.2 h1:F6DgIsjgBIcDksLW4D5RG9bXok6oqZ3nvMwj4ZoFu/Q= github.com/opencontainers/selinux v1.5.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= -github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316/go.mod h1:dv+J0b/HWai0QnMVb37/H0v36klkLBi2TNpPeWDxX10= github.com/openshift/api v0.0.0-20200326152221-912866ddb162/go.mod h1:RKMJ5CBnljLfnej+BJ/xnOWc3kZDvJUaIAEq2oKSPtE= github.com/openshift/api v0.0.0-20200326160804-ecb9283fe820 h1:pEmlKM0gcAPwPEOUt0JOMBd+3bDEOaSZLdvPTm2eU6E= github.com/openshift/api v0.0.0-20200326160804-ecb9283fe820/go.mod h1:RKMJ5CBnljLfnej+BJ/xnOWc3kZDvJUaIAEq2oKSPtE= github.com/openshift/build-machinery-go v0.0.0-20200211121458-5e3d6e570160/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc= github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0 h1:kMiuiZXH1GdfbiMwsuAQOqGaMxlo9NCUk0wT4XAdfNM= github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0/go.mod h1:uUQ4LClRO+fg5MF/P6QxjMCb1C9f7Oh4RKepftDnEJE= -github.com/openshift/imagebuilder v1.1.4/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo= +github.com/openshift/imagebuilder v1.1.5/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo= github.com/openshift/imagebuilder v1.1.6 h1:1+YzRxIIefY4QqtCImx6rg+75QrKNfBoPAKxgMo/khM= github.com/openshift/imagebuilder v1.1.6/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo= github.com/openshift/library-go v0.0.0-20200327125526-163b2f0d6264 h1:VcZjTupwjxB9ANlKxerMNdfjqlTBWrVxgrjKi7VBwOY= @@ -722,6 +733,7 @@ github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/9 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -783,10 +795,11 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190810000440-0ceca61e4d75/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f h1:OtU/w6sBKmXYaw2KEODxjcYi3oPSyyslhgGFgIJVGAI= -github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f/go.mod h1:f/98/SnvAzhAEFQJ3u836FePXvcbE8BS0YGMQNn4mhA= +github.com/seccomp/containers-golang v0.5.0 h1:uUMOZIz/7TUiEO6h4ursAJY5JT55AzYiN/X5GOj9rvY= +github.com/seccomp/containers-golang v0.5.0/go.mod h1:5fP9lgyYyklJ8fg8Geq193G1QLe0ikf34z+hZKIjmnE= github.com/seccomp/libseccomp-golang v0.9.1 h1:NJjM5DNFOs0s3kYE1WUOr6G8V97sdt46rlXTMfXGWBo= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= @@ -794,12 +807,12 @@ github.com/serialx/hashring v0.0.0-20190422032157-8b2912629002/go.mod h1:/yeG0My github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.3/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= +github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo= github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= @@ -811,6 +824,7 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.0-20160802223737-7c674d9e7201/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= @@ -820,6 +834,7 @@ github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -840,6 +855,8 @@ github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.0 h1:jlIyCplCJFULU/01vCkhKuTyc3OorI3bJFuw6obfgho= github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -871,8 +888,9 @@ github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02 github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= github.com/vbauerster/mpb v3.4.0+incompatible h1:mfiiYw87ARaeRW6x5gWwYRUawxaW1tLAD8IceomUCNw= github.com/vbauerster/mpb v3.4.0+incompatible/go.mod h1:zAHG26FUhVKETRu+MWqYXcI70POlC6N8up9p1dID7SU= -github.com/vbauerster/mpb/v5 v5.0.3 h1:Ldt/azOkbThTk2loi6FrBd/3fhxGFQ24MxFAS88PoNY= -github.com/vbauerster/mpb/v5 v5.0.3/go.mod h1:h3YxU5CSr8rZP4Q3xZPVB3jJLhWPou63lHEdr9ytH4Y= +github.com/vbauerster/mpb/v5 v5.0.4/go.mod h1:fvzasBUyuo35UyuA6sSOlVhpLoNQsp2nBdHw7OiSUU8= +github.com/vbauerster/mpb/v5 v5.2.2 h1:zIICVOm+XD+uV6crpSORaL6I0Q1WqOdvxZTp+r3L9cw= +github.com/vbauerster/mpb/v5 v5.2.2/go.mod h1:W5Fvgw4dm3/0NhqzV8j6EacfuTe5SvnzBRwiXxDR9ww= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/vishvananda/netlink v1.0.0 h1:bqNY2lgheFIu1meHUFSH3d7vG93AFyqg3oGbJCOJgSM= github.com/vishvananda/netlink v1.0.0/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= @@ -988,6 +1006,7 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1035,7 +1054,9 @@ golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190921190940-14da1ac737cc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1052,8 +1073,8 @@ golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 h1:TC0v2RSO1u2kn1ZugjrFXkRZAEaqMN/RW+OTZkBzmLE= -golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 h1:5/PjkGUjvEU5Gl6BxmvKRPpqo2uNMv4rcHBMwzk/st8= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1143,7 +1164,6 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= @@ -1151,6 +1171,8 @@ google.golang.org/grpc v1.26.0 h1:2dTRdpdFEEhJYQD8EMLB61nnrzSCTbG38PhqdhvOltg= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0 h1:rRYRFMVgRv6E0D70Skyfsr28tDXIuuPZyWGMPdMcnXg= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1195,6 +1217,8 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v0.0.0-20190624233834-05ebafbffc79/go.mod h1:R//lfYlUuTOTfblYI3lGoAAAebUdzjvbmQsuB7Ykd90= diff --git a/pkg/build/builder/source.go b/pkg/build/builder/source.go index b80e7d1a45c..f8c53602c49 100644 --- a/pkg/build/builder/source.go +++ b/pkg/build/builder/source.go @@ -434,7 +434,10 @@ func extractSourceFromImage(ctx context.Context, dockerClient DockerClient, stor if err != nil { return err } - capabilities := defaultContainerConfig.Capabilities("", nil, dropCapabilities()) + capabilities, err := defaultContainerConfig.Capabilities("", nil, dropCapabilities()) + if err != nil { + return err + } builderOptions := buildah.BuilderOptions{ FromImage: image, diff --git a/vendor/github.com/Microsoft/go-winio/pipe.go b/vendor/github.com/Microsoft/go-winio/pipe.go index d6a46f6a246..ff96dff1c6c 100644 --- a/vendor/github.com/Microsoft/go-winio/pipe.go +++ b/vendor/github.com/Microsoft/go-winio/pipe.go @@ -182,13 +182,14 @@ func (s pipeAddress) String() string { } // tryDialPipe attempts to dial the pipe at `path` until `ctx` cancellation or timeout. -func tryDialPipe(ctx context.Context, path *string) (syscall.Handle, error) { +func tryDialPipe(ctx context.Context, path *string, access uint32) (syscall.Handle, error) { for { + select { case <-ctx.Done(): return syscall.Handle(0), ctx.Err() default: - h, err := createFile(*path, syscall.GENERIC_READ|syscall.GENERIC_WRITE, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0) + h, err := createFile(*path, access, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0) if err == nil { return h, nil } @@ -197,7 +198,7 @@ func tryDialPipe(ctx context.Context, path *string) (syscall.Handle, error) { } // Wait 10 msec and try again. This is a rather simplistic // view, as we always try each 10 milliseconds. - time.Sleep(time.Millisecond * 10) + time.Sleep(10 * time.Millisecond) } } } @@ -210,7 +211,7 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) { if timeout != nil { absTimeout = time.Now().Add(*timeout) } else { - absTimeout = time.Now().Add(time.Second * 2) + absTimeout = time.Now().Add(2 * time.Second) } ctx, _ := context.WithDeadline(context.Background(), absTimeout) conn, err := DialPipeContext(ctx, path) @@ -223,9 +224,15 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) { // DialPipeContext attempts to connect to a named pipe by `path` until `ctx` // cancellation or timeout. func DialPipeContext(ctx context.Context, path string) (net.Conn, error) { + return DialPipeAccess(ctx, path, syscall.GENERIC_READ|syscall.GENERIC_WRITE) +} + +// DialPipeAccess attempts to connect to a named pipe by `path` with `access` until `ctx` +// cancellation or timeout. +func DialPipeAccess(ctx context.Context, path string, access uint32) (net.Conn, error) { var err error var h syscall.Handle - h, err = tryDialPipe(ctx, &path) + h, err = tryDialPipe(ctx, &path, access) if err != nil { return nil, err } diff --git a/vendor/github.com/blang/semver/.travis.yml b/vendor/github.com/blang/semver/.travis.yml new file mode 100644 index 00000000000..102fb9a691b --- /dev/null +++ b/vendor/github.com/blang/semver/.travis.yml @@ -0,0 +1,21 @@ +language: go +matrix: + include: + - go: 1.4.3 + - go: 1.5.4 + - go: 1.6.3 + - go: 1.7 + - go: tip + allow_failures: + - go: tip +install: +- go get golang.org/x/tools/cmd/cover +- go get github.com/mattn/goveralls +script: +- echo "Test and track coverage" ; $HOME/gopath/bin/goveralls -package "." -service=travis-ci + -repotoken $COVERALLS_TOKEN +- echo "Build examples" ; cd examples && go build +- echo "Check if gofmt'd" ; diff -u <(echo -n) <(gofmt -d -s .) +env: + global: + secure: HroGEAUQpVq9zX1b1VIkraLiywhGbzvNnTZq2TMxgK7JHP8xqNplAeF1izrR2i4QLL9nsY+9WtYss4QuPvEtZcVHUobw6XnL6radF7jS1LgfYZ9Y7oF+zogZ2I5QUMRLGA7rcxQ05s7mKq3XZQfeqaNts4bms/eZRefWuaFZbkw= diff --git a/vendor/github.com/blang/semver/README.md b/vendor/github.com/blang/semver/README.md index 4399639e230..08b2e4a3d76 100644 --- a/vendor/github.com/blang/semver/README.md +++ b/vendor/github.com/blang/semver/README.md @@ -1,4 +1,4 @@ -semver for golang [![Build Status](https://drone.io/github.com/blang/semver/status.png)](https://drone.io/github.com/blang/semver/latest) [![GoDoc](https://godoc.org/github.com/blang/semver?status.png)](https://godoc.org/github.com/blang/semver) [![Coverage Status](https://img.shields.io/coveralls/blang/semver.svg)](https://coveralls.io/r/blang/semver?branch=master) +semver for golang [![Build Status](https://travis-ci.org/blang/semver.svg?branch=master)](https://travis-ci.org/blang/semver) [![GoDoc](https://godoc.org/github.com/blang/semver?status.png)](https://godoc.org/github.com/blang/semver) [![Coverage Status](https://img.shields.io/coveralls/blang/semver.svg)](https://coveralls.io/r/blang/semver?branch=master) ====== semver is a [Semantic Versioning](http://semver.org/) library written in golang. It fully covers spec version `2.0.0`. @@ -41,6 +41,7 @@ Features - Compare Helper Methods - InPlace manipulation - Ranges `>=1.0.0 <2.0.0 || >=3.0.0 !3.0.1-beta.1` +- Wildcards `>=1.x`, `<=2.5.x` - Sortable (implements sort.Interface) - database/sql compatible (sql.Scanner/Valuer) - encoding/json compatible (json.Marshaler/Unmarshaler) @@ -59,6 +60,8 @@ A condition is composed of an operator and a version. The supported operators ar - `1.0.0`, `=1.0.0`, `==1.0.0` Equal to `1.0.0` - `!1.0.0`, `!=1.0.0` Not equal to `1.0.0`. Excludes version `1.0.0`. +Note that spaces between the operator and the version will be gracefully tolerated. + A `Range` can link multiple `Ranges` separated by space: Ranges can be linked by logical AND: diff --git a/vendor/github.com/blang/semver/package.json b/vendor/github.com/blang/semver/package.json index 568be8d9431..1cf8ebdd9c1 100644 --- a/vendor/github.com/blang/semver/package.json +++ b/vendor/github.com/blang/semver/package.json @@ -12,6 +12,6 @@ "license": "MIT", "name": "semver", "releaseCmd": "git commit -a -m \"gx publish $VERSION\"", - "version": "3.4.0" + "version": "3.5.1" } diff --git a/vendor/github.com/containers/buildah/.cirrus.yml b/vendor/github.com/containers/buildah/.cirrus.yml index 65bbd31ffa6..c4e0e6f1fec 100644 --- a/vendor/github.com/containers/buildah/.cirrus.yml +++ b/vendor/github.com/containers/buildah/.cirrus.yml @@ -6,7 +6,7 @@ env: #### Global variables used for all tasks #### # Name of the ultimate destination branch for this CI run, PR or post-merge. - DEST_BRANCH: "master" + DEST_BRANCH: "release-1.15" GOPATH: "/var/tmp/go" GOSRC: "${GOPATH}/src/github.com/containers/buildah" # Overrides default location (/tmp/cirrus) for repo clone @@ -27,11 +27,13 @@ env: #### # GCE project where images live IMAGE_PROJECT: "libpod-218412" - # TODO: Setting up from base-images is very inefficient, use libpod's cache-images instead? - FEDORA_CACHE_IMAGE_NAME: "fedora-cloud-base-30-1-2-1565360543" - PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-cloud-base-29-1-2-1565360543" - UBUNTU_CACHE_IMAGE_NAME: "ubuntu-1904-disco-v20190724" - PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-1804-bionic-v20190722a" + # See https://github.com/containers/libpod/blob/master/contrib/cirrus/README.md#test_build_cache_images_task-task + _BUILT_IMAGE_SUFFIX: "libpod-6224667180531712" + FEDORA_CACHE_IMAGE_NAME: "fedora-32-${_BUILT_IMAGE_SUFFIX}" + PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}" + UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}" + PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}" + #### #### Command variables to help avoid duplication @@ -153,9 +155,6 @@ gce_instance: - 'cirrus-ci/only_prs/gate' - 'cirrus-ci/only_prs/vendor' - container: - image: registry.fedoraproject.org/fedora:30 - env: matrix: CROSS_TARGET: darwin @@ -179,8 +178,7 @@ gce_instance: gce_instance: # Only need to specify differences from defaults (above) matrix: # Duplicate this task for each matrix product. image_name: "${FEDORA_CACHE_IMAGE_NAME}" - # TODO: Re-enable once prior image is F30 and above is F31 - # image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" + image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" image_name: "${UBUNTU_CACHE_IMAGE_NAME}" image_name: "${PRIOR_UBUNTU_CACHE_IMAGE_NAME}" @@ -247,7 +245,7 @@ gce_instance: CIRRUS_CLONE_DEPTH: 1 # no code is being used by this task container: - image: "registry.fedoraproject.org/fedora-minimal:latest" + image: "quay.io/libpod/fedora-minimal:latest" cpu: 1 memory: 1 diff --git a/vendor/github.com/containers/buildah/.gitignore b/vendor/github.com/containers/buildah/.gitignore index a362b3800dc..d102b797977 100644 --- a/vendor/github.com/containers/buildah/.gitignore +++ b/vendor/github.com/containers/buildah/.gitignore @@ -1,7 +1,9 @@ docs/buildah*.1 +/bin /buildah /imgtype /build/ tests/tools/build Dockerfile* +!/tests/bud/*/Dockerfile* *.swp diff --git a/vendor/github.com/containers/buildah/.golangci.yml b/vendor/github.com/containers/buildah/.golangci.yml index dde37ad790d..888d89afa38 100644 --- a/vendor/github.com/containers/buildah/.golangci.yml +++ b/vendor/github.com/containers/buildah/.golangci.yml @@ -4,8 +4,8 @@ run: - apparmor - seccomp - selinux - concurrency: 6 - deadline: 5m + # Don't exceed number of threads available when running under CI + concurrency: 4 linters: disable-all: true enable: @@ -17,7 +17,8 @@ linters: - gofmt - goimports - golint - - gosimple + # Broken? Unpredictably dies w/o any error well before deadline/timeout expires + # - gosimple - govet - ineffassign - interfacer diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md index bf4737d7248..2af504de2eb 100644 --- a/vendor/github.com/containers/buildah/CHANGELOG.md +++ b/vendor/github.com/containers/buildah/CHANGELOG.md @@ -2,15 +2,83 @@ # Changelog -## v1.14.11 (2020-08-10) - Make imagebuildah.BuildOptions.Architecture/OS optional +## v1.15.2 (2020-09-03) + in_podman: don't get tripped up by CIRRUS_CHANGE_TITLE blobcache: avoid an unnecessary NewImage() -## v1.14.10 (2020-06-18) - imagebuildah: stages shouldn't count as their base images +## v1.15.1 (2020-07-27) + Mask over the /sys/fs/selinux in mask branch + chroot: do not use setgroups if it is blocked + chroot, run: not fail on bind mounts from /sys + Allow "readonly" as alias to "ro" in mount options + Add VFS additional image store to container + Ignore OS X specific consistency mount option + vendor golang.org/x/text@v0.3.3 + Cirrus: Fix missing htpasswd in registry img + Switch scripts to use containers.conf + Make imagebuildah.BuildOptions.Architecture/OS optional -## v1.14.9 (2020-05-11) - Bump github.com/containers/common to 0.8.4 +## v1.15.0 (2020-06-17) + Bump github.com/containers/common from 0.12.0 to 0.13.1 + Bump github.com/containers/storage from 1.20.1 to 1.20.2 + Bump github.com/seccomp/containers-golang from 0.4.1 to 0.5.0 + Bump github.com/stretchr/testify from 1.6.0 to 1.6.1 + Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90 + Add CVE-2020-10696 to CHANGELOG.md and changelog.txt + Bump github.com/stretchr/testify from 1.5.1 to 1.6.0 + Bump github.com/onsi/ginkgo from 1.12.2 to 1.12.3 + Vendor in containers/common v0.12.0 + fix lighttpd example + Vendor in new go.etcd.io/bbolt + Bump github.com/onsi/ginkgo from 1.12.1 to 1.12.2 + Bump imagebuilder for ARG fix + Bump github.com/containers/common from 0.11.2 to 0.11.4 + remove dependency on openshift struct + Warn on unset build arguments + vendor: update seccomp/containers-golang to v0.4.1 + Ammended docs + Updated docs + clean up comments + update exit code for tests + Implement commit for encryption + implementation of encrypt/decrypt push/pull/bud/from + fix resolve docker image name as transport + Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0 + Bump github.com/onsi/ginkgo from 1.12.0 to 1.12.1 + Bump github.com/containers/storage from 1.19.1 to 1.19.2 + Bump github.com/containers/image/v5 from 5.4.3 to 5.4.4 + Add preliminary profiling support to the CLI + Bump github.com/containers/common from 0.10.0 to 0.11.2 + Evaluate symlinks in build context directory + fix error info about get signatures for containerImageSource + Add Security Policy + Cirrus: Fixes from review feedback + Bump github.com/containers/storage from 1.19.0 to 1.19.1 + Bump github.com/sirupsen/logrus from 1.5.0 to 1.6.0 + imagebuildah: stages shouldn't count as their base images + Update containers/common v0.10.0 + Bump github.com/fsouza/go-dockerclient from 1.6.4 to 1.6.5 + Add registry to buildahimage Dockerfiles + Cirrus: Use pre-installed VM packages + F32 + Cirrus: Re-enable all distro versions + Cirrus: Update to F31 + Use cache images + golangci-lint: Disable gosimple + Lower number of golangci-lint threads + Fix permissions on containers.conf + Don't force tests to use runc + Bump github.com/containers/common from 0.9.1 to 0.9.5 + Return exit code from failed containers + Bump github.com/containers/storage from 1.18.2 to 1.19.0 + Bump github.com/containers/common from 0.9.0 to 0.9.1 + cgroup_manager should be under [engine] + Use c/common/pkg/auth in login/logout + Cirrus: Temporarily disable Ubuntu 19 testing + Add containers.conf to stablebyhand build + Update gitignore to exclude test Dockerfiles + Bump github.com/fsouza/go-dockerclient from 1.6.3 to 1.6.4 + Bump github.com/containers/common from 0.8.1 to 0.9.0 + Bump back to v1.15.0-dev + Remove warning for systemd inside of container ## v1.14.8 (2020-04-09) Run (make vendor) @@ -52,7 +120,7 @@ ## v1.14.4 (2020-03-25) Fix fips-mode check for RHEL8 boxes - Fix potential CVE in tarfile w/ symlink + Fix potential CVE in tarfile w/ symlink (Edit 02-Jun-2020: Addresses CVE-2020-10696) Fix .dockerignore with globs and ! commands update install steps for Amazon Linux 2 Bump github.com/openshift/imagebuilder from 1.1.2 to 1.1.3 diff --git a/vendor/github.com/containers/buildah/SECURITY.md b/vendor/github.com/containers/buildah/SECURITY.md new file mode 100644 index 00000000000..0184bd22da0 --- /dev/null +++ b/vendor/github.com/containers/buildah/SECURITY.md @@ -0,0 +1,3 @@ +## Security and Disclosure Information Policy for the Buildah Project + +The Buildah Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the Containers Projects. diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go index 4e62106a970..f081bafef5a 100644 --- a/vendor/github.com/containers/buildah/buildah.go +++ b/vendor/github.com/containers/buildah/buildah.go @@ -13,6 +13,7 @@ import ( "github.com/containers/buildah/docker" "github.com/containers/image/v5/types" + encconfig "github.com/containers/ocicrypt/config" "github.com/containers/storage" "github.com/containers/storage/pkg/ioutils" v1 "github.com/opencontainers/image-spec/specs-go/v1" @@ -27,7 +28,7 @@ const ( Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.14.11" + Version = "1.15.2" // The value we use to identify what type of information, currently a // serialized Builder structure, we are using as per-container state. // This should only be changed when we make incompatible changes to @@ -413,6 +414,9 @@ type BuilderOptions struct { MaxPullRetries int // PullRetryDelay is how long to wait before retrying a pull attempt. PullRetryDelay time.Duration + // OciDecryptConfig contains the config that can be used to decrypt an image if it is + // encrypted if non-nil. If nil, it does not attempt to decrypt an image. + OciDecryptConfig *encconfig.DecryptConfig } // ImportOptions are used to initialize a Builder from an existing container diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt index 0195766b8a5..16f9b9c1c2a 100644 --- a/vendor/github.com/containers/buildah/changelog.txt +++ b/vendor/github.com/containers/buildah/changelog.txt @@ -1,12 +1,92 @@ -- Changelog for v1.14.11 (2020-08-10) - * Make imagebuildah.BuildOptions.Architecture/OS optional +- Changelog for v1.15.2 (2020-09-03) + * in_podman: don't get tripped up by CIRRUS_CHANGE_TITLE * blobcache: avoid an unnecessary NewImage() -- Changelog for v1.14.10 (2020-06-18) - * imagebuildah: stages shouldn't count as their base images +- Changelog for v1.15.1 (2020-07-27) + * Mask over the /sys/fs/selinux in mask branch + * chroot: do not use setgroups if it is blocked + * chroot, run: not fail on bind mounts from /sys + * Allow "readonly" as alias to "ro" in mount options + * Add VFS additional image store to container + * Ignore OS X specific consistency mount option + * vendor golang.org/x/text@v0.3.3 + * Cirrus: Fix missing htpasswd in registry img + * Switch scripts to use containers.conf + * Make imagebuildah.BuildOptions.Architecture/OS optional + +- Changelog for v1.15.0 (2020-06-17) + * Mask over the /sys/fs/selinux in mask branch + * chroot: do not use setgroups if it is blocked + * chroot, run: not fail on bind mounts from /sys + * Allow "readonly" as alias to "ro" in mount options + * Add VFS additional image store to container + * Ignore OS X specific consistency mount option + * vendor golang.org/x/text@v0.3.3 + * Cirrus: Fix missing htpasswd in registry img + * Switch scripts to use containers.conf + * Make imagebuildah.BuildOptions.Architecture/OS optional -- Changelog for v1.14.9 (2020-05-11) - * Bump github.com/containers/common to 0.8.4 +- Changelog for v1.15.0 (2020-06-17) + * Bump github.com/containers/common from 0.12.0 to 0.13.1 + * Bump github.com/containers/storage from 1.20.1 to 1.20.2 + * Bump github.com/seccomp/containers-golang from 0.4.1 to 0.5.0 + * Bump github.com/stretchr/testify from 1.6.0 to 1.6.1 + * Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90 + * Add CVE-2020-10696 to CHANGELOG.md and changelog.txt + * Bump github.com/stretchr/testify from 1.5.1 to 1.6.0 + * Bump github.com/onsi/ginkgo from 1.12.2 to 1.12.3 + * Vendor in containers/common v0.12.0 + * fix lighttpd example + * Vendor in new go.etcd.io/bbolt + * Bump github.com/onsi/ginkgo from 1.12.1 to 1.12.2 + * Bump imagebuilder for ARG fix + * Bump github.com/containers/common from 0.11.2 to 0.11.4 + * remove dependency on openshift struct + * Warn on unset build arguments + * vendor: update seccomp/containers-golang to v0.4.1 + * Ammended docs + * Updated docs + * clean up comments + * update exit code for tests + * Implement commit for encryption + * implementation of encrypt/decrypt push/pull/bud/from + * fix resolve docker image name as transport + * Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0 + * Bump github.com/onsi/ginkgo from 1.12.0 to 1.12.1 + * Bump github.com/containers/storage from 1.19.1 to 1.19.2 + * Bump github.com/containers/image/v5 from 5.4.3 to 5.4.4 + * Add preliminary profiling support to the CLI + * Bump github.com/containers/common from 0.10.0 to 0.11.2 + * Evaluate symlinks in build context directory + * fix error info about get signatures for containerImageSource + * Add Security Policy + * Cirrus: Fixes from review feedback + * Bump github.com/containers/storage from 1.19.0 to 1.19.1 + * Bump github.com/sirupsen/logrus from 1.5.0 to 1.6.0 + * imagebuildah: stages shouldn't count as their base images + * Update containers/common v0.10.0 + * Bump github.com/fsouza/go-dockerclient from 1.6.4 to 1.6.5 + * Add registry to buildahimage Dockerfiles + * Cirrus: Use pre-installed VM packages + F32 + * Cirrus: Re-enable all distro versions + * Cirrus: Update to F31 + Use cache images + * golangci-lint: Disable gosimple + * Lower number of golangci-lint threads + * Fix permissions on containers.conf + * Don't force tests to use runc + * Bump github.com/containers/common from 0.9.1 to 0.9.5 + * Return exit code from failed containers + * Bump github.com/containers/storage from 1.18.2 to 1.19.0 + * Bump github.com/containers/common from 0.9.0 to 0.9.1 + * cgroup_manager should be under [engine] + * Use c/common/pkg/auth in login/logout + * Cirrus: Temporarily disable Ubuntu 19 testing + * Add containers.conf to stablebyhand build + * Update gitignore to exclude test Dockerfiles + * Bump github.com/fsouza/go-dockerclient from 1.6.3 to 1.6.4 + * Bump github.com/containers/common from 0.8.1 to 0.9.0 + * Bump back to v1.15.0-dev + * Remove warning for systemd inside of container - Changelog for v1.14.8 (2020-04-09) * Run (make vendor) @@ -48,7 +128,7 @@ - Changelog for v1.14.4 (2020-03-25) * Fix fips-mode check for RHEL8 boxes - * Fix potential CVE in tarfile w/ symlink + * Fix potential CVE in tarfile w/ symlink (Edit 02-Jun-2020: Addresses CVE-2020-10696) * Fix .dockerignore with globs and ! commands * update install steps for Amazon Linux 2 * Bump github.com/openshift/imagebuilder from 1.1.2 to 1.1.3 diff --git a/vendor/github.com/containers/buildah/chroot/run.go b/vendor/github.com/containers/buildah/chroot/run.go index d65c36470e7..8616c4cac80 100644 --- a/vendor/github.com/containers/buildah/chroot/run.go +++ b/vendor/github.com/containers/buildah/chroot/run.go @@ -7,6 +7,7 @@ import ( "encoding/json" "fmt" "io" + "io/ioutil" "os" "os/exec" "path/filepath" @@ -741,10 +742,13 @@ func runUsingChrootExecMain() { os.Exit(1) } } else { - logrus.Debugf("clearing supplemental groups") - if err = syscall.Setgroups([]int{}); err != nil { - fmt.Fprintf(os.Stderr, "error clearing supplemental groups list: %v", err) - os.Exit(1) + setgroups, _ := ioutil.ReadFile("/proc/self/setgroups") + if strings.Trim(string(setgroups), "\n") != "deny" { + logrus.Debugf("clearing supplemental groups") + if err = syscall.Setgroups([]int{}); err != nil { + fmt.Fprintf(os.Stderr, "error clearing supplemental groups list: %v", err) + os.Exit(1) + } } } @@ -1093,7 +1097,8 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } subSys := filepath.Join(spec.Root.Path, m.Mountpoint) if err := unix.Mount(m.Mountpoint, subSys, "bind", sysFlags, ""); err != nil { - return undoBinds, errors.Wrapf(err, "error bind mounting /sys from host into mount namespace") + logrus.Warningf("could not bind mount %q, skipping: %v", m.Mountpoint, err) + continue } if err := makeReadOnly(subSys, sysFlags); err != nil { return undoBinds, err @@ -1101,10 +1106,6 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } logrus.Debugf("bind mounted %q to %q", "/sys", filepath.Join(spec.Root.Path, "/sys")) - // Add /sys/fs/selinux to the set of masked paths, to ensure that we don't have processes - // attempting to interact with labeling, when they aren't allowed to do so. - spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux") - // Bind mount in everything we've been asked to mount. for _, m := range spec.Mounts { // Skip anything that we just mounted. diff --git a/vendor/github.com/containers/buildah/commit.go b/vendor/github.com/containers/buildah/commit.go index d25ba110a2b..6c3febd5d20 100644 --- a/vendor/github.com/containers/buildah/commit.go +++ b/vendor/github.com/containers/buildah/commit.go @@ -19,11 +19,11 @@ import ( is "github.com/containers/image/v5/storage" "github.com/containers/image/v5/transports" "github.com/containers/image/v5/types" + encconfig "github.com/containers/ocicrypt/config" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/stringid" digest "github.com/opencontainers/go-digest" - configv1 "github.com/openshift/api/config/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -88,6 +88,15 @@ type CommitOptions struct { // RetryDelay is how long to wait before retrying a commit attempt to a // registry. RetryDelay time.Duration + // OciEncryptConfig when non-nil indicates that an image should be encrypted. + // The encryption options is derived from the construction of EncryptConfig object. + OciEncryptConfig *encconfig.EncryptConfig + // OciEncryptLayers represents the list of layers to encrypt. + // If nil, don't encrypt any layers. + // If non-nil and len==0, denotes encrypt all layers. + // integers in the slice represent 0-indexed layer indices, with support for negative + // indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer. + OciEncryptLayers *[]int } // PushOptions can be used to alter how an image is copied somewhere. @@ -132,6 +141,15 @@ type PushOptions struct { MaxRetries int // RetryDelay is how long to wait before retrying a push attempt. RetryDelay time.Duration + // OciEncryptConfig when non-nil indicates that an image should be encrypted. + // The encryption options is derived from the construction of EncryptConfig object. + OciEncryptConfig *encconfig.EncryptConfig + // OciEncryptLayers represents the list of layers to encrypt. + // If nil, don't encrypt any layers. + // If non-nil and len==0, denotes encrypt all layers. + // integers in the slice represent 0-indexed layer indices, with support for negative + // indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer. + OciEncryptLayers *[]int } var ( @@ -162,7 +180,12 @@ func checkRegistrySourcesAllows(forWhat string, dest types.ImageReference) error } if registrySources, ok := os.LookupEnv("BUILD_REGISTRY_SOURCES"); ok && len(registrySources) > 0 { - var sources configv1.RegistrySources + // Use local struct instead of github.com/openshift/api/config/v1 RegistrySources + var sources struct { + InsecureRegistries []string `json:"insecureRegistries,omitempty"` + BlockedRegistries []string `json:"blockedRegistries,omitempty"` + AllowedRegistries []string `json:"allowedRegistries,omitempty"` + } if err := json.Unmarshal([]byte(registrySources), &sources); err != nil { return errors.Wrapf(err, "error parsing $BUILD_REGISTRY_SOURCES (%q) as JSON", registrySources) } @@ -270,7 +293,9 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options // Check if the base image is already in the destination and it's some kind of local // storage. If so, we can skip recompressing any layers that come from the base image. exportBaseLayers := true - if transport, destIsStorage := dest.Transport().(is.StoreTransport); destIsStorage && b.FromImageID != "" { + if transport, destIsStorage := dest.Transport().(is.StoreTransport); destIsStorage && options.OciEncryptConfig != nil { + return imgID, nil, "", errors.New("unable to use local storage with image encryption") + } else if destIsStorage && b.FromImageID != "" { if baseref, err := transport.ParseReference(b.FromImageID); baseref != nil && err == nil { if img, err := transport.GetImage(baseref); img != nil && err == nil { logrus.Debugf("base image %q is already present in local storage, no need to copy its layers", b.FromImageID) @@ -319,7 +344,7 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options } var manifestBytes []byte - if manifestBytes, err = retryCopyImage(ctx, policyContext, maybeCachedDest, maybeCachedSrc, dest, "push", getCopyOptions(b.store, options.ReportWriter, nil, systemContext, "", false, options.SignBy), options.MaxRetries, options.RetryDelay); err != nil { + if manifestBytes, err = retryCopyImage(ctx, policyContext, maybeCachedDest, maybeCachedSrc, dest, "push", getCopyOptions(b.store, options.ReportWriter, nil, systemContext, "", false, options.SignBy, options.OciEncryptLayers, options.OciEncryptConfig, nil), options.MaxRetries, options.RetryDelay); err != nil { return imgID, nil, "", errors.Wrapf(err, "error copying layers and metadata for container %q", b.ContainerID) } // If we've got more names to attach, and we know how to do that for @@ -451,7 +476,7 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options systemContext.DirForceCompress = true } var manifestBytes []byte - if manifestBytes, err = retryCopyImage(ctx, policyContext, dest, maybeCachedSrc, dest, "push", getCopyOptions(options.Store, options.ReportWriter, nil, systemContext, options.ManifestType, options.RemoveSignatures, options.SignBy), options.MaxRetries, options.RetryDelay); err != nil { + if manifestBytes, err = retryCopyImage(ctx, policyContext, dest, maybeCachedSrc, dest, "push", getCopyOptions(options.Store, options.ReportWriter, nil, systemContext, options.ManifestType, options.RemoveSignatures, options.SignBy, options.OciEncryptLayers, options.OciEncryptConfig, nil), options.MaxRetries, options.RetryDelay); err != nil { return nil, "", errors.Wrapf(err, "error copying layers and metadata from %q to %q", transports.ImageName(maybeCachedSrc), transports.ImageName(dest)) } if options.ReportWriter != nil { diff --git a/vendor/github.com/containers/buildah/common.go b/vendor/github.com/containers/buildah/common.go index 8fb3ebdb7ff..b43cfffc9ad 100644 --- a/vendor/github.com/containers/buildah/common.go +++ b/vendor/github.com/containers/buildah/common.go @@ -14,6 +14,7 @@ import ( "github.com/containers/image/v5/docker" "github.com/containers/image/v5/signature" "github.com/containers/image/v5/types" + encconfig "github.com/containers/ocicrypt/config" "github.com/containers/storage" "github.com/containers/storage/pkg/unshare" "github.com/docker/distribution/registry/api/errcode" @@ -30,7 +31,7 @@ const ( DOCKER = "docker" ) -func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemContext *types.SystemContext, destinationSystemContext *types.SystemContext, manifestType string, removeSignatures bool, addSigner string) *cp.Options { +func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemContext *types.SystemContext, destinationSystemContext *types.SystemContext, manifestType string, removeSignatures bool, addSigner string, ociEncryptLayers *[]int, ociEncryptConfig *encconfig.EncryptConfig, ociDecryptConfig *encconfig.DecryptConfig) *cp.Options { sourceCtx := getSystemContext(store, nil, "") if sourceSystemContext != nil { *sourceCtx = *sourceSystemContext @@ -47,6 +48,9 @@ func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemCon ForceManifestMIMEType: manifestType, RemoveSignatures: removeSignatures, SignBy: addSigner, + OciEncryptConfig: ociEncryptConfig, + OciDecryptConfig: ociDecryptConfig, + OciEncryptLayers: ociEncryptLayers, } } diff --git a/vendor/github.com/containers/buildah/go.mod b/vendor/github.com/containers/buildah/go.mod index cc4190c0707..c616af38a55 100644 --- a/vendor/github.com/containers/buildah/go.mod +++ b/vendor/github.com/containers/buildah/go.mod @@ -4,40 +4,41 @@ go 1.12 require ( github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 - github.com/containers/common v0.8.4 - github.com/containers/image/v5 v5.4.3 - github.com/containers/storage v1.18.2 + github.com/containers/common v0.14.0 + github.com/containers/image/v5 v5.5.1 + github.com/containers/ocicrypt v1.0.2 + github.com/containers/storage v1.20.2 github.com/cyphar/filepath-securejoin v0.2.2 github.com/docker/distribution v2.7.1+incompatible github.com/docker/go-units v0.4.0 github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316 - github.com/etcd-io/bbolt v1.3.3 - github.com/fsouza/go-dockerclient v1.6.3 + github.com/fsouza/go-dockerclient v1.6.5 github.com/ghodss/yaml v1.0.0 github.com/hashicorp/go-multierror v1.0.0 github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 // indirect github.com/mattn/go-shellwords v1.0.10 - github.com/onsi/ginkgo v1.12.0 - github.com/onsi/gomega v1.9.0 - github.com/opencontainers/go-digest v1.0.0-rc1 + github.com/onsi/ginkgo v1.13.0 + github.com/onsi/gomega v1.10.1 + github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 - github.com/opencontainers/runc v1.0.0-rc9 - github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 + github.com/opencontainers/runc v1.0.0-rc90 + github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 github.com/opencontainers/runtime-tools v0.9.0 - github.com/opencontainers/selinux v1.5.1 - github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316 - github.com/openshift/imagebuilder v1.1.4 + github.com/opencontainers/selinux v1.5.2 + github.com/openshift/imagebuilder v1.1.5 github.com/pkg/errors v0.9.1 - github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f + github.com/seccomp/containers-golang v0.5.0 github.com/seccomp/libseccomp-golang v0.9.1 - github.com/sirupsen/logrus v1.5.0 + github.com/sirupsen/logrus v1.6.0 github.com/spf13/cobra v0.0.7 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.5.1 + github.com/stretchr/testify v1.6.1 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 github.com/vishvananda/netlink v1.1.0 // indirect - golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 - golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 + go.etcd.io/bbolt v1.3.4 + golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 + golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 + golang.org/x/text v0.3.3 // indirect ) replace github.com/sirupsen/logrus => github.com/sirupsen/logrus v1.4.2 diff --git a/vendor/github.com/containers/buildah/go.sum b/vendor/github.com/containers/buildah/go.sum index f354c209823..a63fd7b5f1e 100644 --- a/vendor/github.com/containers/buildah/go.sum +++ b/vendor/github.com/containers/buildah/go.sum @@ -1,3 +1,4 @@ +bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774 h1:SCbEWT58NSt7d2mcFdvxC9uyrdcTfvBbPLThhkDmXzg= github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774/go.mod h1:6/0dYRLLXyJjbkIPeeGyoJ/eKOSI0eU6eTlCBYibgd0= @@ -5,18 +6,13 @@ github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7O github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= -github.com/Microsoft/hcsshim v0.8.7-0.20191101173118-65519b62243c/go.mod h1:7xhjOwRV2+0HXGmM0jxaEu+ZiXJFoVZOTfL/dmqbrD8= -github.com/Microsoft/hcsshim v0.8.7 h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg= +github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 h1:93nQ7k53GjoMQ07HVP8g6Zj1fQZDDj7Xy2VkNNtvX8o= +github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk= +github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM= github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= @@ -28,45 +24,52 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/blang/semver v3.1.0+incompatible h1:7hqmJYuaEK3qwVjWubYiht3j93YI0WQBuysxHIfUriU= github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= +github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f h1:tSNMc+rJDfmYntojat8lljbt1mgKNpTxUZJsSzJ9Y1s= github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko= +github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1 h1:uict5mhHFTzKLUCufdSLym7z/J0CbBJT59lYbP9wtbg= github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.3.0 h1:xjvXQWABwS2uiv3TWgQt5Uth60Gu86LTGZXMJkjc7rY= github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8= +github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA= +github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c h1:8ahmSVELW1wghbjerVAyuEYD5+Dio66RYvSS0iGfL1M= +github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 h1:rqUVLD8I859xRgUx/WMC3v7QAFqbLKZbs+0kqYboRJc= github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= -github.com/containers/common v0.8.4 h1:G9eNXQHUfZWkEOKaKDpXmDTcjVYc04K77dZe197SH44= -github.com/containers/common v0.8.4/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs= -github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs= -github.com/containers/image/v5 v5.4.3/go.mod h1:pN0tvp3YbDd7BWavK2aE0mvJUqVd2HmhPjekyWSFm0U= +github.com/containers/common v0.14.0 h1:hiZFDPf6ajKiDmojN5f5X3gboKPO73NLrYb0RXfrQiA= +github.com/containers/common v0.14.0/go.mod h1:9olhlE+WhYof1npnMJdyRMX14/yIUint6zyHzcyRVAg= +github.com/containers/image/v5 v5.4.4 h1:JSanNn3v/BMd3o0MEvO4R4OKNuoJUSzVGQAI1+0FMXE= +github.com/containers/image/v5 v5.4.4/go.mod h1:g7cxNXitiLi6pEr9/L9n/0wfazRuhDKXU15kV86N8h8= +github.com/containers/image/v5 v5.5.1 h1:h1FCOXH6Ux9/p/E4rndsQOC4yAdRU0msRTfLVeQ7FDQ= +github.com/containers/image/v5 v5.5.1/go.mod h1:4PyNYR0nwlGq/ybVJD9hWlhmIsNra4Q8uOQX2s6E2uM= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.2 h1:Q0/IPs8ohfbXNxEfyJ2pFVmvJu5BhqJUAmc6ES9NKbo= github.com/containers/ocicrypt v1.0.2/go.mod h1:nsOhbP19flrX6rE7ieGFvBlr7modwmNjsqWarIUce4M= -github.com/containers/storage v1.18.2 h1:4cgFbrrgr9nR9xCeOmfpyxk1MtXYZGr7XGPJfAVkGmc= -github.com/containers/storage v1.18.2/go.mod h1:WTBMf+a9ZZ/LbmEVeLHH2TX4CikWbO1Bt+/m58ZHVPg= +github.com/containers/storage v1.19.1/go.mod h1:KbXjSwKnx17ejOsjFcCXSf78mCgZkQSLPBNTMRc3XrQ= +github.com/containers/storage v1.20.2 h1:tw/uKRPDnmVrluIzer3dawTFG/bTJLP8IEUyHFhltYk= +github.com/containers/storage v1.20.2/go.mod h1:oOB9Ie8OVPojvoaKWEGSEtHbXUAs+tSyr7RO7ZGteMc= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= -github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -89,65 +92,51 @@ github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316 h1:moehP github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8= github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4= github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= -github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/etcd-io/bbolt v1.3.3 h1:gSJmxrs37LgTqR/oyJBWok6k6SvXEUerFTbltIhXkBM= -github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw= -github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsouza/go-dockerclient v1.6.3 h1:VS/I3mxieZVIeaWXd57JKvSjheELafUJYtblGg75RIQ= -github.com/fsouza/go-dockerclient v1.6.3/go.mod h1:OiSy/IhZIF+zheikZkXK7LVpGzxWchJPJKGWhBqOK4M= +github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fsouza/go-dockerclient v1.6.5 h1:vuFDnPcds3LvTWGYb9h0Rty14FLgkjHZdwLDROCdgsw= +github.com/fsouza/go-dockerclient v1.6.5/go.mod h1:GOdftxWLWIbIWKbIMDroKFJzPdg6Iw7r+jX1DDZdVsA= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= -github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= -github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= -github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= -github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= -github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= @@ -163,7 +152,6 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg= github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -172,34 +160,34 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 h1:rw3IAne6CDuVFlZbPOkA7bhxlqawFh7RJJ+CejfMaxE= github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.10.3 h1:OP96hzwJVBIHYU52pVTI6CczrxPvrGfgqF9N5eTO0Q8= -github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/pgzip v1.2.3 h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw= +github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc= +github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.7 h1:7rix8v8GpI3ZBb0nSozFRgbtXKv+hOe+qfEpZqybrAg= +github.com/klauspost/compress v1.10.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.8 h1:eLeJ3dr/Y9+XRfJT4l+8ZjmtB5RPJhucH2HeCV5+IZY= +github.com/klauspost/compress v1.10.8/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/pgzip v1.2.3/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= +github.com/klauspost/pgzip v1.2.4 h1:TQ7CNpYKovDOmqzRHKxJh0BeaBI7UdQZYc6p7pMQh1A= +github.com/klauspost/pgzip v1.2.4/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= +github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= +github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= @@ -211,32 +199,31 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mtrmac/gpgme v0.1.2 h1:dNOmvYmsrakgW7LcgiprD0yfRuQQe8/C8F6Z+zogO3s= github.com/mtrmac/gpgme v0.1.2/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU= -github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.13.0 h1:M76yO2HkZASFjXL0HSoZJ1AYEmQxNJmY41Jx1zNUq1Y= +github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.9.0 h1:R1uwffexN6Pr340GtYRIdZmAiN4J+iw6WG4wog1DUXg= -github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= +github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= -github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= +github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 h1:yN8BPXVwMBAm3Cuvh1L5XE8XpvYRMdsVLd82ILprhUU= github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= @@ -244,27 +231,30 @@ github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5X github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc9 h1:/k06BMULKF5hidyoZymkoDCzdJzltZpz/UU4LguQVtc= github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opencontainers/runc v1.0.0-rc90 h1:4+xo8mtWixbHoEm451+WJNUrq12o2/tDsyK9Vgc/NcA= +github.com/opencontainers/runc v1.0.0-rc90/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 h1:Dliu5QO+4JYWu/yMshaMU7G3JN2POGpwjJN7gjy10Go= github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 h1:9mv9SC7GWmRWE0J/+oD8w3GsN2KYGKtg6uwLN7hfP5E= +github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= github.com/opencontainers/runtime-tools v0.9.0 h1:FYgwVsKRI/H9hU32MJ/4MLOzXWodKK5zsQavY8NPMkU= github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= -github.com/opencontainers/selinux v1.4.0/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= +github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= github.com/opencontainers/selinux v1.5.1 h1:jskKwSMFYqyTrHEuJgQoUlTcId0av64S6EWObrIfn5Y= github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= -github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316 h1:enQG2QUGwug4fR1yM6hL0Fjzx6Km/exZY6RbSPwMu3o= -github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316/go.mod h1:dv+J0b/HWai0QnMVb37/H0v36klkLBi2TNpPeWDxX10= -github.com/openshift/imagebuilder v1.1.4 h1:LUg8aTjyXMtlDx6IbtvaqofFGZ6aYqe+VIeATE735LM= -github.com/openshift/imagebuilder v1.1.4/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo= +github.com/opencontainers/selinux v1.5.2 h1:F6DgIsjgBIcDksLW4D5RG9bXok6oqZ3nvMwj4ZoFu/Q= +github.com/opencontainers/selinux v1.5.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= +github.com/openshift/imagebuilder v1.1.5 h1:WAIHV6cGF9e0AcLBA7RIi7XbFoB7R+e/MWu1I+1NUOM= +github.com/openshift/imagebuilder v1.1.5/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo= github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913 h1:TnbXhKzrTOyuvWrjI8W6pcoI9XPbLHFXCdN2dtUw7Rw= github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= @@ -276,13 +266,15 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.1.0 h1:BQ53HtBmfOitExawJ6LokA4x8ov/z0SYYb0+HxJfRI8= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4 h1:gQz4mCbXsO+nc9n1hCxHcGA3Zx3Eo+UHZoInFGUIXNM= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0 h1:kRhiuYSXR3+uv2IbVbZhUxK5zVD/2pp3Gd2PpvPkpEo= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= +github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -290,11 +282,11 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8= github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f h1:OtU/w6sBKmXYaw2KEODxjcYi3oPSyyslhgGFgIJVGAI= -github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f/go.mod h1:f/98/SnvAzhAEFQJ3u836FePXvcbE8BS0YGMQNn4mhA= +github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= +github.com/seccomp/containers-golang v0.5.0 h1:uUMOZIz/7TUiEO6h4ursAJY5JT55AzYiN/X5GOj9rvY= +github.com/seccomp/containers-golang v0.5.0/go.mod h1:5fP9lgyYyklJ8fg8Geq193G1QLe0ikf34z+hZKIjmnE= github.com/seccomp/libseccomp-golang v0.9.1 h1:NJjM5DNFOs0s3kYE1WUOr6G8V97sdt46rlXTMfXGWBo= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= @@ -304,23 +296,26 @@ github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4k github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.7 h1:FfTH+vuMXOas8jmfb5/M7dzEYx7LpcLb7a0LPe34uOU= github.com/spf13/cobra v0.0.7/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -330,11 +325,14 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ulikunitz/xz v0.5.7 h1:YvTNdFzX6+W5m9msiYg/zpkSURPPtOlzbqYjrFn7Yt4= github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5 h1:MCfT24H3f//U5+UCrZp1/riVO3B50BovxtDiNn0XKkk= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02dE= github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= -github.com/vbauerster/mpb/v5 v5.0.3 h1:Ldt/azOkbThTk2loi6FrBd/3fhxGFQ24MxFAS88PoNY= -github.com/vbauerster/mpb/v5 v5.0.3/go.mod h1:h3YxU5CSr8rZP4Q3xZPVB3jJLhWPou63lHEdr9ytH4Y= +github.com/vbauerster/mpb/v5 v5.0.4 h1:w7l/tJfHmtIOKZkU+bhbDZOUxj1kln9jy4DUOp3Tl14= +github.com/vbauerster/mpb/v5 v5.0.4/go.mod h1:fvzasBUyuo35UyuA6sSOlVhpLoNQsp2nBdHw7OiSUU8= +github.com/vbauerster/mpb/v5 v5.2.2 h1:zIICVOm+XD+uV6crpSORaL6I0Q1WqOdvxZTp+r3L9cw= +github.com/vbauerster/mpb/v5 v5.2.2/go.mod h1:W5Fvgw4dm3/0NhqzV8j6EacfuTe5SvnzBRwiXxDR9ww= github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= @@ -357,22 +355,16 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= -golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU= +golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -384,12 +376,11 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dDLfdtbT/IVn4keq83P0= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -398,75 +389,79 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190921190940-14da1ac737cc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191127021746-63cb32ae39b2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 h1:TC0v2RSO1u2kn1ZugjrFXkRZAEaqMN/RW+OTZkBzmLE= -golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8= +golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= -gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb h1:i1Ppqkc3WQXikh8bXiwHqAN5Rv3/qDCcRk0/Otx73BY= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.24.0 h1:vb/1TCsVn3DcJlQ0Gs1yB1pKI6Do2/QNwxdKqmc/b0s= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= +google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= @@ -476,29 +471,13 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bl gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.17.0 h1:H9d/lw+VkZKEVIUc8F3wgiQ+FUXTTr21M87jXLU7yqM= -k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= -k8s.io/apimachinery v0.17.0 h1:xRBnuie9rXcPxUkDizUsGvPf1cnlZCFu210op7J7LJo= -k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= -k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= -k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= -modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= -modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= -modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= -modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= -modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= -sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/vendor/github.com/containers/buildah/image.go b/vendor/github.com/containers/buildah/image.go index 94e97d870ab..57d8ecb930f 100644 --- a/vendor/github.com/containers/buildah/image.go +++ b/vendor/github.com/containers/buildah/image.go @@ -586,16 +586,10 @@ func (i *containerImageSource) Reference() types.ImageReference { } func (i *containerImageSource) GetSignatures(ctx context.Context, instanceDigest *digest.Digest) ([][]byte, error) { - if instanceDigest != nil { - return nil, errors.Errorf("containerImageSource does not support manifest lists") - } return nil, nil } func (i *containerImageSource) GetManifest(ctx context.Context, instanceDigest *digest.Digest) ([]byte, string, error) { - if instanceDigest != nil { - return nil, "", errors.Errorf("containerImageSource does not support manifest lists") - } return i.manifest, i.manifestType, nil } diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go index 8d30367c1b7..a9e0641c063 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/build.go +++ b/vendor/github.com/containers/buildah/imagebuildah/build.go @@ -3,6 +3,7 @@ package imagebuildah import ( "bytes" "context" + "fmt" "io" "io/ioutil" "net/http" @@ -16,10 +17,12 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/types" + encconfig "github.com/containers/ocicrypt/config" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/openshift/imagebuilder" + "github.com/openshift/imagebuilder/dockerfile/parser" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -171,6 +174,9 @@ type BuildOptions struct { MaxPullPushRetries int // PullPushRetryDelay is how long to wait before retrying a pull or push attempt. PullPushRetryDelay time.Duration + // OciDecryptConfig contains the config that can be used to decrypt an image if it is + // encrypted if non-nil. If nil, it does not attempt to decrypt an image. + OciDecryptConfig *encconfig.DecryptConfig } // BuildDockerfiles parses a set of one or more Dockerfiles (which may be @@ -249,6 +255,9 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt if err != nil { return "", nil, errors.Wrapf(err, "error parsing main Dockerfile") } + + warnOnUnsetBuildArgs(mainNode, options.Args) + for _, d := range dockerfiles[1:] { additionalNode, err := imagebuilder.ParseDockerfile(d) if err != nil { @@ -280,6 +289,20 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt return exec.Build(ctx, stages) } +func warnOnUnsetBuildArgs(node *parser.Node, args map[string]string) { + for _, child := range node.Children { + switch strings.ToUpper(child.Value) { + case "ARG": + argName := child.Next.Value + if _, ok := args[argName]; !strings.Contains(argName, "=") && !ok { + logrus.Warnf("missing %q build argument. Try adding %q to the command line", argName, fmt.Sprintf("--build-arg %s=", argName)) + } + default: + continue + } + } +} + // preprocessDockerfileContents runs CPP(1) in preprocess-only mode on the input // dockerfile content and will use ctxDir as the base include path. // diff --git a/vendor/github.com/containers/buildah/imagebuildah/executor.go b/vendor/github.com/containers/buildah/imagebuildah/executor.go index 3e92b508e8f..a156313df60 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go @@ -20,6 +20,7 @@ import ( "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" "github.com/containers/image/v5/types" + encconfig "github.com/containers/ocicrypt/config" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" v1 "github.com/opencontainers/image-spec/specs-go/v1" @@ -100,6 +101,7 @@ type Executor struct { os string maxPullPushRetries int retryPullPushDelay time.Duration + ociDecryptConfig *encconfig.DecryptConfig } // NewExecutor creates a new instance of the imagebuilder.Executor interface. @@ -113,7 +115,10 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod if err != nil { return nil, err } - capabilities := defaultContainerConfig.Capabilities("", options.AddCapabilities, options.DropCapabilities) + capabilities, err := defaultContainerConfig.Capabilities("", options.AddCapabilities, options.DropCapabilities) + if err != nil { + return nil, err + } devices := []configs.Device{} for _, device := range append(defaultContainerConfig.Containers.Devices, options.Devices...) { @@ -185,6 +190,7 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod os: options.OS, maxPullPushRetries: options.MaxPullPushRetries, retryPullPushDelay: options.PullPushRetryDelay, + ociDecryptConfig: options.OciDecryptConfig, } if exec.err == nil { exec.err = os.Stderr diff --git a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go index 2388221d0cb..fa637c5a06b 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go @@ -633,6 +633,7 @@ func (s *StageExecutor) prepare(ctx context.Context, from string, initializeIBCo Devices: s.executor.devices, MaxPullRetries: s.executor.maxPullPushRetries, PullRetryDelay: s.executor.retryPullPushDelay, + OciDecryptConfig: s.executor.ociDecryptConfig, } // Check and see if the image is a pseudonym for the end result of a diff --git a/vendor/github.com/containers/buildah/install.md b/vendor/github.com/containers/buildah/install.md index 8dd429bc842..c29ff1eb817 100644 --- a/vendor/github.com/containers/buildah/install.md +++ b/vendor/github.com/containers/buildah/install.md @@ -470,7 +470,9 @@ cat /etc/containers/policy.json Buildah uses Go Modules for vendoring purposes. If you need to update or add a vendored package into Buildah, please follow this procedure: * Enter into your sandbox `src/github.com/containers/buildah` and ensure that the GOPATH variable is set to the directory prior as noted above. * `export GO111MODULE=on` - * Assuming you want to 'bump' the `github.com/containers/storage` package to version 1.12.13, use this command: `go get github.com/containers/storage@v1.12.13` + * `go get` the needed version: + * Assuming you want to 'bump' the `github.com/containers/storage` package to version 1.12.13, use this command: `go get github.com/containers/storage@v1.12.13` + * Assumming that you want to 'bump' the `github.com/containers/storage` package to a particular commit, use this command: `go get github.com/containers/storage@e307568568533c4afccdf7b56df7b4493e4e9a7b` * `make vendor-in-container` * `make` * `make install` diff --git a/vendor/github.com/containers/buildah/new.go b/vendor/github.com/containers/buildah/new.go index 160c2157d84..4f4b1564bf7 100644 --- a/vendor/github.com/containers/buildah/new.go +++ b/vendor/github.com/containers/buildah/new.go @@ -30,12 +30,13 @@ const ( func pullAndFindImage(ctx context.Context, store storage.Store, srcRef types.ImageReference, options BuilderOptions, sc *types.SystemContext) (*storage.Image, types.ImageReference, error) { pullOptions := PullOptions{ - ReportWriter: options.ReportWriter, - Store: store, - SystemContext: options.SystemContext, - BlobDirectory: options.BlobDirectory, - MaxRetries: options.MaxPullRetries, - RetryDelay: options.PullRetryDelay, + ReportWriter: options.ReportWriter, + Store: store, + SystemContext: options.SystemContext, + BlobDirectory: options.BlobDirectory, + MaxRetries: options.MaxPullRetries, + RetryDelay: options.PullRetryDelay, + OciDecryptConfig: options.OciDecryptConfig, } ref, err := pullImage(ctx, store, srcRef, pullOptions, sc) if err != nil { diff --git a/vendor/github.com/containers/buildah/pkg/parse/parse.go b/vendor/github.com/containers/buildah/pkg/parse/parse.go index a375ba927e9..5b966b239f2 100644 --- a/vendor/github.com/containers/buildah/pkg/parse/parse.go +++ b/vendor/github.com/containers/buildah/pkg/parse/parse.go @@ -342,6 +342,9 @@ func GetBindMount(args []string) (specs.Mount, error) { // TODO: detect duplication of these options. // (Is this necessary?) newMount.Options = append(newMount.Options, kv[0]) + case "readonly": + // Alias for "ro" + newMount.Options = append(newMount.Options, "ro") case "shared", "rshared", "private", "rprivate", "slave", "rslave", "Z", "z": newMount.Options = append(newMount.Options, kv[0]) case "bind-propagation": @@ -367,6 +370,10 @@ func GetBindMount(args []string) (specs.Mount, error) { } newMount.Destination = kv[1] setDest = true + case "consistency": + // Option for OS X only, has no meaning on other platforms + // and can thus be safely ignored. + // See also the handling of the equivalent "delegated" and "cached" in ValidateVolumeOpts default: return newMount, errors.Wrapf(errBadMntOption, kv[0]) } @@ -403,6 +410,9 @@ func GetTmpfsMount(args []string) (specs.Mount, error) { switch kv[0] { case "ro", "nosuid", "nodev", "noexec": newMount.Options = append(newMount.Options, kv[0]) + case "readonly": + // Alias for "ro" + newMount.Options = append(newMount.Options, "ro") case "tmpfs-mode": if len(kv) == 1 { return newMount, errors.Wrapf(optionArgError, kv[0]) @@ -927,25 +937,6 @@ func IsolationOption(isolation string) (buildah.Isolation, error) { return defaultIsolation() } -// ScrubServer removes 'http://' or 'https://' from the front of the -// server/registry string if either is there. This will be mostly used -// for user input from 'buildah login' and 'buildah logout'. -func ScrubServer(server string) string { - server = strings.TrimPrefix(server, "https://") - return strings.TrimPrefix(server, "http://") -} - -// RegistryFromFullName gets the registry from the input. If the input is of the form -// quay.io/myuser/myimage, it will parse it and just return quay.io -// It also returns true if a full image name was given -func RegistryFromFullName(input string) string { - split := strings.Split(input, "/") - if len(split) > 1 { - return split[0] - } - return split[0] -} - // Device parses device mapping string to a src, dest & permissions string // Valid values for device looklike: // '/dev/sdc" diff --git a/vendor/github.com/containers/buildah/pull.go b/vendor/github.com/containers/buildah/pull.go index cbb98cbcf06..f8d4bdeb67e 100644 --- a/vendor/github.com/containers/buildah/pull.go +++ b/vendor/github.com/containers/buildah/pull.go @@ -19,6 +19,7 @@ import ( is "github.com/containers/image/v5/storage" "github.com/containers/image/v5/transports" "github.com/containers/image/v5/types" + encconfig "github.com/containers/ocicrypt/config" "github.com/containers/storage" multierror "github.com/hashicorp/go-multierror" "github.com/pkg/errors" @@ -56,6 +57,9 @@ type PullOptions struct { MaxRetries int // RetryDelay is how long to wait before retrying a pull attempt. RetryDelay time.Duration + // OciDecryptConfig contains the config that can be used to decrypt an image if it is + // encrypted if non-nil. If nil, it does not attempt to decrypt an image. + OciDecryptConfig *encconfig.DecryptConfig } func localImageNameForReference(ctx context.Context, store storage.Store, srcRef types.ImageReference) (string, error) { @@ -164,6 +168,7 @@ func Pull(ctx context.Context, imageName string, options PullOptions) (imageID s ReportWriter: options.ReportWriter, MaxPullRetries: options.MaxRetries, PullRetryDelay: options.RetryDelay, + OciDecryptConfig: options.OciDecryptConfig, } storageRef, transport, img, err := resolveImage(ctx, systemContext, options.Store, boptions) @@ -275,7 +280,7 @@ func pullImage(ctx context.Context, store storage.Store, srcRef types.ImageRefer }() logrus.Debugf("copying %q to %q", transports.ImageName(srcRef), destName) - if _, err := retryCopyImage(ctx, policyContext, maybeCachedDestRef, srcRef, srcRef, "pull", getCopyOptions(store, options.ReportWriter, sc, nil, "", options.RemoveSignatures, ""), options.MaxRetries, options.RetryDelay); err != nil { + if _, err := retryCopyImage(ctx, policyContext, maybeCachedDestRef, srcRef, srcRef, "pull", getCopyOptions(store, options.ReportWriter, sc, nil, "", options.RemoveSignatures, "", nil, nil, options.OciDecryptConfig), options.MaxRetries, options.RetryDelay); err != nil { logrus.Debugf("error copying src image [%q] to dest image [%q] err: %v", transports.ImageName(srcRef), destName, err) return nil, err } diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go index fd2597d6229..412d1f38578 100644 --- a/vendor/github.com/containers/buildah/run_linux.go +++ b/vendor/github.com/containers/buildah/run_linux.go @@ -1779,6 +1779,7 @@ func setupMaskedPaths(g *generate.Generator) { "/proc/sched_debug", "/proc/scsi", "/sys/firmware", + "/sys/fs/selinux", } { g.AddLinuxMaskedPaths(mp) } @@ -2023,13 +2024,10 @@ func setupRootlessSpecChanges(spec *specs.Spec, bundleDir string, shmSize string Options: []string{bind.NoBindOption, "rbind", "private", "nodev", "noexec", "nosuid", "ro"}, }, } - // Cover up /sys/fs/cgroup and /sys/fs/selinux, if they exist in our source for /sys. + // Cover up /sys/fs/cgroup, if it exist in our source for /sys. if _, err := os.Stat("/sys/fs/cgroup"); err == nil { spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/cgroup") } - if _, err := os.Stat("/sys/fs/selinux"); err == nil { - spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux") - } // Keep anything that isn't under /dev, /proc, or /sys. for i := range spec.Mounts { if spec.Mounts[i].Destination == "/dev" || strings.HasPrefix(spec.Mounts[i].Destination, "/dev/") || diff --git a/vendor/github.com/containers/buildah/util/util.go b/vendor/github.com/containers/buildah/util/util.go index a358b7c546d..f41daa2ccac 100644 --- a/vendor/github.com/containers/buildah/util/util.go +++ b/vendor/github.com/containers/buildah/util/util.go @@ -74,7 +74,7 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto return []string{strings.TrimPrefix(name, DefaultTransport)}, DefaultTransport, false, nil } split := strings.SplitN(name, ":", 2) - if len(split) == 2 { + if StartsWithValidTransport(name) && len(split) == 2 { if trans := transports.Get(split[0]); trans != nil { return []string{split[1]}, trans.Name(), false, nil } @@ -148,6 +148,12 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto return candidates, DefaultTransport, searchRegistriesAreEmpty, nil } +// StartsWithValidTransport validates the name starts with Buildah supported transport +// to avoid the corner case image name same as the transport name +func StartsWithValidTransport(name string) bool { + return strings.HasPrefix(name, "dir:") || strings.HasPrefix(name, "docker://") || strings.HasPrefix(name, "docker-archive:") || strings.HasPrefix(name, "docker-daemon:") || strings.HasPrefix(name, "oci:") || strings.HasPrefix(name, "oci-archive:") +} + // ExpandNames takes unqualified names, parses them as image names, and returns // the fully expanded result, including a tag. Names which don't include a registry // name will be marked for the most-preferred registry (i.e., the first one in our diff --git a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go index 51e711631b3..94117748900 100644 --- a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go +++ b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go @@ -91,18 +91,21 @@ func ValidateCapabilities(caps []string) error { // MergeCapabilities computes a set of capabilities by adding capapbitilities // to or dropping them from base. // -// Note that "ALL" will cause all known capabilities to be added/dropped but -// the ones specified to be dropped/added. +// Note that: +// "ALL" in capAdd adds returns known capabilities +// "All" in capDrop returns only the capabilities specified in capAdd func MergeCapabilities(base, adds, drops []string) ([]string, error) { - if len(adds) == 0 && len(drops) == 0 { - // Nothing to tweak; we're done - return base, nil - } + var caps []string + // Normalize the base capabilities base, err := normalizeCapabilities(base) if err != nil { return nil, err } + if len(adds) == 0 && len(drops) == 0 { + // Nothing to tweak; we're done + return base, nil + } capDrop, err := normalizeCapabilities(drops) if err != nil { return nil, err @@ -112,35 +115,42 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) { return nil, err } - // Make sure that capDrop and capAdd are distinct sets. + if stringInSlice(All, capDrop) { + // "Drop" all capabilities; return what's in capAdd instead + return capAdd, nil + } + + if stringInSlice(All, capAdd) { + // "Add" all capabilities; + return capabilityList, nil + } + + for _, add := range capAdd { + if stringInSlice(add, capDrop) { + return nil, errors.Errorf("capability %q cannot be dropped and added", add) + } + } + for _, drop := range capDrop { if stringInSlice(drop, capAdd) { return nil, errors.Errorf("capability %q cannot be dropped and added", drop) } } - var caps []string - - switch { - case stringInSlice(All, capAdd): - // Add all capabilities except ones on capDrop - for _, c := range capabilityList { - if !stringInSlice(c, capDrop) { - caps = append(caps, c) - } + // Drop any capabilities in capDrop that are in base + for _, cap := range base { + if stringInSlice(cap, capDrop) { + continue } - case stringInSlice(All, capDrop): - // "Drop" all capabilities; use what's in capAdd instead - caps = capAdd - default: - // First drop some capabilities - for _, c := range base { - if !stringInSlice(c, capDrop) { - caps = append(caps, c) - } + caps = append(caps, cap) + } + + // Add any capabilities in capAdd that are not in base + for _, cap := range capAdd { + if stringInSlice(cap, base) { + continue } - // Then add the list of capabilities from capAdd - caps = append(caps, capAdd...) + caps = append(caps, cap) } return caps, nil } diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 9613270f1b5..ce479088e82 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -7,7 +7,6 @@ import ( "path/filepath" "strings" "sync" - "syscall" "github.com/BurntSushi/toml" "github.com/containers/common/pkg/capabilities" @@ -75,102 +74,105 @@ type Config struct { type ContainersConfig struct { // Devices to add to all containers - Devices []string `toml:"devices"` + Devices []string `toml:"devices,omitempty"` // Volumes to add to all containers - Volumes []string `toml:"volumes"` + Volumes []string `toml:"volumes,omitempty"` // ApparmorProfile is the apparmor profile name which is used as the // default for the runtime. - ApparmorProfile string `toml:"apparmor_profile"` + ApparmorProfile string `toml:"apparmor_profile,omitempty"` // Annotation to add to all containers - Annotations []string `toml:"annotations"` + Annotations []string `toml:"annotations,omitempty"` // Default way to create a cgroup namespace for the container - CgroupNS string `toml:"cgroupns"` + CgroupNS string `toml:"cgroupns,omitempty"` + + // Default cgroup configuration + Cgroups string `toml:"cgroups,omitempty"` // Capabilities to add to all containers. - DefaultCapabilities []string `toml:"default_capabilities"` + DefaultCapabilities []string `toml:"default_capabilities,omitempty"` // Sysctls to add to all containers. - DefaultSysctls []string `toml:"default_sysctls"` + DefaultSysctls []string `toml:"default_sysctls,omitempty"` // DefaultUlimits specifies the default ulimits to apply to containers - DefaultUlimits []string `toml:"default_ulimits"` + DefaultUlimits []string `toml:"default_ulimits,omitempty"` // DefaultMountsFile is the path to the default mounts file for testing DefaultMountsFile string `toml:"-"` // DNSServers set default DNS servers. - DNSServers []string `toml:"dns_servers"` + DNSServers []string `toml:"dns_servers,omitempty"` // DNSOptions set default DNS options. - DNSOptions []string `toml:"dns_options"` + DNSOptions []string `toml:"dns_options,omitempty"` // DNSSearches set default DNS search domains. - DNSSearches []string `toml:"dns_searches"` + DNSSearches []string `toml:"dns_searches,omitempty"` // EnableLabeling tells the container engines whether to use MAC // Labeling to separate containers (SELinux) - EnableLabeling bool `toml:"label"` + EnableLabeling bool `toml:"label,omitempty"` // Env is the environment variable list for container process. - Env []string `toml:"env"` + Env []string `toml:"env,omitempty"` // EnvHost Pass all host environment variables into the container. - EnvHost bool `toml:"env_host"` + EnvHost bool `toml:"env_host,omitempty"` // HTTPProxy is the proxy environment variable list to apply to container process - HTTPProxy bool `toml:"http_proxy"` + HTTPProxy bool `toml:"http_proxy,omitempty"` // Init tells container runtimes whether to run init inside the // container that forwards signals and reaps processes. - Init bool `toml:"init"` + Init bool `toml:"init,omitempty"` // InitPath is the path for init to run if the Init bool is enabled - InitPath string `toml:"init_path"` + InitPath string `toml:"init_path,omitempty"` // IPCNS way to to create a ipc namespace for the container - IPCNS string `toml:"ipcns"` + IPCNS string `toml:"ipcns,omitempty"` // LogDriver for the container. For example: k8s-file and journald - LogDriver string `toml:"log_driver"` + LogDriver string `toml:"log_driver,omitempty"` // LogSizeMax is the maximum number of bytes after which the log file // will be truncated. It can be expressed as a human-friendly string // that is parsed to bytes. // Negative values indicate that the log file won't be truncated. - LogSizeMax int64 `toml:"log_size_max"` + LogSizeMax int64 `toml:"log_size_max,omitempty"` // NetNS indicates how to create a network namespace for the container - NetNS string `toml:"netns"` + NetNS string `toml:"netns,omitempty"` // NoHosts tells container engine whether to create its own /etc/hosts - NoHosts bool `toml:"no_hosts"` + NoHosts bool `toml:"no_hosts,omitempty"` // PidsLimit is the number of processes each container is restricted to // by the cgroup process number controller. - PidsLimit int64 `toml:"pids_limit"` + PidsLimit int64 `toml:"pids_limit,omitempty"` // PidNS indicates how to create a pid namespace for the container - PidNS string `toml:"pidns"` + PidNS string `toml:"pidns,omitempty"` // SeccompProfile is the seccomp.json profile path which is used as the // default for the runtime. - SeccompProfile string `toml:"seccomp_profile"` + SeccompProfile string `toml:"seccomp_profile,omitempty"` // ShmSize holds the size of /dev/shm. - ShmSize string `toml:"shm_size"` + ShmSize string `toml:"shm_size,omitempty"` // UTSNS indicates how to create a UTS namespace for the container - UTSNS string `toml:"utsns"` + UTSNS string `toml:"utsns,omitempty"` // UserNS indicates how to create a User namespace for the container - UserNS string `toml:"userns"` + UserNS string `toml:"userns,omitempty"` // UserNSSize how many UIDs to allocate for automatically created UserNS - UserNSSize int `toml:"userns_size"` + UserNSSize int `toml:"userns_size,omitempty"` } // EngineConfig contains configuration options used to set up a engine runtime @@ -181,20 +183,20 @@ type EngineConfig struct { // CGroupManager is the CGroup Manager to use Valid values are "cgroupfs" // and "systemd". - CgroupManager string `toml:"cgroup_manager"` + CgroupManager string `toml:"cgroup_manager,omitempty"` // NOTE: when changing this struct, make sure to update (*Config).Merge(). // ConmonEnvVars are environment variables to pass to the Conmon binary // when it is launched. - ConmonEnvVars []string `toml:"conmon_env_vars"` + ConmonEnvVars []string `toml:"conmon_env_vars,omitempty"` // ConmonPath is the path to the Conmon binary used for managing containers. // The first path pointing to a valid file will be used. - ConmonPath []string `toml:"conmon_path"` + ConmonPath []string `toml:"conmon_path,omitempty"` //DetachKeys is the sequence of keys used to detach a container. - DetachKeys string `toml:"detach_keys"` + DetachKeys string `toml:"detach_keys,omitempty"` // EnablePortReservation determines whether engine will reserve ports on the // host when they are forwarded to containers. When enabled, when ports are @@ -203,32 +205,32 @@ type EngineConfig struct { // programs on the host. However, this can cause significant memory usage if // a container has many ports forwarded to it. Disabling this can save // memory. - EnablePortReservation bool `toml:"enable_port_reservation"` + EnablePortReservation bool `toml:"enable_port_reservation,omitempty"` // EventsLogFilePath is where the events log is stored. - EventsLogFilePath string `toml:"events_logfile_path"` + EventsLogFilePath string `toml:"events_logfile_path,omitempty"` // EventsLogger determines where events should be logged. - EventsLogger string `toml:"events_logger"` + EventsLogger string `toml:"events_logger,omitempty"` // configuration files. When the same filename is present in in // multiple directories, the file in the directory listed last in // this slice takes precedence. - HooksDir []string `toml:"hooks_dir"` + HooksDir []string `toml:"hooks_dir,omitempty"` // ImageDefaultTransport is the default transport method used to fetch // images. - ImageDefaultTransport string `toml:"image_default_transport"` + ImageDefaultTransport string `toml:"image_default_transport,omitempty"` // InfraCommand is the command run to start up a pod infra container. - InfraCommand string `toml:"infra_command"` + InfraCommand string `toml:"infra_command,omitempty"` // InfraImage is the image a pod infra container will use to manage // namespaces. - InfraImage string `toml:"infra_image"` + InfraImage string `toml:"infra_image,omitempty"` // InitPath is the path to the container-init binary. - InitPath string `toml:"init_path"` + InitPath string `toml:"init_path,omitempty"` // LockType is the type of locking to use. LockType string `toml:"lock_type,omitempty"` @@ -242,24 +244,34 @@ type EngineConfig struct { Namespace string `toml:"namespace,omitempty"` // NetworkCmdPath is the path to the slirp4netns binary. - NetworkCmdPath string `toml:"network_cmd_path"` + NetworkCmdPath string `toml:"network_cmd_path,omitempty"` // NoPivotRoot sets whether to set no-pivot-root in the OCI runtime. - NoPivotRoot bool `toml:"no_pivot_root"` + NoPivotRoot bool `toml:"no_pivot_root,omitempty"` // NumLocks is the number of locks to make available for containers and // pods. NumLocks uint32 `toml:"num_locks,omitempty"` // OCIRuntime is the OCI runtime to use. - OCIRuntime string `toml:"runtime"` + OCIRuntime string `toml:"runtime,omitempty"` // OCIRuntimes are the set of configured OCI runtimes (default is runc). - OCIRuntimes map[string][]string `toml:"runtimes"` + OCIRuntimes map[string][]string `toml:"runtimes,omitempty"` // PullPolicy determines whether to pull image before creating or running a container // default is "missing" - PullPolicy string `toml:"pull_policy"` + PullPolicy string `toml:"pull_policy,omitempty"` + + // Indicates whether the application should be running in Remote mode + Remote bool `toml:"-"` + + // RemoteURI containers connection information used to connect to remote system. + RemoteURI string `toml:"remote_uri,omitempty"` + + // Identity key file for RemoteURI + RemoteIdentity string `toml:"remote_identity,omitempty"` + // RuntimePath is the path to OCI runtime binary for launching containers. // The first path pointing to a valid file will be used This is used only // when there are no OCIRuntime/OCIRuntimes defined. It is used only to be @@ -268,11 +280,15 @@ type EngineConfig struct { // RuntimeSupportsJSON is the list of the OCI runtimes that support // --format=json. - RuntimeSupportsJSON []string `toml:"runtime_supports_json"` + RuntimeSupportsJSON []string `toml:"runtime_supports_json,omitempty"` // RuntimeSupportsNoCgroups is a list of OCI runtimes that support // running containers without CGroups. - RuntimeSupportsNoCgroups []string `toml:"runtime_supports_nocgroupv2"` + RuntimeSupportsNoCgroups []string `toml:"runtime_supports_nocgroupv2,omitempty"` + + // RuntimeSupportsKVM is a list of OCI runtimes that support + // KVM separation for conatainers. + RuntimeSupportsKVM []string `toml:"runtime_supports_kvm,omitempty"` // SetOptions contains a subset of config options. It's used to indicate if // a given option has either been set by the user or by the parsed @@ -284,11 +300,11 @@ type EngineConfig struct { // SignaturePolicyPath is the path to a signature policy to use for // validating images. If left empty, the containers/image default signature // policy will be used. - SignaturePolicyPath string `toml:"_"` + SignaturePolicyPath string `toml:"-"` // SDNotify tells container engine to allow containers to notify the host systemd of // readiness using the SD_NOTIFY mechanism. - SDNotify bool + SDNotify bool `toml:"-"` // StateType is the type of the backing state store. Avoid using multiple // values for this with the same containers/storage configuration on the @@ -299,20 +315,20 @@ type EngineConfig struct { // StaticDir is the path to a persistent directory to store container // files. - StaticDir string `toml:"static_dir"` + StaticDir string `toml:"static_dir,omitempty"` // StopTimeout is the number of seconds to wait for container to exit // before sending kill signal. - StopTimeout uint `toml:"stop_timeout"` + StopTimeout uint `toml:"stop_timeout,omitempty"` // TmpDir is the path to a temporary directory to store per-boot container // files. Must be stored in a tmpfs. - TmpDir string `toml:"tmp_dir"` + TmpDir string `toml:"tmp_dir,omitempty"` // VolumePath is the default location that named volumes will be created // under. This convention is followed by the default volume driver, but // may not be by other drivers. - VolumePath string `toml:"volume_path"` + VolumePath string `toml:"volume_path,omitempty"` } // SetOptions contains a subset of options in a Config. It's used to indicate if @@ -361,14 +377,14 @@ type SetOptions struct { // NetworkConfig represents the "network" TOML config table type NetworkConfig struct { // CNIPluginDirs is where CNI plugin binaries are stored. - CNIPluginDirs []string `toml:"cni_plugin_dirs"` + CNIPluginDirs []string `toml:"cni_plugin_dirs,omitempty"` // DefaultNetwork is the network name of the default CNI network // to attach pods to. DefaultNetwork string `toml:"default_network,omitempty"` // NetworkConfigDir is where CNI network configuration files are stored. - NetworkConfigDir string `toml:"network_config_dir"` + NetworkConfigDir string `toml:"network_config_dir,omitempty"` } // NewConfig creates a new Config. It starts with an empty config and, if @@ -533,17 +549,8 @@ func (c *Config) Validate() error { // It returns an `error` on validation failure, otherwise // `nil`. func (c *EngineConfig) Validate() error { - // Relative paths can cause nasty bugs, because core paths we use could - // shift between runs (or even parts of the program - the OCI runtime - // uses a different working directory than we do, for example. - if c.StaticDir != "" && !filepath.IsAbs(c.StaticDir) { - return fmt.Errorf("static directory must be an absolute path - instead got %q", c.StaticDir) - } - if c.TmpDir != "" && !filepath.IsAbs(c.TmpDir) { - return fmt.Errorf("temporary directory must be an absolute path - instead got %q", c.TmpDir) - } - if c.VolumePath != "" && !filepath.IsAbs(c.VolumePath) { - return fmt.Errorf("volume path must be an absolute path - instead got %q", c.VolumePath) + if err := c.validatePaths(); err != nil { + return err } // Check if the pullPolicy from containers.conf is valid @@ -559,22 +566,13 @@ func (c *EngineConfig) Validate() error { // It returns an `error` on validation failure, otherwise // `nil`. func (c *ContainersConfig) Validate() error { - for _, u := range c.DefaultUlimits { - ul, err := units.ParseUlimit(u) - if err != nil { - return fmt.Errorf("unrecognized ulimit %s: %v", u, err) - } - _, err = ul.GetRlimit() - if err != nil { - return err - } + + if err := c.validateUlimits(); err != nil { + return err } - for _, d := range c.Devices { - _, _, _, err := Device(d) - if err != nil { - return err - } + if err := c.validateDevices(); err != nil { + return err } if c.LogSizeMax >= 0 && c.LogSizeMax < OCIBufSize { @@ -593,8 +591,7 @@ func (c *ContainersConfig) Validate() error { // execution checks. It returns an `error` on validation failure, otherwise // `nil`. func (c *NetworkConfig) Validate() error { - - if c.NetworkConfigDir != cniConfigDir { + if c.NetworkConfigDir != _cniConfigDir { err := isDirectory(c.NetworkConfigDir) if err != nil { return errors.Wrapf(err, "invalid network_config_dir: %s", c.NetworkConfigDir) @@ -695,7 +692,7 @@ func (c *Config) GetDefaultEnv() []string { // Capabilities returns the capabilities parses the Add and Drop capability // list from the default capabiltiies for the container -func (c *Config) Capabilities(user string, addCapabilities, dropCapabilities []string) []string { +func (c *Config) Capabilities(user string, addCapabilities, dropCapabilities []string) ([]string, error) { userNotRoot := func(user string) bool { if user == "" || user == "root" || user == "0" { @@ -704,36 +701,12 @@ func (c *Config) Capabilities(user string, addCapabilities, dropCapabilities []s return true } - var caps []string defaultCapabilities := c.Containers.DefaultCapabilities if userNotRoot(user) { defaultCapabilities = []string{} } - mapCap := make(map[string]bool, len(defaultCapabilities)) - for _, c := range addCapabilities { - if strings.ToLower(c) == "all" { - defaultCapabilities = capabilities.AllCapabilities() - addCapabilities = nil - break - } - } - - for _, c := range append(defaultCapabilities, addCapabilities...) { - mapCap[c] = true - } - for _, c := range dropCapabilities { - if "all" == strings.ToLower(c) { - return caps - } - mapCap[c] = false - } - for cap, add := range mapCap { - if add { - caps = append(caps, cap) - } - } - return caps + return capabilities.MergeCapabilities(defaultCapabilities, addCapabilities, dropCapabilities) } // Device parses device mapping string to a src, dest & permissions string @@ -820,31 +793,6 @@ func resolveHomeDir(path string) (string, error) { return strings.Replace(path, "~", home, 1), nil } -// isDirectory tests whether the given path exists and is a directory. It -// follows symlinks. -func isDirectory(path string) error { - path, err := resolveHomeDir(path) - if err != nil { - return err - } - - info, err := os.Stat(path) - if err != nil { - return err - } - - if !info.Mode().IsDir() { - // Return a PathError to be consistent with os.Stat(). - return &os.PathError{ - Op: "stat", - Path: path, - Err: syscall.ENOTDIR, - } - } - - return nil -} - func rootlessConfigPath() (string, error) { if configHome := os.Getenv("XDG_CONFIG_HOME"); configHome != "" { return filepath.Join(configHome, _configPath), nil @@ -895,3 +843,90 @@ func Default() (*Config, error) { }) return config, err } + +func Path() string { + if path := os.Getenv("CONTAINERS_CONF"); path != "" { + return path + } + if unshare.IsRootless() { + if rpath, err := rootlessConfigPath(); err == nil { + return rpath + } + return "$HOME/" + UserOverrideContainersConfig + } + return OverrideContainersConfig +} + +func customConfigFile() (string, error) { + path := os.Getenv("CONTAINERS_CONF") + if path != "" { + return path, nil + } + if unshare.IsRootless() { + path, err := rootlessConfigPath() + if err != nil { + return "", err + } + return path, nil + } + return OverrideContainersConfig, nil +} + +//ReadCustomConfig reads the custom config and only generates a config based on it +//If the custom config file does not exists, function will return an empty config +func ReadCustomConfig() (*Config, error) { + path, err := customConfigFile() + if err != nil { + return nil, err + } + // hack since Ommitempty does not seem to work with Write + c, err := Default() + if err != nil { + if os.IsNotExist(errors.Cause(err)) { + c, err = DefaultConfig() + } + if err != nil { + return nil, err + } + } + + newConfig := &Config{} + if _, err := os.Stat(path); err == nil { + newConfig, err = readConfigFromFile(path, newConfig) + if err != nil { + return nil, err + } + } else { + if !os.IsNotExist(err) { + return nil, err + } + } + newConfig.Containers.LogSizeMax = c.Containers.LogSizeMax + newConfig.Containers.PidsLimit = c.Containers.PidsLimit + newConfig.Containers.UserNSSize = c.Containers.UserNSSize + newConfig.Engine.NumLocks = c.Engine.NumLocks + newConfig.Engine.StopTimeout = c.Engine.StopTimeout + return newConfig, nil +} + +// Write writes the configuration to the default file +func (c *Config) Write() error { + var err error + path, err := customConfigFile() + if err != nil { + return err + } + if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil { + return err + } + configFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0600) + if err != nil { + return errors.Wrapf(err, "cannot open %s", path) + } + defer configFile.Close() + enc := toml.NewEncoder(configFile) + if err := enc.Encode(c); err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/containers/common/pkg/config/config_local.go b/vendor/github.com/containers/common/pkg/config/config_local.go new file mode 100644 index 00000000000..8f4daa3d7c2 --- /dev/null +++ b/vendor/github.com/containers/common/pkg/config/config_local.go @@ -0,0 +1,81 @@ +// +build !remote + +package config + +import ( + "fmt" + "os" + "path/filepath" + "syscall" + + units "github.com/docker/go-units" +) + +// isDirectory tests whether the given path exists and is a directory. It +// follows symlinks. +func isDirectory(path string) error { + path, err := resolveHomeDir(path) + if err != nil { + return err + } + + info, err := os.Stat(path) + if err != nil { + return err + } + + if !info.Mode().IsDir() { + // Return a PathError to be consistent with os.Stat(). + return &os.PathError{ + Op: "stat", + Path: path, + Err: syscall.ENOTDIR, + } + } + + return nil +} + +func (c *EngineConfig) validatePaths() error { + // Relative paths can cause nasty bugs, because core paths we use could + // shift between runs or even parts of the program. - The OCI runtime + // uses a different working directory than we do, for example. + if c.StaticDir != "" && !filepath.IsAbs(c.StaticDir) { + return fmt.Errorf("static directory must be an absolute path - instead got %q", c.StaticDir) + } + if c.TmpDir != "" && !filepath.IsAbs(c.TmpDir) { + return fmt.Errorf("temporary directory must be an absolute path - instead got %q", c.TmpDir) + } + if c.VolumePath != "" && !filepath.IsAbs(c.VolumePath) { + return fmt.Errorf("volume path must be an absolute path - instead got %q", c.VolumePath) + } + return nil +} + +func (c *ContainersConfig) validateDevices() error { + for _, d := range c.Devices { + _, _, _, err := Device(d) + if err != nil { + return err + } + } + return nil +} + +func (c *ContainersConfig) validateUlimits() error { + for _, u := range c.DefaultUlimits { + ul, err := units.ParseUlimit(u) + if err != nil { + return fmt.Errorf("unrecognized ulimit %s: %v", u, err) + } + _, err = ul.GetRlimit() + if err != nil { + return err + } + } + return nil +} + +func isRemote() bool { + return false +} diff --git a/vendor/github.com/containers/common/pkg/config/config_remote.go b/vendor/github.com/containers/common/pkg/config/config_remote.go new file mode 100644 index 00000000000..d012dbd2f3b --- /dev/null +++ b/vendor/github.com/containers/common/pkg/config/config_remote.go @@ -0,0 +1,25 @@ +// +build remote + +package config + +// isDirectory tests whether the given path exists and is a directory. It +// follows symlinks. +func isDirectory(path string) error { + return nil +} + +func isRemote() bool { + return true +} + +func (c *EngineConfig) validatePaths() error { + return nil +} + +func (c *ContainersConfig) validateDevices() error { + return nil +} + +func (c *ContainersConfig) validateUlimits() error { + return nil +} diff --git a/vendor/github.com/containers/common/pkg/config/config_unix.go b/vendor/github.com/containers/common/pkg/config/config_unix.go deleted file mode 100644 index f270f2e95f7..00000000000 --- a/vendor/github.com/containers/common/pkg/config/config_unix.go +++ /dev/null @@ -1,15 +0,0 @@ -// +build !windows - -package config - -// Defaults for linux/unix if none are specified -const ( - cniConfigDir = "/etc/cni/net.d/" -) - -var cniBinDir = []string{ - "/usr/libexec/cni", - "/usr/lib/cni", - "/usr/local/lib/cni", - "/opt/cni/bin", -} diff --git a/vendor/github.com/containers/common/pkg/config/config_windows.go b/vendor/github.com/containers/common/pkg/config/config_windows.go deleted file mode 100644 index f6a6512a1e6..00000000000 --- a/vendor/github.com/containers/common/pkg/config/config_windows.go +++ /dev/null @@ -1,10 +0,0 @@ -// +build windows - -package config - -// Defaults for linux/unix if none are specified -const ( - cniConfigDir = "C:\\cni\\etc\\net.d\\" -) - -var cniBinDir = []string{"C:\\cni\\bin\\"} diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 5460d5f267d..389479fa586 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -47,6 +47,15 @@ # # cgroupns = "private" +# Control container cgroup configuration +# Determines whether the container will create CGroups. +# Options are: +# `enabled` Enable cgroup support within container +# `disabled` Disable cgroup support, will inherit cgroups from parent +# `no-conmon` Container engine runs run without conmon +# +# cgroups = "enabled" + # List of default capabilities for containers. If it is empty or commented out, # the default capabilities defined in the container engine will be added. # @@ -83,7 +92,7 @@ # Ulimits has limits for non privileged container engines. # # default_ulimits = [ -# “nofile”=”1280:2560”, +# "nofile"="1280:2560", # ] # List of default DNS options to be added to /etc/resolv.conf inside of the container. @@ -96,7 +105,7 @@ # Set default DNS servers. # This option can be used to override the DNS configuration passed to the -# container. The special value “none” can be specified to disable creation of +# container. The special value "none" can be specified to disable creation of # /etc/resolv.conf in the container. # The /etc/resolv.conf file in the image will be used without changes. # @@ -116,7 +125,7 @@ # Path to OCI hooks directories for automatically executed hooks. # # hooks_dir = [ -# “/usr/share/containers/oci/hooks.d”, +# "/usr/share/containers/oci/hooks.d", # ] # Default proxy environment variables passed into the container. @@ -211,7 +220,7 @@ # userns = "host" # Number of UIDs to allocate for the automatic container creation. -# UIDs are allocated from the “container” UIDs listed in +# UIDs are allocated from the "container" UIDs listed in # /etc/subuid & /etc/subgid # # userns_size=65536 @@ -232,7 +241,7 @@ [engine] # Cgroup management implementation used for the runtime. -# Valid options “systemd” or “cgroupfs” +# Valid options "systemd" or "cgroupfs" # # cgroup_manager = "systemd" @@ -347,6 +356,14 @@ # # runtime_supports_json = ["crun", "runc", "kata"] +# List of the OCI runtimes that supports running containers without cgroups. +# +# runtime_supports_nocgroups = ["crun"] + +# List of the OCI runtimes that supports running containers with KVM Separation. +# +# runtime_supports_kvm = ["kata"] + # Paths to look for a valid OCI runtime (runc, runv, kata, etc) [engine.runtimes] # runc = [ diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 5dea74305bb..fe523cbf52f 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -53,9 +53,6 @@ var ( // DefaultDetachKeys is the default keys sequence for detaching a // container DefaultDetachKeys = "ctrl-p,ctrl-q" -) - -var ( // ErrConmonOutdated indicates the version of conmon found (whether via the configuration or $PATH) // is out of date for the current podman version ErrConmonOutdated = errors.New("outdated conmon version") @@ -80,15 +77,24 @@ var ( "CAP_SETUID", "CAP_SYS_CHROOT", } + + cniBinDir = []string{ + "/usr/libexec/cni", + "/usr/lib/cni", + "/usr/local/lib/cni", + "/opt/cni/bin", + } ) const ( - // EtcDir is the sysconfdir where podman should look for system config files. + // _etcDir is the sysconfdir where podman should look for system config files. // It can be overridden at build time. _etcDir = "/etc" // InstallPrefix is the prefix where podman will be installed. // It can be overridden at build time. _installPrefix = "/usr" + // _cniConfigDir is the directory where cni plugins are found + _cniConfigDir = "/etc/cni/net.d/" // CgroupfsCgroupsManager represents cgroupfs native cgroup manager CgroupfsCgroupsManager = "cgroupfs" // DefaultApparmorProfile specifies the default apparmor profile for the container. @@ -105,6 +111,9 @@ const ( DefaultPidsLimit = 2048 // DefaultPullPolicy pulls the image if it does not exist locally DefaultPullPolicy = "missing" + // DefaultSignaturePolicyPath is the default value for the + // policy.json file. + DefaultSignaturePolicyPath = "/etc/containers/policy.json" // DefaultRootlessSignaturePolicyPath is the default value for the // rootless policy.json file. DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json" @@ -129,14 +138,19 @@ func DefaultConfig() (*Config, error) { } netns := "bridge" + + defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath if unshare.IsRootless() { home, err := unshare.HomeDir() if err != nil { return nil, err } sigPath := filepath.Join(home, DefaultRootlessSignaturePolicyPath) - if _, err := os.Stat(sigPath); err == nil { - defaultEngineConfig.SignaturePolicyPath = sigPath + defaultEngineConfig.SignaturePolicyPath = sigPath + if _, err := os.Stat(sigPath); err != nil { + if _, err := os.Stat(DefaultSignaturePolicyPath); err == nil { + defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath + } } netns = "slirp4netns" } @@ -153,6 +167,7 @@ func DefaultConfig() (*Config, error) { Annotations: []string{}, ApparmorProfile: DefaultApparmorProfile, CgroupNS: cgroupNS, + Cgroups: "enabled", DefaultCapabilities: DefaultCapabilities, DefaultSysctls: []string{}, DefaultUlimits: getDefaultProcessLimits(), @@ -182,7 +197,7 @@ func DefaultConfig() (*Config, error) { }, Network: NetworkConfig{ DefaultNetwork: "podman", - NetworkConfigDir: cniConfigDir, + NetworkConfigDir: _cniConfigDir, CNIPluginDirs: cniBinDir, }, Engine: *defaultEngineConfig, @@ -224,6 +239,7 @@ func defaultConfigFromMemory() (*EngineConfig, error) { c.CgroupManager = defaultCgroupManager() c.StopTimeout = uint(10) + c.Remote = isRemote() c.OCIRuntimes = map[string][]string{ "runc": { "/usr/bin/runc", @@ -274,6 +290,7 @@ func defaultConfigFromMemory() (*EngineConfig, error) { "runc", } c.RuntimeSupportsNoCgroups = []string{"crun"} + c.RuntimeSupportsKVM = []string{"kata", "kata-runtime", "kata-qemu", "kata-fc"} c.InitPath = DefaultInitPath c.NoPivotRoot = false @@ -443,6 +460,11 @@ func (c *Config) CgroupNS() string { return c.Containers.CgroupNS } +// Cgroups returns whether to containers with cgroup confinement +func (c *Config) Cgroups() string { + return c.Containers.Cgroups +} + // UTSNS returns the default UTS Namespace configuration to run containers with func (c *Config) UTSNS() string { return c.Containers.UTSNS @@ -461,9 +483,12 @@ func (c *Config) Ulimits() []string { // PidsLimit returns the default maximum number of pids to use in containers func (c *Config) PidsLimit() int64 { if unshare.IsRootless() { - cgroup2, _ := cgroupv2.Enabled() - if cgroup2 { - return c.Containers.PidsLimit + if c.Engine.CgroupManager == SystemdCgroupsManager { + cgroup2, _ := cgroupv2.Enabled() + if cgroup2 { + return c.Containers.PidsLimit + } + return 0 } } return sysinfo.GetDefaultPidsLimit() diff --git a/vendor/github.com/containers/common/pkg/config/libpodConfig.go b/vendor/github.com/containers/common/pkg/config/libpodConfig.go index 89566f7895a..ab507e86451 100644 --- a/vendor/github.com/containers/common/pkg/config/libpodConfig.go +++ b/vendor/github.com/containers/common/pkg/config/libpodConfig.go @@ -226,7 +226,7 @@ func newLibpodConfig(c *Config) error { // hard code EventsLogger to "file" to match older podman versions. if config.EventsLogger != "file" { - logrus.Debugf("Ignoring lipod.conf EventsLogger setting %q. Use containers.conf if you want to change this setting and remove libpod.conf files.", config.EventsLogger) + logrus.Debugf("Ignoring libpod.conf EventsLogger setting %q. Use %q if you want to change this setting and remove libpod.conf files.", Path(), config.EventsLogger) config.EventsLogger = "file" } @@ -246,20 +246,6 @@ func readLibpodConfigFromFile(path string, config *ConfigFromLibpod) (*ConfigFro return nil, fmt.Errorf("unable to decode configuration %v: %v", path, err) } - // For the sake of backwards compat we need to check if the config fields - // with *Set suffix are set in the config. Note that the storage-related - // fields are NOT set in the config here but in the storage.conf OR directly - // by the user. - if config.VolumePath != "" { - config.VolumePathSet = true - } - if config.StaticDir != "" { - config.StaticDirSet = true - } - if config.TmpDir != "" { - config.TmpDirSet = true - } - return config, err } @@ -276,7 +262,7 @@ func systemLibpodConfigs() ([]string, error) { } // TODO: Raise to Warnf, when Podman is updated to // remove libpod.conf by default - logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", path, containersConfPath) + logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", Path(), containersConfPath) return []string{path}, nil } return nil, err @@ -350,40 +336,75 @@ func (c *Config) libpodConfig() *ConfigFromLibpod { func (c *Config) libpodToContainersConfig(libpodConf *ConfigFromLibpod) { - c.Containers.InitPath = libpodConf.InitPath + if libpodConf.InitPath != "" { + c.Containers.InitPath = libpodConf.InitPath + } c.Containers.LogSizeMax = libpodConf.MaxLogSize c.Containers.EnableLabeling = libpodConf.EnableLabeling - c.Engine.SignaturePolicyPath = libpodConf.SignaturePolicyPath + if libpodConf.SignaturePolicyPath != "" { + c.Engine.SignaturePolicyPath = libpodConf.SignaturePolicyPath + } c.Engine.SetOptions = libpodConf.SetOptions - c.Engine.VolumePath = libpodConf.VolumePath - c.Engine.ImageDefaultTransport = libpodConf.ImageDefaultTransport - c.Engine.OCIRuntime = libpodConf.OCIRuntime + if libpodConf.VolumePath != "" { + c.Engine.VolumePath = libpodConf.VolumePath + } + if libpodConf.ImageDefaultTransport != "" { + c.Engine.ImageDefaultTransport = libpodConf.ImageDefaultTransport + } + if libpodConf.OCIRuntime != "" { + c.Engine.OCIRuntime = libpodConf.OCIRuntime + } c.Engine.OCIRuntimes = libpodConf.OCIRuntimes c.Engine.RuntimeSupportsJSON = libpodConf.RuntimeSupportsJSON c.Engine.RuntimeSupportsNoCgroups = libpodConf.RuntimeSupportsNoCgroups c.Engine.RuntimePath = libpodConf.RuntimePath c.Engine.ConmonPath = libpodConf.ConmonPath c.Engine.ConmonEnvVars = libpodConf.ConmonEnvVars - c.Engine.CgroupManager = libpodConf.CgroupManager - c.Engine.StaticDir = libpodConf.StaticDir - c.Engine.TmpDir = libpodConf.TmpDir + if libpodConf.CgroupManager != "" { + c.Engine.CgroupManager = libpodConf.CgroupManager + } + if libpodConf.StaticDir != "" { + c.Engine.StaticDir = libpodConf.StaticDir + } + if libpodConf.TmpDir != "" { + c.Engine.TmpDir = libpodConf.TmpDir + } c.Engine.NoPivotRoot = libpodConf.NoPivotRoot c.Engine.HooksDir = libpodConf.HooksDir - c.Engine.Namespace = libpodConf.Namespace - c.Engine.InfraImage = libpodConf.InfraImage - c.Engine.InfraCommand = libpodConf.InfraCommand + if libpodConf.Namespace != "" { + c.Engine.Namespace = libpodConf.Namespace + } + if libpodConf.InfraImage != "" { + c.Engine.InfraImage = libpodConf.InfraImage + } + if libpodConf.InfraCommand != "" { + c.Engine.InfraCommand = libpodConf.InfraCommand + } + c.Engine.EnablePortReservation = libpodConf.EnablePortReservation - c.Engine.NetworkCmdPath = libpodConf.NetworkCmdPath + if libpodConf.NetworkCmdPath != "" { + c.Engine.NetworkCmdPath = libpodConf.NetworkCmdPath + } c.Engine.NumLocks = libpodConf.NumLocks c.Engine.LockType = libpodConf.LockType - c.Engine.EventsLogger = libpodConf.EventsLogger - c.Engine.EventsLogFilePath = libpodConf.EventsLogFilePath - c.Engine.DetachKeys = libpodConf.DetachKeys + if libpodConf.EventsLogger != "" { + c.Engine.EventsLogger = libpodConf.EventsLogger + } + if libpodConf.EventsLogFilePath != "" { + c.Engine.EventsLogFilePath = libpodConf.EventsLogFilePath + } + if libpodConf.DetachKeys != "" { + c.Engine.DetachKeys = libpodConf.DetachKeys + } c.Engine.SDNotify = libpodConf.SDNotify c.Engine.CgroupCheck = libpodConf.CgroupCheck - c.Network.NetworkConfigDir = libpodConf.CNIConfigDir + if libpodConf.CNIConfigDir != "" { + c.Network.NetworkConfigDir = libpodConf.CNIConfigDir + } c.Network.CNIPluginDirs = libpodConf.CNIPluginDir - c.Network.DefaultNetwork = libpodConf.CNIDefaultNetwork + if libpodConf.CNIDefaultNetwork != "" { + c.Network.DefaultNetwork = libpodConf.CNIDefaultNetwork + } } diff --git a/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go b/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go index 269ea686a18..fcb3cab72e0 100644 --- a/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go +++ b/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go @@ -40,7 +40,7 @@ func New(quiet bool) *SysInfo { sysInfo.cgroupCPUInfo = checkCgroupCPU(cgMounts, quiet) sysInfo.cgroupBlkioInfo = checkCgroupBlkioInfo(cgMounts, quiet) sysInfo.cgroupCpusetInfo = checkCgroupCpusetInfo(cgMounts, quiet) - sysInfo.cgroupPids = checkCgroupPids(quiet) + sysInfo.cgroupPids = checkCgroupPids(cgMounts, quiet) } _, ok := cgMounts["devices"] @@ -227,16 +227,17 @@ func checkCgroupCpusetInfo(cgMounts map[string]string, quiet bool) cgroupCpusetI } // checkCgroupPids reads the pids information from the pids cgroup mount point. -func checkCgroupPids(quiet bool) cgroupPids { +func checkCgroupPids(cgMounts map[string]string, quiet bool) cgroupPids { cgroup2, err := cgroupv2.Enabled() if err != nil { logrus.Errorf("Failed to check cgroups version: %v", err) + return cgroupPids{} } if !cgroup2 { - _, err := cgroups.FindCgroupMountpoint("", "pids") - if err != nil { + _, ok := cgMounts["pids"] + if !ok { if !quiet { - logrus.Warn(err) + logrus.Warn("unable to find pids cgroup in mounts") } return cgroupPids{} } diff --git a/vendor/github.com/containers/image/v5/copy/copy.go b/vendor/github.com/containers/image/v5/copy/copy.go index e8610254cf9..7482fb45859 100644 --- a/vendor/github.com/containers/image/v5/copy/copy.go +++ b/vendor/github.com/containers/image/v5/copy/copy.go @@ -659,7 +659,7 @@ func (c *copier) copyOneImage(ctx context.Context, policyContext *signature.Poli // With !ic.canModifyManifest, that would just be a string of repeated failures for the same reason, // so let’s bail out early and with a better error message. if !ic.canModifyManifest { - return nil, "", "", errors.Wrap(err, "Writing manifest failed (and converting it is not possible)") + return nil, "", "", errors.Wrap(err, "Writing manifest failed (and converting it is not possible, image is signed or the destination specifies a digest)") } // errs is a list of errors when trying various manifest types. Also serves as an "upload succeeded" flag when set to nil. @@ -757,7 +757,7 @@ func (ic *imageCopier) updateEmbeddedDockerReference() error { } if !ic.canModifyManifest { - return errors.Errorf("Copying a schema1 image with an embedded Docker reference to %s (Docker reference %s) would invalidate existing signatures. Explicitly enable signature removal to proceed anyway", + return errors.Errorf("Copying a schema1 image with an embedded Docker reference to %s (Docker reference %s) would change the manifest, which is not possible (image is signed or the destination specifies a digest)", transports.ImageName(ic.c.dest.Reference()), destRef.String()) } ic.manifestUpdates.EmbeddedDockerReference = destRef @@ -784,7 +784,7 @@ func (ic *imageCopier) copyLayers(ctx context.Context) error { // If we only need to check authorization, no updates required. if updatedSrcInfos != nil && !reflect.DeepEqual(srcInfos, updatedSrcInfos) { if !ic.canModifyManifest { - return errors.Errorf("Internal error: copyLayers() needs to use an updated manifest but that was known to be forbidden") + return errors.Errorf("Copying this image requires changing layer representation, which is not possible (image is signed or the destination specifies a digest)") } srcInfos = updatedSrcInfos srcInfosUpdated = true @@ -798,7 +798,6 @@ func (ic *imageCopier) copyLayers(ctx context.Context) error { // copyGroup is used to determine if all layers are copied copyGroup := sync.WaitGroup{} - copyGroup.Add(numLayers) // copySemaphore is used to limit the number of parallel downloads to // avoid malicious images causing troubles and to be nice to servers. @@ -850,18 +849,22 @@ func (ic *imageCopier) copyLayers(ctx context.Context) error { if err := func() error { // A scope for defer progressPool, progressCleanup := ic.c.newProgressPool(ctx) - defer progressCleanup() + defer func() { + // Wait for all layers to be copied. progressCleanup() must not be called while any of the copyLayerHelpers interact with the progressPool. + copyGroup.Wait() + progressCleanup() + }() for i, srcLayer := range srcInfos { err = copySemaphore.Acquire(ctx, 1) if err != nil { return errors.Wrapf(err, "Can't acquire semaphore") } + copyGroup.Add(1) go copyLayerHelper(i, srcLayer, encLayerBitmap[i], progressPool) } - // Wait for all layers to be copied - copyGroup.Wait() + // A call to copyGroup.Wait() is done at this point by the defer above. return nil }(); err != nil { return err @@ -1057,6 +1060,14 @@ func (ic *imageCopier) copyLayer(ctx context.Context, srcInfo types.BlobInfo, to logrus.Debugf("Skipping blob %s (already present):", srcInfo.Digest) bar := ic.c.createProgressBar(pool, srcInfo, "blob", "skipped: already exists") bar.SetTotal(0, true) + + // Throw an event that the layer has been skipped + if ic.c.progress != nil && ic.c.progressInterval > 0 { + ic.c.progress <- types.ProgressProperties{ + Event: types.ProgressEventSkipped, + Artifact: srcInfo, + } + } return blobInfo, cachedDiffID, nil } } diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go index c5c49b90b34..9461bc91ad9 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_client.go +++ b/vendor/github.com/containers/image/v5/docker/docker_client.go @@ -613,6 +613,9 @@ func (c *dockerClient) getBearerTokenOAuth2(ctx context.Context, challenge chall params.Add("client_id", "containers/image") authReq.Body = ioutil.NopCloser(bytes.NewBufferString(params.Encode())) + if c.sys != nil && c.sys.DockerRegistryUserAgent != "" { + authReq.Header.Add("User-Agent", c.sys.DockerRegistryUserAgent) + } authReq.Header.Add("Content-Type", "application/x-www-form-urlencoded") logrus.Debugf("%s %s", authReq.Method, authReq.URL.String()) res, err := c.client.Do(authReq) @@ -665,6 +668,9 @@ func (c *dockerClient) getBearerToken(ctx context.Context, challenge challenge, if c.auth.Username != "" && c.auth.Password != "" { authReq.SetBasicAuth(c.auth.Username, c.auth.Password) } + if c.sys != nil && c.sys.DockerRegistryUserAgent != "" { + authReq.Header.Add("User-Agent", c.sys.DockerRegistryUserAgent) + } logrus.Debugf("%s %s", authReq.Method, authReq.URL.String()) res, err := c.client.Do(authReq) diff --git a/vendor/github.com/containers/image/v5/docker/docker_image.go b/vendor/github.com/containers/image/v5/docker/docker_image.go index 483581dbcc4..479effa593d 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_image.go +++ b/vendor/github.com/containers/image/v5/docker/docker_image.go @@ -37,7 +37,7 @@ func newImage(ctx context.Context, sys *types.SystemContext, ref dockerReference // SourceRefFullName returns a fully expanded name for the repository this image is in. func (i *Image) SourceRefFullName() string { - return i.src.ref.ref.Name() + return i.src.logicalRef.ref.Name() } // GetRepositoryTags list all tags available in the repository. The tag @@ -45,7 +45,7 @@ func (i *Image) SourceRefFullName() string { // backward-compatible shim method which calls the module-level // GetRepositoryTags) func (i *Image) GetRepositoryTags(ctx context.Context) ([]string, error) { - return GetRepositoryTags(ctx, i.src.c.sys, i.src.ref) + return GetRepositoryTags(ctx, i.src.c.sys, i.src.logicalRef) } // GetRepositoryTags list all tags available in the repository. The tag diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go index ab74e1607d1..979100ee38b 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go +++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go @@ -16,6 +16,7 @@ import ( "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/internal/iolimits" + "github.com/containers/image/v5/internal/uploadreader" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/pkg/blobinfocache/none" "github.com/containers/image/v5/types" @@ -162,20 +163,31 @@ func (d *dockerImageDestination) PutBlob(ctx context.Context, stream io.Reader, digester := digest.Canonical.Digester() sizeCounter := &sizeCounter{} - tee := io.TeeReader(stream, io.MultiWriter(digester.Hash(), sizeCounter)) - res, err = d.c.makeRequestToResolvedURL(ctx, "PATCH", uploadLocation.String(), map[string][]string{"Content-Type": {"application/octet-stream"}}, tee, inputInfo.Size, v2Auth, nil) + uploadLocation, err = func() (*url.URL, error) { // A scope for defer + uploadReader := uploadreader.NewUploadReader(io.TeeReader(stream, io.MultiWriter(digester.Hash(), sizeCounter))) + // This error text should never be user-visible, we terminate only after makeRequestToResolvedURL + // returns, so there isn’t a way for the error text to be provided to any of our callers. + defer uploadReader.Terminate(errors.New("Reading data from an already terminated upload")) + res, err = d.c.makeRequestToResolvedURL(ctx, "PATCH", uploadLocation.String(), map[string][]string{"Content-Type": {"application/octet-stream"}}, uploadReader, inputInfo.Size, v2Auth, nil) + if err != nil { + logrus.Debugf("Error uploading layer chunked %v", err) + return nil, err + } + defer res.Body.Close() + if !successStatus(res.StatusCode) { + return nil, errors.Wrapf(client.HandleErrorResponse(res), "Error uploading layer chunked") + } + uploadLocation, err := res.Location() + if err != nil { + return nil, errors.Wrap(err, "Error determining upload URL") + } + return uploadLocation, nil + }() if err != nil { - logrus.Debugf("Error uploading layer chunked, response %#v", res) return types.BlobInfo{}, err } - defer res.Body.Close() computedDigest := digester.Digest() - uploadLocation, err = res.Location() - if err != nil { - return types.BlobInfo{}, errors.Wrap(err, "Error determining upload URL") - } - // FIXME: DELETE uploadLocation on failure (does not really work in docker/distribution servers, which incorrectly require the "delete" action in the token's scope) locationQuery := uploadLocation.Query() @@ -469,17 +481,17 @@ func (d *dockerImageDestination) PutSignatures(ctx context.Context, signatures [ } switch { case d.c.signatureBase != nil: - return d.putSignaturesToLookaside(signatures, instanceDigest) + return d.putSignaturesToLookaside(signatures, *instanceDigest) case d.c.supportsSignatures: - return d.putSignaturesToAPIExtension(ctx, signatures, instanceDigest) + return d.putSignaturesToAPIExtension(ctx, signatures, *instanceDigest) default: return errors.Errorf("X-Registry-Supports-Signatures extension not supported, and lookaside is not configured") } } // putSignaturesToLookaside implements PutSignatures() from the lookaside location configured in s.c.signatureBase, -// which is not nil. -func (d *dockerImageDestination) putSignaturesToLookaside(signatures [][]byte, instanceDigest *digest.Digest) error { +// which is not nil, for a manifest with manifestDigest. +func (d *dockerImageDestination) putSignaturesToLookaside(signatures [][]byte, manifestDigest digest.Digest) error { // FIXME? This overwrites files one at a time, definitely not atomic. // A failure when updating signatures with a reordered copy could lose some of them. @@ -490,7 +502,7 @@ func (d *dockerImageDestination) putSignaturesToLookaside(signatures [][]byte, i // NOTE: Keep this in sync with docs/signature-protocols.md! for i, signature := range signatures { - url := signatureStorageURL(d.c.signatureBase, *instanceDigest, i) + url := signatureStorageURL(d.c.signatureBase, manifestDigest, i) if url == nil { return errors.Errorf("Internal error: signatureStorageURL with non-nil base returned nil") } @@ -505,7 +517,7 @@ func (d *dockerImageDestination) putSignaturesToLookaside(signatures [][]byte, i // is enough for dockerImageSource to stop looking for other signatures, so that // is sufficient. for i := len(signatures); ; i++ { - url := signatureStorageURL(d.c.signatureBase, *instanceDigest, i) + url := signatureStorageURL(d.c.signatureBase, manifestDigest, i) if url == nil { return errors.Errorf("Internal error: signatureStorageURL with non-nil base returned nil") } @@ -564,8 +576,9 @@ func (c *dockerClient) deleteOneSignature(url *url.URL) (missing bool, err error } } -// putSignaturesToAPIExtension implements PutSignatures() using the X-Registry-Supports-Signatures API extension. -func (d *dockerImageDestination) putSignaturesToAPIExtension(ctx context.Context, signatures [][]byte, instanceDigest *digest.Digest) error { +// putSignaturesToAPIExtension implements PutSignatures() using the X-Registry-Supports-Signatures API extension, +// for a manifest with manifestDigest. +func (d *dockerImageDestination) putSignaturesToAPIExtension(ctx context.Context, signatures [][]byte, manifestDigest digest.Digest) error { // Skip dealing with the manifest digest, or reading the old state, if not necessary. if len(signatures) == 0 { return nil @@ -575,7 +588,7 @@ func (d *dockerImageDestination) putSignaturesToAPIExtension(ctx context.Context // always adds signatures. Eventually we should also allow removing signatures, // but the X-Registry-Supports-Signatures API extension does not support that yet. - existingSignatures, err := d.c.getExtensionsSignatures(ctx, d.ref, *instanceDigest) + existingSignatures, err := d.c.getExtensionsSignatures(ctx, d.ref, manifestDigest) if err != nil { return err } @@ -600,7 +613,7 @@ sigExists: if err != nil || n != 16 { return errors.Wrapf(err, "Error generating random signature len %d", n) } - signatureName = fmt.Sprintf("%s@%032x", instanceDigest.String(), randBytes) + signatureName = fmt.Sprintf("%s@%032x", manifestDigest.String(), randBytes) if _, ok := existingSigNames[signatureName]; !ok { break } @@ -616,7 +629,7 @@ sigExists: return err } - path := fmt.Sprintf(extensionsSignaturePath, reference.Path(d.ref.ref), d.manifestDigest.String()) + path := fmt.Sprintf(extensionsSignaturePath, reference.Path(d.ref.ref), manifestDigest.String()) res, err := d.c.makeRequest(ctx, "PUT", path, nil, bytes.NewReader(body), v2Auth, nil) if err != nil { return err diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_src.go b/vendor/github.com/containers/image/v5/docker/docker_image_src.go index 9c0c20c64ea..55eb38824a2 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go +++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go @@ -24,8 +24,9 @@ import ( ) type dockerImageSource struct { - ref dockerReference - c *dockerClient + logicalRef dockerReference // The reference the user requested. + physicalRef dockerReference // The actual reference we are accessing (possibly a mirror) + c *dockerClient // State cachedManifest []byte // nil if not loaded yet cachedManifestMIMEType string // Only valid if cachedManifest != nil @@ -49,7 +50,6 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef } } - primaryDomain := reference.Domain(ref.ref) // Check all endpoints for the manifest availability. If we find one that does // contain the image, it will be used for all future pull actions. Always try the // non-mirror original location last; this both transparently handles the case @@ -66,7 +66,7 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef attempts := []attempt{} for _, pullSource := range pullSources { logrus.Debugf("Trying to access %q", pullSource.Reference) - s, err := newImageSourceAttempt(ctx, sys, pullSource, primaryDomain) + s, err := newImageSourceAttempt(ctx, sys, ref, pullSource) if err == nil { return s, nil } @@ -95,32 +95,33 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef } // newImageSourceAttempt is an internal helper for newImageSource. Everyone else must call newImageSource. -// Given a pullSource and primaryDomain, return a dockerImageSource if it is reachable. +// Given a logicalReference and a pullSource, return a dockerImageSource if it is reachable. // The caller must call .Close() on the returned ImageSource. -func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, pullSource sysregistriesv2.PullSource, primaryDomain string) (*dockerImageSource, error) { - ref, err := newReference(pullSource.Reference) +func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, logicalRef dockerReference, pullSource sysregistriesv2.PullSource) (*dockerImageSource, error) { + physicalRef, err := newReference(pullSource.Reference) if err != nil { return nil, err } endpointSys := sys // sys.DockerAuthConfig does not explicitly specify a registry; we must not blindly send the credentials intended for the primary endpoint to mirrors. - if endpointSys != nil && endpointSys.DockerAuthConfig != nil && reference.Domain(ref.ref) != primaryDomain { + if endpointSys != nil && endpointSys.DockerAuthConfig != nil && reference.Domain(physicalRef.ref) != reference.Domain(logicalRef.ref) { copy := *endpointSys copy.DockerAuthConfig = nil copy.DockerBearerRegistryToken = "" endpointSys = © } - client, err := newDockerClientFromRef(endpointSys, ref, false, "pull") + client, err := newDockerClientFromRef(endpointSys, physicalRef, false, "pull") if err != nil { return nil, err } client.tlsClientConfig.InsecureSkipVerify = pullSource.Endpoint.Insecure s := &dockerImageSource{ - ref: ref, - c: client, + logicalRef: logicalRef, + physicalRef: physicalRef, + c: client, } if err := s.ensureManifestIsLoaded(ctx); err != nil { @@ -132,7 +133,7 @@ func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, pullSo // Reference returns the reference used to set up this source, _as specified by the user_ // (not as the image itself, or its underlying storage, claims). This can be used e.g. to determine which public keys are trusted for this image. func (s *dockerImageSource) Reference() types.ImageReference { - return s.ref + return s.logicalRef } // Close removes resources associated with an initialized ImageSource, if any. @@ -181,7 +182,7 @@ func (s *dockerImageSource) GetManifest(ctx context.Context, instanceDigest *dig } func (s *dockerImageSource) fetchManifest(ctx context.Context, tagOrDigest string) ([]byte, string, error) { - path := fmt.Sprintf(manifestPath, reference.Path(s.ref.ref), tagOrDigest) + path := fmt.Sprintf(manifestPath, reference.Path(s.physicalRef.ref), tagOrDigest) headers := map[string][]string{ "Accept": manifest.DefaultRequestedManifestMIMETypes, } @@ -189,9 +190,10 @@ func (s *dockerImageSource) fetchManifest(ctx context.Context, tagOrDigest strin if err != nil { return nil, "", err } + logrus.Debugf("Content-Type from manifest GET is %q", res.Header.Get("Content-Type")) defer res.Body.Close() if res.StatusCode != http.StatusOK { - return nil, "", errors.Wrapf(client.HandleErrorResponse(res), "Error reading manifest %s in %s", tagOrDigest, s.ref.ref.Name()) + return nil, "", errors.Wrapf(client.HandleErrorResponse(res), "Error reading manifest %s in %s", tagOrDigest, s.physicalRef.ref.Name()) } manblob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxManifestBodySize) @@ -213,7 +215,7 @@ func (s *dockerImageSource) ensureManifestIsLoaded(ctx context.Context) error { return nil } - reference, err := s.ref.tagOrDigest() + reference, err := s.physicalRef.tagOrDigest() if err != nil { return err } @@ -271,7 +273,7 @@ func (s *dockerImageSource) GetBlob(ctx context.Context, info types.BlobInfo, ca return s.getExternalBlob(ctx, info.URLs) } - path := fmt.Sprintf(blobsPath, reference.Path(s.ref.ref), info.Digest.String()) + path := fmt.Sprintf(blobsPath, reference.Path(s.physicalRef.ref), info.Digest.String()) logrus.Debugf("Downloading %s", path) res, err := s.c.makeRequest(ctx, "GET", path, nil, nil, v2Auth, nil) if err != nil { @@ -280,7 +282,7 @@ func (s *dockerImageSource) GetBlob(ctx context.Context, info types.BlobInfo, ca if err := httpResponseToError(res, "Error fetching blob"); err != nil { return nil, 0, err } - cache.RecordKnownLocation(s.ref.Transport(), bicTransportScope(s.ref), info.Digest, newBICLocationReference(s.ref)) + cache.RecordKnownLocation(s.physicalRef.Transport(), bicTransportScope(s.physicalRef), info.Digest, newBICLocationReference(s.physicalRef)) return res.Body, getBlobSize(res), nil } @@ -308,7 +310,7 @@ func (s *dockerImageSource) manifestDigest(ctx context.Context, instanceDigest * if instanceDigest != nil { return *instanceDigest, nil } - if digested, ok := s.ref.ref.(reference.Digested); ok { + if digested, ok := s.physicalRef.ref.(reference.Digested); ok { d := digested.Digest() if d.Algorithm() == digest.Canonical { return d, nil @@ -398,7 +400,7 @@ func (s *dockerImageSource) getSignaturesFromAPIExtension(ctx context.Context, i return nil, err } - parsedBody, err := s.c.getExtensionsSignatures(ctx, s.ref, manifestDigest) + parsedBody, err := s.c.getExtensionsSignatures(ctx, s.physicalRef, manifestDigest) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go b/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go index c234576425b..c4d42f3eb77 100644 --- a/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go +++ b/vendor/github.com/containers/image/v5/internal/pkg/platform/platform_matcher.go @@ -115,12 +115,23 @@ func getCPUVariant(os string, arch string) string { return "" } +// compatibility contains, for a specified architecture, a list of known variants, in the +// order from most capable (most restrictive) to least capable (most compatible). +// Architectures that don’t have variants should not have an entry here. var compatibility = map[string][]string{ - "arm": {"v7", "v6", "v5"}, + "arm": {"v8", "v7", "v6", "v5"}, "arm64": {"v8"}, } -// Returns all compatible platforms with the platform specifics possibly overriden by user, +// baseVariants contains, for a specified architecture, a variant that is known to be +// supported by _all_ machines using that architecture. +// Architectures that don’t have variants, or where there are possible versions without +// an established variant name, should not have an entry here. +var baseVariants = map[string]string{ + "arm64": "v8", +} + +// WantedPlatforms returns all compatible platforms with the platform specifics possibly overriden by user, // the most compatible platform is first. // If some option (arch, os, variant) is not present, a value from current platform is detected. func WantedPlatforms(ctx *types.SystemContext) ([]imgspecv1.Platform, error) { @@ -145,59 +156,45 @@ func WantedPlatforms(ctx *types.SystemContext) ([]imgspecv1.Platform, error) { wantedOS = ctx.OSChoice } - var wantedPlatforms []imgspecv1.Platform - if wantedVariant != "" && compatibility[wantedArch] != nil { - wantedPlatforms = make([]imgspecv1.Platform, 0, len(compatibility[wantedArch])) - wantedIndex := -1 - for i, v := range compatibility[wantedArch] { - if wantedVariant == v { - wantedIndex = i - break + var variants []string = nil + if wantedVariant != "" { + if compatibility[wantedArch] != nil { + variantOrder := compatibility[wantedArch] + for i, v := range variantOrder { + if wantedVariant == v { + variants = variantOrder[i:] + break + } } } - // user wants a variant which we know nothing about - not even compatibility - if wantedIndex == -1 { - wantedPlatforms = []imgspecv1.Platform{ - { - OS: wantedOS, - Architecture: wantedArch, - Variant: wantedVariant, - }, - } - } else { - for i := wantedIndex; i < len(compatibility[wantedArch]); i++ { - v := compatibility[wantedArch][i] - wantedPlatforms = append(wantedPlatforms, imgspecv1.Platform{ - OS: wantedOS, - Architecture: wantedArch, - Variant: v, - }) - } + if variants == nil { + // user wants a variant which we know nothing about - not even compatibility + variants = []string{wantedVariant} } + variants = append(variants, "") } else { - wantedPlatforms = []imgspecv1.Platform{ - { - OS: wantedOS, - Architecture: wantedArch, - Variant: wantedVariant, - }, + variants = append(variants, "") // No variant specified, use a “no variant specified” image if present + if baseVariant, ok := baseVariants[wantedArch]; ok { + // But also accept an image with the “base” variant for the architecture, if it exists. + variants = append(variants, baseVariant) } } - return wantedPlatforms, nil + res := make([]imgspecv1.Platform, 0, len(variants)) + for _, v := range variants { + res = append(res, imgspecv1.Platform{ + OS: wantedOS, + Architecture: wantedArch, + Variant: v, + }) + } + return res, nil } +// MatchesPlatform returns true if a platform descriptor from a multi-arch image matches +// an item from the return value of WantedPlatforms. func MatchesPlatform(image imgspecv1.Platform, wanted imgspecv1.Platform) bool { - if image.Architecture != wanted.Architecture { - return false - } - if image.OS != wanted.OS { - return false - } - - if wanted.Variant == "" || image.Variant == wanted.Variant { - return true - } - - return false + return image.Architecture == wanted.Architecture && + image.OS == wanted.OS && + image.Variant == wanted.Variant } diff --git a/vendor/github.com/containers/image/v5/internal/uploadreader/upload_reader.go b/vendor/github.com/containers/image/v5/internal/uploadreader/upload_reader.go new file mode 100644 index 00000000000..6aa9ead68f7 --- /dev/null +++ b/vendor/github.com/containers/image/v5/internal/uploadreader/upload_reader.go @@ -0,0 +1,61 @@ +package uploadreader + +import ( + "io" + "sync" +) + +// UploadReader is a pass-through reader for use in sending non-trivial data using the net/http +// package (http.NewRequest, http.Post and the like). +// +// The net/http package uses a separate goroutine to upload data to a HTTP connection, +// and it is possible for the server to return a response (typically an error) before consuming +// the full body of the request. In that case http.Client.Do can return with an error while +// the body is still being read — regardless of of the cancellation, if any, of http.Request.Context(). +// +// As a result, any data used/updated by the io.Reader() provided as the request body may be +// used/updated even after http.Client.Do returns, causing races. +// +// To fix this, UploadReader provides a synchronized Terminate() method, which can block for +// a not-completely-negligible time (for a duration of the underlying Read()), but guarantees that +// after Terminate() returns, the underlying reader is never used any more (unlike calling +// the cancellation callback of context.WithCancel, which returns before any recipients may have +// reacted to the cancellation). +type UploadReader struct { + mutex sync.Mutex + // The following members can only be used with mutex held + reader io.Reader + terminationError error // nil if not terminated yet +} + +// NewUploadReader returns an UploadReader for an "underlying" reader. +func NewUploadReader(underlying io.Reader) *UploadReader { + return &UploadReader{ + reader: underlying, + terminationError: nil, + } +} + +// Read returns the error set by Terminate, if any, or calls the underlying reader. +// It is safe to call this from a different goroutine than Terminate. +func (ur *UploadReader) Read(p []byte) (int, error) { + ur.mutex.Lock() + defer ur.mutex.Unlock() + + if ur.terminationError != nil { + return 0, ur.terminationError + } + return ur.reader.Read(p) +} + +// Terminate waits for in-progress Read calls, if any, to finish, and ensures that after +// this function returns, any Read calls will fail with the provided error, and the underlying +// reader will never be used any more. +// +// It is safe to call this from a different goroutine than Read. +func (ur *UploadReader) Terminate(err error) { + ur.mutex.Lock() // May block for some time if ur.reader.Read() is in progress + defer ur.mutex.Unlock() + + ur.terminationError = err +} diff --git a/vendor/github.com/containers/image/v5/manifest/common.go b/vendor/github.com/containers/image/v5/manifest/common.go new file mode 100644 index 00000000000..fa2b39e0ea3 --- /dev/null +++ b/vendor/github.com/containers/image/v5/manifest/common.go @@ -0,0 +1,118 @@ +package manifest + +import ( + "fmt" + + "github.com/containers/image/v5/pkg/compression" + "github.com/containers/image/v5/types" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" +) + +// dupStringSlice returns a deep copy of a slice of strings, or nil if the +// source slice is empty. +func dupStringSlice(list []string) []string { + if len(list) == 0 { + return nil + } + dup := make([]string, len(list)) + copy(dup, list) + return dup +} + +// dupStringStringMap returns a deep copy of a map[string]string, or nil if the +// passed-in map is nil or has no keys. +func dupStringStringMap(m map[string]string) map[string]string { + if len(m) == 0 { + return nil + } + result := make(map[string]string) + for k, v := range m { + result[k] = v + } + return result +} + +// layerInfosToStrings converts a list of layer infos, presumably obtained from a Manifest.LayerInfos() +// method call, into a format suitable for inclusion in a types.ImageInspectInfo structure. +func layerInfosToStrings(infos []LayerInfo) []string { + layers := make([]string, len(infos)) + for i, info := range infos { + layers[i] = info.Digest.String() + } + return layers +} + +// compressionMIMETypeSet describes a set of MIME type “variants” that represent differently-compressed +// versions of “the same kind of content”. +// The map key is the return value of compression.Algorithm.Name(), or mtsUncompressed; +// the map value is a MIME type, or mtsUnsupportedMIMEType to mean "recognized but unsupported". +type compressionMIMETypeSet map[string]string + +const mtsUncompressed = "" // A key in compressionMIMETypeSet for the uncompressed variant +const mtsUnsupportedMIMEType = "" // A value in compressionMIMETypeSet that means “recognized but unsupported” + +// compressionVariantMIMEType returns a variant of mimeType for the specified algorithm (which may be nil +// to mean "no compression"), based on variantTable. +func compressionVariantMIMEType(variantTable []compressionMIMETypeSet, mimeType string, algorithm *compression.Algorithm) (string, error) { + if mimeType == mtsUnsupportedMIMEType { // Prevent matching against the {algo:mtsUnsupportedMIMEType} entries + return "", fmt.Errorf("cannot update unknown MIME type") + } + for _, variants := range variantTable { + for _, mt := range variants { + if mt == mimeType { // Found the variant + name := mtsUncompressed + if algorithm != nil { + name = algorithm.Name() + } + if res, ok := variants[name]; ok { + if res != mtsUnsupportedMIMEType { + return res, nil + } + if name != mtsUncompressed { + return "", fmt.Errorf("%s compression is not supported", name) + } + return "", errors.New("uncompressed variant is not supported") + } + if name != mtsUncompressed { + return "", fmt.Errorf("unknown compression algorithm %s", name) + } + // We can't very well say “the idea of no compression is unknown” + return "", errors.New("uncompressed variant is not supported") + } + } + } + if algorithm != nil { + return "", fmt.Errorf("unsupported MIME type for compression: %s", mimeType) + } + return "", fmt.Errorf("unsupported MIME type for decompression: %s", mimeType) +} + +// updatedMIMEType returns the result of applying edits in updated (MediaType, CompressionOperation) to +// mimeType, based on variantTable. It may use updated.Digest for error messages. +func updatedMIMEType(variantTable []compressionMIMETypeSet, mimeType string, updated types.BlobInfo) (string, error) { + // Note that manifests in containers-storage might be reporting the + // wrong media type since the original manifests are stored while layers + // are decompressed in storage. Hence, we need to consider the case + // that an already {de}compressed layer should be {de}compressed; + // compressionVariantMIMEType does that by not caring whether the original is + // {de}compressed. + switch updated.CompressionOperation { + case types.PreserveOriginal: + // Keep the original media type. + return mimeType, nil + + case types.Decompress: + return compressionVariantMIMEType(variantTable, mimeType, nil) + + case types.Compress: + if updated.CompressionAlgorithm == nil { + logrus.Debugf("Error preparing updated manifest: blob %q was compressed but does not specify by which algorithm: falling back to use the original blob", updated.Digest) + return mimeType, nil + } + return compressionVariantMIMEType(variantTable, mimeType, updated.CompressionAlgorithm) + + default: + return "", fmt.Errorf("unknown compression operation (%d)", updated.CompressionOperation) + } +} diff --git a/vendor/github.com/containers/image/v5/manifest/docker_schema2.go b/vendor/github.com/containers/image/v5/manifest/docker_schema2.go index ff0780fe317..8d8bb9e01bd 100644 --- a/vendor/github.com/containers/image/v5/manifest/docker_schema2.go +++ b/vendor/github.com/containers/image/v5/manifest/docker_schema2.go @@ -10,7 +10,6 @@ import ( "github.com/containers/image/v5/types" "github.com/opencontainers/go-digest" "github.com/pkg/errors" - "github.com/sirupsen/logrus" ) // Schema2Descriptor is a “descriptor” in docker/distribution schema 2. @@ -213,26 +212,17 @@ func (m *Schema2) LayerInfos() []LayerInfo { return blobs } -// isSchema2ForeignLayer is a convenience wrapper to check if a given mime type -// is a compressed or decompressed schema 2 foreign layer. -func isSchema2ForeignLayer(mimeType string) bool { - switch mimeType { - case DockerV2Schema2ForeignLayerMediaType, DockerV2Schema2ForeignLayerMediaTypeGzip: - return true - default: - return false - } -} - -// isSchema2Layer is a convenience wrapper to check if a given mime type is a -// compressed or decompressed schema 2 layer. -func isSchema2Layer(mimeType string) bool { - switch mimeType { - case DockerV2SchemaLayerMediaTypeUncompressed, DockerV2Schema2LayerMediaType: - return true - default: - return false - } +var schema2CompressionMIMETypeSets = []compressionMIMETypeSet{ + { + mtsUncompressed: DockerV2Schema2ForeignLayerMediaType, + compression.Gzip.Name(): DockerV2Schema2ForeignLayerMediaTypeGzip, + compression.Zstd.Name(): mtsUnsupportedMIMEType, + }, + { + mtsUncompressed: DockerV2SchemaLayerMediaTypeUncompressed, + compression.Gzip.Name(): DockerV2Schema2LayerMediaType, + compression.Zstd.Name(): mtsUnsupportedMIMEType, + }, } // UpdateLayerInfos replaces the original layers with the specified BlobInfos (size+digest+urls), in order (the root layer first, and then successive layered layers) @@ -243,67 +233,16 @@ func (m *Schema2) UpdateLayerInfos(layerInfos []types.BlobInfo) error { original := m.LayersDescriptors m.LayersDescriptors = make([]Schema2Descriptor, len(layerInfos)) for i, info := range layerInfos { + mimeType := original[i].MediaType // First make sure we support the media type of the original layer. - if err := SupportedSchema2MediaType(original[i].MediaType); err != nil { - return fmt.Errorf("Error preparing updated manifest: unknown media type of original layer: %q", original[i].MediaType) + if err := SupportedSchema2MediaType(mimeType); err != nil { + return fmt.Errorf("Error preparing updated manifest: unknown media type of original layer %q: %q", info.Digest, mimeType) } - - // Set the correct media types based on the specified compression - // operation, the desired compression algorithm AND the original media - // type. - // - // Note that manifests in containers-storage might be reporting the - // wrong media type since the original manifests are stored while layers - // are decompressed in storage. Hence, we need to consider the case - // that an already {de}compressed layer should be {de}compressed, which - // is being addressed in `isSchema2{Foreign}Layer`. - switch info.CompressionOperation { - case types.PreserveOriginal: - // Keep the original media type. - m.LayersDescriptors[i].MediaType = original[i].MediaType - - case types.Decompress: - // Decompress the original media type and check if it was - // non-distributable one or not. - mimeType := original[i].MediaType - switch { - case isSchema2ForeignLayer(mimeType): - m.LayersDescriptors[i].MediaType = DockerV2Schema2ForeignLayerMediaType - case isSchema2Layer(mimeType): - m.LayersDescriptors[i].MediaType = DockerV2SchemaLayerMediaTypeUncompressed - default: - return fmt.Errorf("Error preparing updated manifest: unsupported media type for decompression: %q", original[i].MediaType) - } - - case types.Compress: - if info.CompressionAlgorithm == nil { - logrus.Debugf("Preparing updated manifest: blob %q was compressed but does not specify by which algorithm: falling back to use the original blob", info.Digest) - m.LayersDescriptors[i].MediaType = original[i].MediaType - break - } - // Compress the original media type and set the new one based on - // that type (distributable or not) and the specified compression - // algorithm. Throw an error if the algorithm is not supported. - switch info.CompressionAlgorithm.Name() { - case compression.Gzip.Name(): - mimeType := original[i].MediaType - switch { - case isSchema2ForeignLayer(mimeType): - m.LayersDescriptors[i].MediaType = DockerV2Schema2ForeignLayerMediaTypeGzip - case isSchema2Layer(mimeType): - m.LayersDescriptors[i].MediaType = DockerV2Schema2LayerMediaType - default: - return fmt.Errorf("Error preparing updated manifest: unsupported media type for compression: %q", original[i].MediaType) - } - case compression.Zstd.Name(): - return fmt.Errorf("Error preparing updated manifest: zstd compression is not supported for docker images") - default: - return fmt.Errorf("Error preparing updated manifest: unknown compression algorithm %q for layer %q", info.CompressionAlgorithm.Name(), info.Digest) - } - - default: - return fmt.Errorf("Error preparing updated manifest: unknown compression operation (%d) for layer %q", info.CompressionOperation, info.Digest) + mimeType, err := updatedMIMEType(schema2CompressionMIMETypeSets, mimeType, info) + if err != nil { + return errors.Wrapf(err, "Error preparing updated manifest, layer %q", info.Digest) } + m.LayersDescriptors[i].MediaType = mimeType m.LayersDescriptors[i].Digest = info.Digest m.LayersDescriptors[i].Size = info.Size m.LayersDescriptors[i].URLs = info.URLs diff --git a/vendor/github.com/containers/image/v5/manifest/docker_schema2_list.go b/vendor/github.com/containers/image/v5/manifest/docker_schema2_list.go index 5f96a981a19..bfedff69c60 100644 --- a/vendor/github.com/containers/image/v5/manifest/docker_schema2_list.go +++ b/vendor/github.com/containers/image/v5/manifest/docker_schema2_list.go @@ -107,7 +107,7 @@ func (list *Schema2List) ChooseInstance(ctx *types.SystemContext) (digest.Digest } } } - return "", fmt.Errorf("no image found in manifest list for architecture %s, variant %s, OS %s", wantedPlatforms[0].Architecture, wantedPlatforms[0].Variant, wantedPlatforms[0].OS) + return "", fmt.Errorf("no image found in manifest list for architecture %s, variant %q, OS %s", wantedPlatforms[0].Architecture, wantedPlatforms[0].Variant, wantedPlatforms[0].OS) } // Serialize returns the list in a blob format. diff --git a/vendor/github.com/containers/image/v5/manifest/list.go b/vendor/github.com/containers/image/v5/manifest/list.go index c7d741dc2f9..58982597e6e 100644 --- a/vendor/github.com/containers/image/v5/manifest/list.go +++ b/vendor/github.com/containers/image/v5/manifest/list.go @@ -59,30 +59,6 @@ type ListUpdate struct { MediaType string } -// dupStringSlice returns a deep copy of a slice of strings, or nil if the -// source slice is empty. -func dupStringSlice(list []string) []string { - if len(list) == 0 { - return nil - } - dup := make([]string, len(list)) - copy(dup, list) - return dup -} - -// dupStringStringMap returns a deep copy of a map[string]string, or nil if the -// passed-in map is nil or has no keys. -func dupStringStringMap(m map[string]string) map[string]string { - if len(m) == 0 { - return nil - } - result := make(map[string]string) - for k, v := range m { - result[k] = v - } - return result -} - // ListFromBlob parses a list of manifests. func ListFromBlob(manifest []byte, manifestMIMEType string) (List, error) { normalized := NormalizedMIMEType(manifestMIMEType) diff --git a/vendor/github.com/containers/image/v5/manifest/manifest.go b/vendor/github.com/containers/image/v5/manifest/manifest.go index 033b8d95136..7b07588730d 100644 --- a/vendor/github.com/containers/image/v5/manifest/manifest.go +++ b/vendor/github.com/containers/image/v5/manifest/manifest.go @@ -256,13 +256,3 @@ func FromBlob(manblob []byte, mt string) (Manifest, error) { // Note that this may not be reachable, NormalizedMIMEType has a default for unknown values. return nil, fmt.Errorf("Unimplemented manifest MIME type %s (normalized as %s)", mt, nmt) } - -// layerInfosToStrings converts a list of layer infos, presumably obtained from a Manifest.LayerInfos() -// method call, into a format suitable for inclusion in a types.ImageInspectInfo structure. -func layerInfosToStrings(infos []LayerInfo) []string { - layers := make([]string, len(infos)) - for i, info := range infos { - layers[i] = info.Digest.String() - } - return layers -} diff --git a/vendor/github.com/containers/image/v5/manifest/oci.go b/vendor/github.com/containers/image/v5/manifest/oci.go index aafe6693bcb..29261459361 100644 --- a/vendor/github.com/containers/image/v5/manifest/oci.go +++ b/vendor/github.com/containers/image/v5/manifest/oci.go @@ -12,7 +12,6 @@ import ( "github.com/opencontainers/image-spec/specs-go" imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" - "github.com/sirupsen/logrus" ) // BlobInfoFromOCI1Descriptor returns a types.BlobInfo based on the input OCI1 descriptor. @@ -95,26 +94,17 @@ func (m *OCI1) LayerInfos() []LayerInfo { return blobs } -// isOCI1NonDistributableLayer is a convenience wrapper to check if a given mime -// type is a compressed or decompressed OCI v1 non-distributable layer. -func isOCI1NonDistributableLayer(mimeType string) bool { - switch mimeType { - case imgspecv1.MediaTypeImageLayerNonDistributable, imgspecv1.MediaTypeImageLayerNonDistributableGzip, imgspecv1.MediaTypeImageLayerNonDistributableZstd: - return true - default: - return false - } -} - -// isOCI1Layer is a convenience wrapper to check if a given mime type is a -// compressed or decompressed OCI v1 layer. -func isOCI1Layer(mimeType string) bool { - switch mimeType { - case imgspecv1.MediaTypeImageLayer, imgspecv1.MediaTypeImageLayerGzip, imgspecv1.MediaTypeImageLayerZstd: - return true - default: - return false - } +var oci1CompressionMIMETypeSets = []compressionMIMETypeSet{ + { + mtsUncompressed: imgspecv1.MediaTypeImageLayerNonDistributable, + compression.Gzip.Name(): imgspecv1.MediaTypeImageLayerNonDistributableGzip, + compression.Zstd.Name(): imgspecv1.MediaTypeImageLayerNonDistributableZstd, + }, + { + mtsUncompressed: imgspecv1.MediaTypeImageLayer, + compression.Gzip.Name(): imgspecv1.MediaTypeImageLayerGzip, + compression.Zstd.Name(): imgspecv1.MediaTypeImageLayerZstd, + }, } // UpdateLayerInfos replaces the original layers with the specified BlobInfos (size+digest+urls+mediatype), in order (the root layer first, and then successive layered layers) @@ -133,79 +123,19 @@ func (m *OCI1) UpdateLayerInfos(layerInfos []types.BlobInfo) error { } mimeType = decMimeType } - - // Set the correct media types based on the specified compression - // operation, the desired compression algorithm AND the original media - // type. - // - // Note that manifests in containers-storage might be reporting the - // wrong media type since the original manifests are stored while layers - // are decompressed in storage. Hence, we need to consider the case - // that an already {de}compressed layer should be {de}compressed, which - // is being addressed in `isSchema2{Foreign}Layer`. - switch info.CompressionOperation { - case types.PreserveOriginal: - // Keep the original media type. - m.Layers[i].MediaType = mimeType - - case types.Decompress: - // Decompress the original media type and check if it was - // non-distributable one or not. - switch { - case isOCI1NonDistributableLayer(mimeType): - m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerNonDistributable - case isOCI1Layer(mimeType): - m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayer - default: - return fmt.Errorf("Error preparing updated manifest: unsupported media type for decompression: %q", mimeType) - } - - case types.Compress: - if info.CompressionAlgorithm == nil { - logrus.Debugf("Error preparing updated manifest: blob %q was compressed but does not specify by which algorithm: falling back to use the original blob", info.Digest) - m.Layers[i].MediaType = mimeType - break - } - // Compress the original media type and set the new one based on - // that type (distributable or not) and the specified compression - // algorithm. Throw an error if the algorithm is not supported. - switch info.CompressionAlgorithm.Name() { - case compression.Gzip.Name(): - switch { - case isOCI1NonDistributableLayer(mimeType): - m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerNonDistributableGzip - case isOCI1Layer(mimeType): - m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerGzip - default: - return fmt.Errorf("Error preparing updated manifest: unsupported media type for compression: %q", mimeType) - } - - case compression.Zstd.Name(): - switch { - case isOCI1NonDistributableLayer(mimeType): - m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerNonDistributableZstd - case isOCI1Layer(mimeType): - m.Layers[i].MediaType = imgspecv1.MediaTypeImageLayerZstd - default: - return fmt.Errorf("Error preparing updated manifest: unsupported media type for compression: %q", mimeType) - } - - default: - return fmt.Errorf("Error preparing updated manifest: unknown compression algorithm %q for layer %q", info.CompressionAlgorithm.Name(), info.Digest) - } - - default: - return fmt.Errorf("Error preparing updated manifest: unknown compression operation (%d) for layer %q", info.CompressionOperation, info.Digest) + mimeType, err := updatedMIMEType(oci1CompressionMIMETypeSets, mimeType, info) + if err != nil { + return errors.Wrapf(err, "Error preparing updated manifest, layer %q", info.Digest) } - if info.CryptoOperation == types.Encrypt { - encMediaType, err := getEncryptedMediaType(m.Layers[i].MediaType) + encMediaType, err := getEncryptedMediaType(mimeType) if err != nil { - return fmt.Errorf("error preparing updated manifest: encryption specified but no counterpart for mediatype: %q", m.Layers[i].MediaType) + return fmt.Errorf("error preparing updated manifest: encryption specified but no counterpart for mediatype: %q", mimeType) } - m.Layers[i].MediaType = encMediaType + mimeType = encMediaType } + m.Layers[i].MediaType = mimeType m.Layers[i].Digest = info.Digest m.Layers[i].Size = info.Size m.Layers[i].Annotations = info.Annotations @@ -242,7 +172,7 @@ func (m *OCI1) Inspect(configGetter func(types.BlobInfo) ([]byte, error)) (*type Architecture: v1.Architecture, Os: v1.OS, Layers: layerInfosToStrings(m.LayerInfos()), - Env: d1.Config.Env, + Env: v1.Config.Env, } return i, nil } diff --git a/vendor/github.com/containers/image/v5/manifest/oci_index.go b/vendor/github.com/containers/image/v5/manifest/oci_index.go index 18cc8135c4f..7bdea8fb2d4 100644 --- a/vendor/github.com/containers/image/v5/manifest/oci_index.go +++ b/vendor/github.com/containers/image/v5/manifest/oci_index.go @@ -79,6 +79,9 @@ func (index *OCI1Index) ChooseInstance(ctx *types.SystemContext) (digest.Digest, } for _, wantedPlatform := range wantedPlatforms { for _, d := range index.Manifests { + if d.Platform == nil { + continue + } imagePlatform := imgspecv1.Platform{ Architecture: d.Platform.Architecture, OS: d.Platform.OS, @@ -97,7 +100,7 @@ func (index *OCI1Index) ChooseInstance(ctx *types.SystemContext) (digest.Digest, return d.Digest, nil } } - return "", fmt.Errorf("no image found in image index for architecture %s, variant %s, OS %s", wantedPlatforms[0].Architecture, wantedPlatforms[0].Variant, wantedPlatforms[0].OS) + return "", fmt.Errorf("no image found in image index for architecture %s, variant %q, OS %s", wantedPlatforms[0].Architecture, wantedPlatforms[0].Variant, wantedPlatforms[0].OS) } // Serialize returns the index in a blob format. diff --git a/vendor/github.com/containers/image/v5/oci/layout/oci_dest.go b/vendor/github.com/containers/image/v5/oci/layout/oci_dest.go index fb0449ca528..48a32315bb9 100644 --- a/vendor/github.com/containers/image/v5/oci/layout/oci_dest.go +++ b/vendor/github.com/containers/image/v5/oci/layout/oci_dest.go @@ -279,7 +279,7 @@ func (d *ociImageDestination) addManifest(desc *imgspecv1.Descriptor) { // If it has the same digest as another entry in the index, we already overwrote the file, // so just pick up the other information. for i, manifest := range d.index.Manifests { - if manifest.Digest == desc.Digest { + if manifest.Digest == desc.Digest && manifest.Annotations[imgspecv1.AnnotationRefName] == "" { // Replace it completely. d.index.Manifests[i] = *desc return diff --git a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go index dae3eb586d6..ce85af18ae9 100644 --- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go +++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go @@ -7,6 +7,7 @@ import ( "io/ioutil" "os" "path/filepath" + "runtime" "strings" "github.com/containers/image/v5/types" @@ -37,7 +38,12 @@ var ( xdgRuntimeDirPath = filepath.FromSlash("containers/auth.json") dockerHomePath = filepath.FromSlash(".docker/config.json") dockerLegacyHomePath = ".dockercfg" + nonLinuxAuthFilePath = filepath.FromSlash(".config/containers/auth.json") + // Note that the keyring support has been disabled as it was causing + // regressions. Before enabling, please revisit TODO(keyring) comments + // which need to be addressed if the need remerged to support the + // kernel keyring. enableKeyring = false // ErrNotLoggedIn is returned for users not logged into a registry @@ -73,6 +79,70 @@ func SetAuthentication(sys *types.SystemContext, registry, username, password st }) } +// GetAllCredentials returns the registry credentials for all registries stored +// in either the auth.json file or the docker/config.json. +func GetAllCredentials(sys *types.SystemContext) (map[string]types.DockerAuthConfig, error) { + // Note: we need to read the auth files in the inverse order to prevent + // a priority inversion when writing to the map. + authConfigs := make(map[string]types.DockerAuthConfig) + paths := getAuthFilePaths(sys) + for i := len(paths) - 1; i >= 0; i-- { + path := paths[i] + // readJSONFile returns an empty map in case the path doesn't exist. + auths, err := readJSONFile(path.path, path.legacyFormat) + if err != nil { + return nil, errors.Wrapf(err, "error reading JSON file %q", path.path) + } + + for registry, data := range auths.AuthConfigs { + conf, err := decodeDockerAuth(data) + if err != nil { + return nil, err + } + authConfigs[normalizeRegistry(registry)] = conf + } + + // Credential helpers may override credentials from the auth file. + for registry, credHelper := range auths.CredHelpers { + username, password, err := getAuthFromCredHelper(credHelper, registry) + if err != nil { + if credentials.IsErrCredentialsNotFoundMessage(err.Error()) { + continue + } + return nil, err + } + + conf := types.DockerAuthConfig{Username: username, Password: password} + authConfigs[normalizeRegistry(registry)] = conf + } + } + + // TODO(keyring): if we ever reenable the keyring support, we had to + // query all credentials from the keyring here. + + return authConfigs, nil +} + +// getAuthFilePaths returns a slice of authPaths based on the system context +// in the order they should be searched. Note that some paths may not exist. +func getAuthFilePaths(sys *types.SystemContext) []authPath { + paths := []authPath{} + pathToAuth, lf, err := getPathToAuth(sys) + if err == nil { + paths = append(paths, authPath{path: pathToAuth, legacyFormat: lf}) + } else { + // Error means that the path set for XDG_RUNTIME_DIR does not exist + // but we don't want to completely fail in the case that the user is pulling a public image + // Logging the error as a warning instead and moving on to pulling the image + logrus.Warnf("%v: Trying to pull image in the event that it is a public image.", err) + } + paths = append(paths, + authPath{path: filepath.Join(homedir.Get(), dockerHomePath), legacyFormat: false}, + authPath{path: filepath.Join(homedir.Get(), dockerLegacyHomePath), legacyFormat: true}, + ) + return paths +} + // GetCredentials returns the registry credentials stored in either auth.json // file or .docker/config.json, including support for OAuth2 and IdentityToken. // If an entry is not found, an empty struct is returned. @@ -93,21 +163,7 @@ func GetCredentials(sys *types.SystemContext, registry string) (types.DockerAuth } } - paths := []authPath{} - pathToAuth, lf, err := getPathToAuth(sys) - if err == nil { - paths = append(paths, authPath{path: pathToAuth, legacyFormat: lf}) - } else { - // Error means that the path set for XDG_RUNTIME_DIR does not exist - // but we don't want to completely fail in the case that the user is pulling a public image - // Logging the error as a warning instead and moving on to pulling the image - logrus.Warnf("%v: Trying to pull image in the event that it is a public image.", err) - } - paths = append(paths, - authPath{path: filepath.Join(homedir.Get(), dockerHomePath), legacyFormat: false}, - authPath{path: filepath.Join(homedir.Get(), dockerLegacyHomePath), legacyFormat: true}) - - for _, path := range paths { + for _, path := range getAuthFilePaths(sys) { authConfig, err := findAuthentication(registry, path.path, path.legacyFormat) if err != nil { logrus.Debugf("Credentials not found") @@ -189,10 +245,8 @@ func RemoveAllAuthentication(sys *types.SystemContext) error { }) } -// getPath gets the path of the auth.json file -// The path can be overriden by the user if the overwrite-path flag is set -// If the flag is not set and XDG_RUNTIME_DIR is set, the auth.json file is saved in XDG_RUNTIME_DIR/containers -// Otherwise, the auth.json file is stored in /run/containers/UID +// getPathToAuth gets the path of the auth.json file used for reading and writting credentials +// returns the path, and a bool specifies whether the file is in legacy format func getPathToAuth(sys *types.SystemContext) (string, bool, error) { if sys != nil { if sys.AuthFilePath != "" { @@ -205,6 +259,9 @@ func getPathToAuth(sys *types.SystemContext) (string, bool, error) { return filepath.Join(sys.RootForImplicitAbsolutePaths, fmt.Sprintf(defaultPerUIDPathFormat, os.Getuid())), false, nil } } + if runtime.GOOS == "windows" || runtime.GOOS == "darwin" { + return filepath.Join(homedir.Get(), nonLinuxAuthFilePath), false, nil + } runtimeDir := os.Getenv("XDG_RUNTIME_DIR") if runtimeDir != "" { @@ -248,6 +305,13 @@ func readJSONFile(path string, legacyFormat bool) (dockerConfigFile, error) { return dockerConfigFile{}, errors.Wrapf(err, "error unmarshaling JSON at %q", path) } + if auths.AuthConfigs == nil { + auths.AuthConfigs = map[string]dockerAuthConfig{} + } + if auths.CredHelpers == nil { + auths.CredHelpers = make(map[string]string) + } + return auths, nil } @@ -257,17 +321,15 @@ func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) ( if err != nil { return err } + if legacyFormat { + return fmt.Errorf("writes to %s using legacy format are not supported", path) + } dir := filepath.Dir(path) - if _, err := os.Stat(dir); os.IsNotExist(err) { - if err = os.MkdirAll(dir, 0700); err != nil { - return errors.Wrapf(err, "error creating directory %q", dir) - } + if err = os.MkdirAll(dir, 0700); err != nil { + return err } - if legacyFormat { - return fmt.Errorf("writes to %s using legacy format are not supported", path) - } auths, err := readJSONFile(path, false) if err != nil { return errors.Wrapf(err, "error reading JSON file %q", path) diff --git a/vendor/github.com/containers/image/v5/signature/policy_config.go b/vendor/github.com/containers/image/v5/signature/policy_config.go index 3eee70bc2aa..72fcf618a7b 100644 --- a/vendor/github.com/containers/image/v5/signature/policy_config.go +++ b/vendor/github.com/containers/image/v5/signature/policy_config.go @@ -17,11 +17,13 @@ import ( "encoding/json" "fmt" "io/ioutil" + "os" "path/filepath" "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/transports" "github.com/containers/image/v5/types" + "github.com/containers/storage/pkg/homedir" "github.com/pkg/errors" ) @@ -34,6 +36,9 @@ var systemDefaultPolicyPath = builtinDefaultPolicyPath // DO NOT change this, instead see systemDefaultPolicyPath above. const builtinDefaultPolicyPath = "/etc/containers/policy.json" +// userPolicyFile is the path to the per user policy path. +var userPolicyFile = filepath.FromSlash(".config/containers/policy.json") + // InvalidPolicyFormatError is returned when parsing an invalid policy configuration. type InvalidPolicyFormatError string @@ -53,13 +58,15 @@ func DefaultPolicy(sys *types.SystemContext) (*Policy, error) { // defaultPolicyPath returns a path to the default policy of the system. func defaultPolicyPath(sys *types.SystemContext) string { - if sys != nil { - if sys.SignaturePolicyPath != "" { - return sys.SignaturePolicyPath - } - if sys.RootForImplicitAbsolutePaths != "" { - return filepath.Join(sys.RootForImplicitAbsolutePaths, systemDefaultPolicyPath) - } + if sys != nil && sys.SignaturePolicyPath != "" { + return sys.SignaturePolicyPath + } + userPolicyFilePath := filepath.Join(homedir.Get(), userPolicyFile) + if _, err := os.Stat(userPolicyFilePath); err == nil { + return userPolicyFilePath + } + if sys != nil && sys.RootForImplicitAbsolutePaths != "" { + return filepath.Join(sys.RootForImplicitAbsolutePaths, systemDefaultPolicyPath) } return systemDefaultPolicyPath } diff --git a/vendor/github.com/containers/image/v5/types/types.go b/vendor/github.com/containers/image/v5/types/types.go index d469e03b534..4f624cf33c0 100644 --- a/vendor/github.com/containers/image/v5/types/types.go +++ b/vendor/github.com/containers/image/v5/types/types.go @@ -604,6 +604,10 @@ const ( // ProgressEventDone is fired when the data transfer has been finished for // the specific artifact ProgressEventDone + + // ProgressEventSkipped is fired when the artifact has been skipped because + // its already available at the destination + ProgressEventSkipped ) // ProgressProperties is used to pass information from the copy code to a monitor which diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index 717c2b1b3bc..114bce3874e 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -6,9 +6,9 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 5 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 4 + VersionMinor = 5 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 3 + VersionPatch = 1 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/vendor/github.com/fsouza/go-dockerclient/.golangci.yaml b/vendor/github.com/fsouza/go-dockerclient/.golangci.yaml index 3a21b76f773..33bc2f8a346 100644 --- a/vendor/github.com/fsouza/go-dockerclient/.golangci.yaml +++ b/vendor/github.com/fsouza/go-dockerclient/.golangci.yaml @@ -25,6 +25,9 @@ linters: - gochecknoglobals - gocognit - goconst + - godot - gomnd - lll + - nestif + - testpackage - wsl diff --git a/vendor/github.com/fsouza/go-dockerclient/.travis.yml b/vendor/github.com/fsouza/go-dockerclient/.travis.yml deleted file mode 100644 index dbd76b17552..00000000000 --- a/vendor/github.com/fsouza/go-dockerclient/.travis.yml +++ /dev/null @@ -1,32 +0,0 @@ -dist: xenial -language: go -go: - - 1.12.x - - 1.13.x - - 1.14rc1 -os: - - linux - - osx - - windows -env: - matrix: - - GOARCH=amd64 - - GOARCH=386 - global: - - GOPROXY=https://proxy.golang.org - - GO111MODULE=on -install: - - travis-scripts/win-setup.bash -script: - - travis_wait 25 travis-scripts/run-tests.bash -services: - - docker -matrix: - fast_finish: true - exclude: - - os: osx - env: GOARCH=386 - - os: osx - env: GOARCH=386 - allow_failures: - - os: windows diff --git a/vendor/github.com/fsouza/go-dockerclient/Makefile b/vendor/github.com/fsouza/go-dockerclient/Makefile index 84e1bfaba0a..bd38394646c 100644 --- a/vendor/github.com/fsouza/go-dockerclient/Makefile +++ b/vendor/github.com/fsouza/go-dockerclient/Makefile @@ -5,6 +5,11 @@ test \ integration + +ifeq "$(strip $(shell go env GOARCH))" "amd64" +RACE_FLAG := -race +endif + all: test lint: @@ -14,7 +19,7 @@ lint: pretest: lint gotest: - go test -race -vet all ./... + go test $(RACE_FLAG) -vet all ./... test: pretest gotest diff --git a/vendor/github.com/fsouza/go-dockerclient/README.md b/vendor/github.com/fsouza/go-dockerclient/README.md index d1128335d73..b44ff79a5ee 100644 --- a/vendor/github.com/fsouza/go-dockerclient/README.md +++ b/vendor/github.com/fsouza/go-dockerclient/README.md @@ -1,8 +1,7 @@ # go-dockerclient -[![Travis Build Status](https://travis-ci.com/fsouza/go-dockerclient.svg?branch=master)](https://travis-ci.com/fsouza/go-dockerclient) -[![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/4yusq1f9dqbicobt?svg=true)](https://ci.appveyor.com/project/fsouza/go-dockerclient) -[![GoDoc](https://img.shields.io/badge/api-Godoc-blue.svg?style=flat-square)](https://pkg.go.dev/github.com/docker/docker/api/types?tab=doc#AuthConfig) +[![Build Status](https://github.com/fsouza/go-dockerclient/workflows/Build/badge.svg)](https://github.com/fsouza/go-dockerclient/actions?query=branch:master+workflow:Build) +[![GoDoc](https://img.shields.io/badge/api-Godoc-blue.svg?style=flat-square)](https://pkg.go.dev/github.com/fsouza/go-dockerclient) This package presents a client for the Docker remote API. It also provides support for the extensions in the [Swarm API](https://docs.docker.com/swarm/swarm-api/). diff --git a/vendor/github.com/fsouza/go-dockerclient/appveyor.yml b/vendor/github.com/fsouza/go-dockerclient/appveyor.yml deleted file mode 100644 index f36478a5d39..00000000000 --- a/vendor/github.com/fsouza/go-dockerclient/appveyor.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: "{build}" -platform: x64 -clone_depth: 2 -clone_folder: c:\gopath\src\github.com\fsouza\go-dockerclient -environment: - GOPATH: c:\gopath - GOPROXY: https://proxy.golang.org - GO111MODULE: on - matrix: - - GOVERSION: "1.12.17" - - GOVERSION: "1.13.8" - - GOVERSION: "1.14rc1" -install: - - choco install make - - set PATH=%GOPATH%\bin;c:\go\bin;%PATH% - - rmdir c:\go /s /q - - appveyor DownloadFile https://storage.googleapis.com/golang/go%GOVERSION%.windows-amd64.zip - - 7z x go%GOVERSION%.windows-amd64.zip -y -oC:\ > NUL -build_script: - - make pretest -test_script: - - make gotest -matrix: - fast_finish: true diff --git a/vendor/github.com/fsouza/go-dockerclient/auth.go b/vendor/github.com/fsouza/go-dockerclient/auth.go index cae2a020f32..ee37a233177 100644 --- a/vendor/github.com/fsouza/go-dockerclient/auth.go +++ b/vendor/github.com/fsouza/go-dockerclient/auth.go @@ -9,7 +9,6 @@ import ( "encoding/base64" "encoding/json" "errors" - "fmt" "io" "io/ioutil" "net/http" @@ -56,10 +55,23 @@ func (c AuthConfigurations) isEmpty() bool { return len(c.Configs) == 0 } -func (c AuthConfigurations) headerKey() string { +func (AuthConfigurations) headerKey() string { return "X-Registry-Config" } +// merge updates the configuration. If a key is defined in both maps, the one +// in c.Configs takes precedence. +func (c *AuthConfigurations) merge(other AuthConfigurations) { + for k, v := range other.Configs { + if c.Configs == nil { + c.Configs = make(map[string]AuthConfiguration) + } + if _, ok := c.Configs[k]; !ok { + c.Configs[k] = v + } + } +} + // AuthConfigurations119 is used to serialize a set of AuthConfigurations // for Docker API >= 1.19. type AuthConfigurations119 map[string]AuthConfiguration @@ -92,36 +104,65 @@ func NewAuthConfigurationsFromFile(path string) (*AuthConfigurations, error) { } func cfgPaths(dockerConfigEnv string, homeEnv string) []string { - var paths []string if dockerConfigEnv != "" { - paths = append(paths, path.Join(dockerConfigEnv, "plaintext-passwords.json")) - paths = append(paths, path.Join(dockerConfigEnv, "config.json")) + return []string{ + path.Join(dockerConfigEnv, "plaintext-passwords.json"), + path.Join(dockerConfigEnv, "config.json"), + } } if homeEnv != "" { - paths = append(paths, path.Join(homeEnv, ".docker", "plaintext-passwords.json")) - paths = append(paths, path.Join(homeEnv, ".docker", "config.json")) - paths = append(paths, path.Join(homeEnv, ".dockercfg")) + return []string{ + path.Join(homeEnv, ".docker", "plaintext-passwords.json"), + path.Join(homeEnv, ".docker", "config.json"), + path.Join(homeEnv, ".dockercfg"), + } } - return paths + return nil } -// NewAuthConfigurationsFromDockerCfg returns AuthConfigurations from -// system config files. The following files are checked in the order listed: -// - $DOCKER_CONFIG/config.json if DOCKER_CONFIG set in the environment, +// NewAuthConfigurationsFromDockerCfg returns AuthConfigurations from system +// config files. The following files are checked in the order listed: +// +// If the environment variable DOCKER_CONFIG is set to a non-empty string: +// +// - $DOCKER_CONFIG/plaintext-passwords.json +// - $DOCKER_CONFIG/config.json +// +// Otherwise, it looks for files in the $HOME directory and the legacy +// location: +// +// - $HOME/.docker/plaintext-passwords.json // - $HOME/.docker/config.json // - $HOME/.dockercfg func NewAuthConfigurationsFromDockerCfg() (*AuthConfigurations, error) { - err := fmt.Errorf("no docker configuration found") - var auths *AuthConfigurations - pathsToTry := cfgPaths(os.Getenv("DOCKER_CONFIG"), os.Getenv("HOME")) + if len(pathsToTry) < 1 { + return nil, errors.New("no docker configuration found") + } + return newAuthConfigurationsFromDockerCfg(pathsToTry) +} + +func newAuthConfigurationsFromDockerCfg(pathsToTry []string) (*AuthConfigurations, error) { + var result *AuthConfigurations + var auths *AuthConfigurations + var err error for _, path := range pathsToTry { auths, err = NewAuthConfigurationsFromFile(path) - if err == nil { - return auths, nil + if err != nil { + continue + } + + if result == nil { + result = auths + } else { + result.merge(*auths) } } - return auths, err + + if result != nil { + return result, nil + } + return result, err } // NewAuthConfigurations returns AuthConfigurations from a JSON encoded string in the diff --git a/vendor/github.com/fsouza/go-dockerclient/client.go b/vendor/github.com/fsouza/go-dockerclient/client.go index 825ba38abba..b176e86bdd8 100644 --- a/vendor/github.com/fsouza/go-dockerclient/client.go +++ b/vendor/github.com/fsouza/go-dockerclient/client.go @@ -87,32 +87,29 @@ func NewAPIVersion(input string) (APIVersion, error) { } func (version APIVersion) String() string { - var str string + parts := make([]string, len(version)) for i, val := range version { - str += strconv.Itoa(val) - if i < len(version)-1 { - str += "." - } + parts[i] = strconv.Itoa(val) } - return str + return strings.Join(parts, ".") } -// LessThan is a function for comparing APIVersion structs +// LessThan is a function for comparing APIVersion structs. func (version APIVersion) LessThan(other APIVersion) bool { return version.compare(other) < 0 } -// LessThanOrEqualTo is a function for comparing APIVersion structs +// LessThanOrEqualTo is a function for comparing APIVersion structs. func (version APIVersion) LessThanOrEqualTo(other APIVersion) bool { return version.compare(other) <= 0 } -// GreaterThan is a function for comparing APIVersion structs +// GreaterThan is a function for comparing APIVersion structs. func (version APIVersion) GreaterThan(other APIVersion) bool { return version.compare(other) > 0 } -// GreaterThanOrEqualTo is a function for comparing APIVersion structs +// GreaterThanOrEqualTo is a function for comparing APIVersion structs. func (version APIVersion) GreaterThanOrEqualTo(other APIVersion) bool { return version.compare(other) >= 0 } @@ -512,7 +509,6 @@ type streamOptions struct { context context.Context } -// if error in context, return that instead of generic http error func chooseError(ctx context.Context, err error) error { select { case <-ctx.Done(): diff --git a/vendor/github.com/fsouza/go-dockerclient/container.go b/vendor/github.com/fsouza/go-dockerclient/container.go index 309955fd50e..d4a4c95f8c5 100644 --- a/vendor/github.com/fsouza/go-dockerclient/container.go +++ b/vendor/github.com/fsouza/go-dockerclient/container.go @@ -341,7 +341,7 @@ type HostMount struct { ReadOnly bool `json:"ReadOnly,omitempty" yaml:"ReadOnly,omitempty" toml:"ReadOnly,omitempty"` BindOptions *BindOptions `json:"BindOptions,omitempty" yaml:"BindOptions,omitempty" toml:"BindOptions,omitempty"` VolumeOptions *VolumeOptions `json:"VolumeOptions,omitempty" yaml:"VolumeOptions,omitempty" toml:"VolumeOptions,omitempty"` - TempfsOptions *TempfsOptions `json:"TempfsOptions,omitempty" yaml:"TempfsOptions,omitempty" toml:"TempfsOptions,omitempty"` + TempfsOptions *TempfsOptions `json:"TmpfsOptions,omitempty" yaml:"TmpfsOptions,omitempty" toml:"TmpfsOptions,omitempty"` } // BindOptions contains optional configuration for the bind type @@ -730,7 +730,7 @@ type Device struct { CgroupPermissions string `json:"CgroupPermissions,omitempty" yaml:"CgroupPermissions,omitempty" toml:"CgroupPermissions,omitempty"` } -// A list of requests for devices to be sent to device drivers +// DeviceRequest represents a request for device that's sent to device drivers. type DeviceRequest struct { Driver string `json:"Driver,omitempty" yaml:"Driver,omitempty" toml:"Driver,omitempty"` Count int `json:"Count,omitempty" yaml:"Count,omitempty" toml:"Count,omitempty"` diff --git a/vendor/github.com/fsouza/go-dockerclient/go.mod b/vendor/github.com/fsouza/go-dockerclient/go.mod index 37ddd03c2b9..cf98b1b6275 100644 --- a/vendor/github.com/fsouza/go-dockerclient/go.mod +++ b/vendor/github.com/fsouza/go-dockerclient/go.mod @@ -4,19 +4,20 @@ go 1.12 require ( github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect - github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 - github.com/Microsoft/hcsshim v0.8.7-0.20191101173118-65519b62243c // indirect + github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 + github.com/Microsoft/hcsshim v0.8.7 // indirect github.com/containerd/containerd v1.3.0 // indirect + github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c // indirect github.com/docker/distribution v2.7.1+incompatible // indirect github.com/docker/docker v1.4.2-0.20191101170500-ac7306503d23 github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.4.0 + github.com/gogo/protobuf v1.3.1 // indirect github.com/google/go-cmp v0.4.0 github.com/gorilla/mux v1.7.4 - github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c // indirect - github.com/opencontainers/go-digest v1.0.0-rc1 // indirect + github.com/morikuni/aec v1.0.0 // indirect github.com/opencontainers/image-spec v1.0.1 // indirect github.com/opencontainers/runc v0.1.1 // indirect golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 - google.golang.org/grpc v1.22.0 // indirect + google.golang.org/grpc v1.27.1 // indirect ) diff --git a/vendor/github.com/fsouza/go-dockerclient/go.sum b/vendor/github.com/fsouza/go-dockerclient/go.sum index 6fcd9b0084a..5c7d610dd36 100644 --- a/vendor/github.com/fsouza/go-dockerclient/go.sum +++ b/vendor/github.com/fsouza/go-dockerclient/go.sum @@ -1,12 +1,16 @@ +bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= -github.com/Microsoft/hcsshim v0.8.7-0.20191101173118-65519b62243c h1:YMP6olTU903X3gxQJckdmiP8/zkSMq4kN3uipsU9XjU= -github.com/Microsoft/hcsshim v0.8.7-0.20191101173118-65519b62243c/go.mod h1:7xhjOwRV2+0HXGmM0jxaEu+ZiXJFoVZOTfL/dmqbrD8= +github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 h1:93nQ7k53GjoMQ07HVP8g6Zj1fQZDDj7Xy2VkNNtvX8o= +github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= +github.com/Microsoft/hcsshim v0.8.7 h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg= +github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f h1:tSNMc+rJDfmYntojat8lljbt1mgKNpTxUZJsSzJ9Y1s= github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko= @@ -16,11 +20,14 @@ github.com/containerd/containerd v1.3.0 h1:xjvXQWABwS2uiv3TWgQt5Uth60Gu86LTGZXMJ github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c h1:8ahmSVELW1wghbjerVAyuEYD5+Dio66RYvSS0iGfL1M= +github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= @@ -31,14 +38,23 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= +github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= @@ -49,12 +65,18 @@ github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FK github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= +github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c h1:nXxl5PrvVm2L/wCy8dQu6DMTwH4oIuGN8GJDAlqDdVE= -github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= +github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= +github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -65,16 +87,24 @@ github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJ github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= +github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= +github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -82,6 +112,7 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo= @@ -92,9 +123,11 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09 h1:KaQtG+aDELoNmXYas3TVkGNYRuq8JQ1aa7LJt8EXVyo= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -105,6 +138,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEha golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -112,9 +146,11 @@ golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 h1:7TYNF4UdlohbFwpNH04CoPMp1cHUZgO1Ebq5r2hIjfo= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -126,10 +162,22 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb h1:i1Ppqkc3WQXikh8bXiwHqAN5Rv3/qDCcRk0/Otx73BY= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.22.0 h1:J0UbZOIrCAl+fpTOf8YLs4dJo8L/owV4LYVtAXQoPkw= -google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/vendor/github.com/fsouza/go-dockerclient/tar.go b/vendor/github.com/fsouza/go-dockerclient/tar.go index 9716a771285..f27a7bbf21f 100644 --- a/vendor/github.com/fsouza/go-dockerclient/tar.go +++ b/vendor/github.com/fsouza/go-dockerclient/tar.go @@ -47,7 +47,7 @@ func createTarStream(srcPath, dockerfilePath string) (io.ReadCloser, error) { } keepThem, err := fileutils.Matches(includeFile, excludes) if err != nil { - return nil, fmt.Errorf("cannot match .dockerfile: '%s', error: %s", includeFile, err) + return nil, fmt.Errorf("cannot match .dockerfileignore: '%s', error: %w", includeFile, err) } if keepThem { includes = append(includes, includeFile) @@ -85,7 +85,7 @@ func validateContextDirectory(srcPath string, excludes []string) error { if err != nil { if os.IsPermission(err) { - return fmt.Errorf("can't stat '%s'", filePath) + return fmt.Errorf("cannot stat %q: %w", filePath, err) } if os.IsNotExist(err) { return nil @@ -101,8 +101,8 @@ func validateContextDirectory(srcPath string, excludes []string) error { if !f.IsDir() { currentFile, err := os.Open(filePath) - if err != nil && os.IsPermission(err) { - return fmt.Errorf("no permission to read from '%s'", filePath) + if err != nil { + return fmt.Errorf("cannot open %q for reading: %w", filePath, err) } currentFile.Close() } @@ -114,7 +114,7 @@ func parseDockerignore(root string) ([]string, error) { var excludes []string ignore, err := ioutil.ReadFile(path.Join(root, ".dockerignore")) if err != nil && !os.IsNotExist(err) { - return excludes, fmt.Errorf("error reading .dockerignore: '%s'", err) + return excludes, fmt.Errorf("error reading .dockerignore: %w", err) } excludes = strings.Split(string(ignore), "\n") diff --git a/vendor/github.com/klauspost/compress/fse/bitreader.go b/vendor/github.com/klauspost/compress/fse/bitreader.go index b9db204f59d..f65eb3909cf 100644 --- a/vendor/github.com/klauspost/compress/fse/bitreader.go +++ b/vendor/github.com/klauspost/compress/fse/bitreader.go @@ -6,6 +6,7 @@ package fse import ( + "encoding/binary" "errors" "io" ) @@ -34,8 +35,12 @@ func (b *bitReader) init(in []byte) error { } b.bitsRead = 64 b.value = 0 - b.fill() - b.fill() + if len(in) >= 8 { + b.fillFastStart() + } else { + b.fill() + b.fill() + } b.bitsRead += 8 - uint8(highBits(uint32(v))) return nil } @@ -63,8 +68,9 @@ func (b *bitReader) fillFast() { if b.bitsRead < 32 { return } - // Do single re-slice to avoid bounds checks. - v := b.in[b.off-4 : b.off] + // 2 bounds checks. + v := b.in[b.off-4:] + v = v[:4] low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) b.value = (b.value << 32) | uint64(low) b.bitsRead -= 32 @@ -77,7 +83,8 @@ func (b *bitReader) fill() { return } if b.off > 4 { - v := b.in[b.off-4 : b.off] + v := b.in[b.off-4:] + v = v[:4] low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) b.value = (b.value << 32) | uint64(low) b.bitsRead -= 32 @@ -91,9 +98,17 @@ func (b *bitReader) fill() { } } +// fillFastStart() assumes the bitreader is empty and there is at least 8 bytes to read. +func (b *bitReader) fillFastStart() { + // Do single re-slice to avoid bounds checks. + b.value = binary.LittleEndian.Uint64(b.in[b.off-8:]) + b.bitsRead = 0 + b.off -= 8 +} + // finished returns true if all bits have been read from the bit stream. func (b *bitReader) finished() bool { - return b.off == 0 && b.bitsRead >= 64 + return b.bitsRead >= 64 && b.off == 0 } // close the bitstream and returns an error if out-of-buffer reads occurred. diff --git a/vendor/github.com/klauspost/compress/fse/bytereader.go b/vendor/github.com/klauspost/compress/fse/bytereader.go index f228a46cdf6..abade2d6052 100644 --- a/vendor/github.com/klauspost/compress/fse/bytereader.go +++ b/vendor/github.com/klauspost/compress/fse/bytereader.go @@ -25,19 +25,10 @@ func (b *byteReader) advance(n uint) { b.off += int(n) } -// Int32 returns a little endian int32 starting at current offset. -func (b byteReader) Int32() int32 { - b2 := b.b[b.off : b.off+4 : b.off+4] - v3 := int32(b2[3]) - v2 := int32(b2[2]) - v1 := int32(b2[1]) - v0 := int32(b2[0]) - return v0 | (v1 << 8) | (v2 << 16) | (v3 << 24) -} - // Uint32 returns a little endian uint32 starting at current offset. func (b byteReader) Uint32() uint32 { - b2 := b.b[b.off : b.off+4 : b.off+4] + b2 := b.b[b.off:] + b2 = b2[:4] v3 := uint32(b2[3]) v2 := uint32(b2[2]) v1 := uint32(b2[1]) diff --git a/vendor/github.com/klauspost/compress/huff0/README.md b/vendor/github.com/klauspost/compress/huff0/README.md index 0a8448ce9f9..e12da4db2fd 100644 --- a/vendor/github.com/klauspost/compress/huff0/README.md +++ b/vendor/github.com/klauspost/compress/huff0/README.md @@ -12,8 +12,6 @@ but it can be used as a secondary step to compressors (like Snappy) that does no * [Godoc documentation](https://godoc.org/github.com/klauspost/compress/huff0) -THIS PACKAGE IS NOT CONSIDERED STABLE AND API OR ENCODING MAY CHANGE IN THE FUTURE. - ## News * Mar 2018: First implementation released. Consider this beta software for now. @@ -75,6 +73,8 @@ which can be given to the decompressor. Decompressing is done by calling the [`Decompress1X`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch.Decompress1X) or [`Decompress4X`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch.Decompress4X) function. +For concurrently decompressing content with a fixed table a stateless [`Decoder`](https://godoc.org/github.com/klauspost/compress/huff0#Decoder) can be requested which will remain correct as long as the scratch is unchanged. The capacity of the provided slice indicates the expected output size. + You must provide the output from the compression stage, at exactly the size you got back. If you receive an error back your input was likely corrupted. @@ -84,4 +84,4 @@ There are no integrity checks, so relying on errors from the decompressor does n # Contributing Contributions are always welcome. Be aware that adding public functions will require good justification and breaking -changes will likely not be accepted. If in doubt open an issue before writing the PR. \ No newline at end of file +changes will likely not be accepted. If in doubt open an issue before writing the PR. diff --git a/vendor/github.com/klauspost/compress/huff0/bitreader.go b/vendor/github.com/klauspost/compress/huff0/bitreader.go index 7d0903c7010..a4979e8868a 100644 --- a/vendor/github.com/klauspost/compress/huff0/bitreader.go +++ b/vendor/github.com/klauspost/compress/huff0/bitreader.go @@ -6,6 +6,7 @@ package huff0 import ( + "encoding/binary" "errors" "io" ) @@ -34,29 +35,16 @@ func (b *bitReader) init(in []byte) error { } b.bitsRead = 64 b.value = 0 - b.fill() - b.fill() + if len(in) >= 8 { + b.fillFastStart() + } else { + b.fill() + b.fill() + } b.bitsRead += 8 - uint8(highBit32(uint32(v))) return nil } -// getBits will return n bits. n can be 0. -func (b *bitReader) getBits(n uint8) uint16 { - if n == 0 || b.bitsRead >= 64 { - return 0 - } - return b.getBitsFast(n) -} - -// getBitsFast requires that at least one bit is requested every time. -// There are no checks if the buffer is filled. -func (b *bitReader) getBitsFast(n uint8) uint16 { - const regMask = 64 - 1 - v := uint16((b.value << (b.bitsRead & regMask)) >> ((regMask + 1 - n) & regMask)) - b.bitsRead += n - return v -} - // peekBitsFast requires that at least one bit is requested every time. // There are no checks if the buffer is filled. func (b *bitReader) peekBitsFast(n uint8) uint16 { @@ -71,21 +59,36 @@ func (b *bitReader) fillFast() { if b.bitsRead < 32 { return } - // Do single re-slice to avoid bounds checks. + + // 2 bounds checks. v := b.in[b.off-4 : b.off] + v = v[:4] low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) b.value = (b.value << 32) | uint64(low) b.bitsRead -= 32 b.off -= 4 } +func (b *bitReader) advance(n uint8) { + b.bitsRead += n +} + +// fillFastStart() assumes the bitreader is empty and there is at least 8 bytes to read. +func (b *bitReader) fillFastStart() { + // Do single re-slice to avoid bounds checks. + b.value = binary.LittleEndian.Uint64(b.in[b.off-8:]) + b.bitsRead = 0 + b.off -= 8 +} + // fill() will make sure at least 32 bits are available. func (b *bitReader) fill() { if b.bitsRead < 32 { return } if b.off > 4 { - v := b.in[b.off-4 : b.off] + v := b.in[b.off-4:] + v = v[:4] low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) b.value = (b.value << 32) | uint64(low) b.bitsRead -= 32 @@ -113,3 +116,214 @@ func (b *bitReader) close() error { } return nil } + +// bitReader reads a bitstream in reverse. +// The last set bit indicates the start of the stream and is used +// for aligning the input. +type bitReaderBytes struct { + in []byte + off uint // next byte to read is at in[off - 1] + value uint64 + bitsRead uint8 +} + +// init initializes and resets the bit reader. +func (b *bitReaderBytes) init(in []byte) error { + if len(in) < 1 { + return errors.New("corrupt stream: too short") + } + b.in = in + b.off = uint(len(in)) + // The highest bit of the last byte indicates where to start + v := in[len(in)-1] + if v == 0 { + return errors.New("corrupt stream, did not find end of stream") + } + b.bitsRead = 64 + b.value = 0 + if len(in) >= 8 { + b.fillFastStart() + } else { + b.fill() + b.fill() + } + b.advance(8 - uint8(highBit32(uint32(v)))) + return nil +} + +// peekBitsFast requires that at least one bit is requested every time. +// There are no checks if the buffer is filled. +func (b *bitReaderBytes) peekByteFast() uint8 { + got := uint8(b.value >> 56) + return got +} + +func (b *bitReaderBytes) advance(n uint8) { + b.bitsRead += n + b.value <<= n & 63 +} + +// fillFast() will make sure at least 32 bits are available. +// There must be at least 4 bytes available. +func (b *bitReaderBytes) fillFast() { + if b.bitsRead < 32 { + return + } + + // 2 bounds checks. + v := b.in[b.off-4 : b.off] + v = v[:4] + low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) + b.value |= uint64(low) << (b.bitsRead - 32) + b.bitsRead -= 32 + b.off -= 4 +} + +// fillFastStart() assumes the bitReaderBytes is empty and there is at least 8 bytes to read. +func (b *bitReaderBytes) fillFastStart() { + // Do single re-slice to avoid bounds checks. + b.value = binary.LittleEndian.Uint64(b.in[b.off-8:]) + b.bitsRead = 0 + b.off -= 8 +} + +// fill() will make sure at least 32 bits are available. +func (b *bitReaderBytes) fill() { + if b.bitsRead < 32 { + return + } + if b.off > 4 { + v := b.in[b.off-4:] + v = v[:4] + low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) + b.value |= uint64(low) << (b.bitsRead - 32) + b.bitsRead -= 32 + b.off -= 4 + return + } + for b.off > 0 { + b.value |= uint64(b.in[b.off-1]) << (b.bitsRead - 8) + b.bitsRead -= 8 + b.off-- + } +} + +// finished returns true if all bits have been read from the bit stream. +func (b *bitReaderBytes) finished() bool { + return b.off == 0 && b.bitsRead >= 64 +} + +// close the bitstream and returns an error if out-of-buffer reads occurred. +func (b *bitReaderBytes) close() error { + // Release reference. + b.in = nil + if b.bitsRead > 64 { + return io.ErrUnexpectedEOF + } + return nil +} + +// bitReaderShifted reads a bitstream in reverse. +// The last set bit indicates the start of the stream and is used +// for aligning the input. +type bitReaderShifted struct { + in []byte + off uint // next byte to read is at in[off - 1] + value uint64 + bitsRead uint8 +} + +// init initializes and resets the bit reader. +func (b *bitReaderShifted) init(in []byte) error { + if len(in) < 1 { + return errors.New("corrupt stream: too short") + } + b.in = in + b.off = uint(len(in)) + // The highest bit of the last byte indicates where to start + v := in[len(in)-1] + if v == 0 { + return errors.New("corrupt stream, did not find end of stream") + } + b.bitsRead = 64 + b.value = 0 + if len(in) >= 8 { + b.fillFastStart() + } else { + b.fill() + b.fill() + } + b.advance(8 - uint8(highBit32(uint32(v)))) + return nil +} + +// peekBitsFast requires that at least one bit is requested every time. +// There are no checks if the buffer is filled. +func (b *bitReaderShifted) peekBitsFast(n uint8) uint16 { + return uint16(b.value >> ((64 - n) & 63)) +} + +func (b *bitReaderShifted) advance(n uint8) { + b.bitsRead += n + b.value <<= n & 63 +} + +// fillFast() will make sure at least 32 bits are available. +// There must be at least 4 bytes available. +func (b *bitReaderShifted) fillFast() { + if b.bitsRead < 32 { + return + } + + // 2 bounds checks. + v := b.in[b.off-4 : b.off] + v = v[:4] + low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) + b.value |= uint64(low) << ((b.bitsRead - 32) & 63) + b.bitsRead -= 32 + b.off -= 4 +} + +// fillFastStart() assumes the bitReaderShifted is empty and there is at least 8 bytes to read. +func (b *bitReaderShifted) fillFastStart() { + // Do single re-slice to avoid bounds checks. + b.value = binary.LittleEndian.Uint64(b.in[b.off-8:]) + b.bitsRead = 0 + b.off -= 8 +} + +// fill() will make sure at least 32 bits are available. +func (b *bitReaderShifted) fill() { + if b.bitsRead < 32 { + return + } + if b.off > 4 { + v := b.in[b.off-4:] + v = v[:4] + low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) + b.value |= uint64(low) << ((b.bitsRead - 32) & 63) + b.bitsRead -= 32 + b.off -= 4 + return + } + for b.off > 0 { + b.value |= uint64(b.in[b.off-1]) << ((b.bitsRead - 8) & 63) + b.bitsRead -= 8 + b.off-- + } +} + +// finished returns true if all bits have been read from the bit stream. +func (b *bitReaderShifted) finished() bool { + return b.off == 0 && b.bitsRead >= 64 +} + +// close the bitstream and returns an error if out-of-buffer reads occurred. +func (b *bitReaderShifted) close() error { + // Release reference. + b.in = nil + if b.bitsRead > 64 { + return io.ErrUnexpectedEOF + } + return nil +} diff --git a/vendor/github.com/klauspost/compress/huff0/decompress.go b/vendor/github.com/klauspost/compress/huff0/decompress.go index fb42a398be3..a03b2634afb 100644 --- a/vendor/github.com/klauspost/compress/huff0/decompress.go +++ b/vendor/github.com/klauspost/compress/huff0/decompress.go @@ -25,6 +25,9 @@ type dEntryDouble struct { len uint8 } +// Uses special code for all tables that are < 8 bits. +const use8BitTables = true + // ReadTable will read a table from the input. // The size of the input may be larger than the table definition. // Any content remaining after the table definition will be returned. @@ -83,6 +86,7 @@ func ReadTable(in []byte, s *Scratch) (s2 *Scratch, remain []byte, err error) { } v2 := v & 15 rankStats[v2]++ + // (1 << (v2-1)) is slower since the compiler cannot prove that v2 isn't 0. weightTotal += (1 << v2) >> 1 } if weightTotal == 0 { @@ -142,12 +146,14 @@ func ReadTable(in []byte, s *Scratch) (s2 *Scratch, remain []byte, err error) { d := dEntrySingle{ entry: uint16(s.actualTableLog+1-w) | (uint16(n) << 8), } - single := s.dt.single[rankStats[w] : rankStats[w]+length] + rank := &rankStats[w] + single := s.dt.single[*rank : *rank+length] for i := range single { single[i] = d } - rankStats[w] += length + *rank += length } + return s, in, nil } @@ -208,7 +214,10 @@ func (d *Decoder) Decompress1X(dst, src []byte) ([]byte, error) { if len(d.dt.single) == 0 { return nil, errors.New("no table loaded") } - var br bitReader + if use8BitTables && d.actualTableLog <= 8 { + return d.decompress1X8Bit(dst, src) + } + var br bitReaderShifted err := br.init(src) if err != nil { return dst, err @@ -216,17 +225,6 @@ func (d *Decoder) Decompress1X(dst, src []byte) ([]byte, error) { maxDecodedSize := cap(dst) dst = dst[:0] - decode := func() byte { - val := br.peekBitsFast(d.actualTableLog) /* note : actualTableLog >= 1 */ - v := d.dt.single[val] - br.bitsRead += uint8(v.entry) - return uint8(v.entry >> 8) - } - hasDec := func(v dEntrySingle) byte { - br.bitsRead += uint8(v.entry) - return uint8(v.entry >> 8) - } - // Avoid bounds check by always having full sized table. const tlSize = 1 << tableLogMax const tlMask = tlSize - 1 @@ -238,11 +236,25 @@ func (d *Decoder) Decompress1X(dst, src []byte) ([]byte, error) { for br.off >= 8 { br.fillFast() - buf[off+0] = hasDec(dt[br.peekBitsFast(d.actualTableLog)&tlMask]) - buf[off+1] = hasDec(dt[br.peekBitsFast(d.actualTableLog)&tlMask]) + v := dt[br.peekBitsFast(d.actualTableLog)&tlMask] + br.advance(uint8(v.entry)) + buf[off+0] = uint8(v.entry >> 8) + + v = dt[br.peekBitsFast(d.actualTableLog)&tlMask] + br.advance(uint8(v.entry)) + buf[off+1] = uint8(v.entry >> 8) + + // Refill br.fillFast() - buf[off+2] = hasDec(dt[br.peekBitsFast(d.actualTableLog)&tlMask]) - buf[off+3] = hasDec(dt[br.peekBitsFast(d.actualTableLog)&tlMask]) + + v = dt[br.peekBitsFast(d.actualTableLog)&tlMask] + br.advance(uint8(v.entry)) + buf[off+2] = uint8(v.entry >> 8) + + v = dt[br.peekBitsFast(d.actualTableLog)&tlMask] + br.advance(uint8(v.entry)) + buf[off+3] = uint8(v.entry >> 8) + off += 4 if off == 0 { if len(dst)+256 > maxDecodedSize { @@ -259,13 +271,196 @@ func (d *Decoder) Decompress1X(dst, src []byte) ([]byte, error) { } dst = append(dst, buf[:off]...) - for !br.finished() { + // br < 8, so uint8 is fine + bitsLeft := uint8(br.off)*8 + 64 - br.bitsRead + for bitsLeft > 0 { br.fill() + if false && br.bitsRead >= 32 { + if br.off >= 4 { + v := br.in[br.off-4:] + v = v[:4] + low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) + br.value = (br.value << 32) | uint64(low) + br.bitsRead -= 32 + br.off -= 4 + } else { + for br.off > 0 { + br.value = (br.value << 8) | uint64(br.in[br.off-1]) + br.bitsRead -= 8 + br.off-- + } + } + } if len(dst) >= maxDecodedSize { br.close() return nil, ErrMaxDecodedSizeExceeded } - dst = append(dst, decode()) + v := d.dt.single[br.peekBitsFast(d.actualTableLog)&tlMask] + nBits := uint8(v.entry) + br.advance(nBits) + bitsLeft -= nBits + dst = append(dst, uint8(v.entry>>8)) + } + return dst, br.close() +} + +// decompress1X8Bit will decompress a 1X encoded stream with tablelog <= 8. +// The cap of the output buffer will be the maximum decompressed size. +// The length of the supplied input must match the end of a block exactly. +func (d *Decoder) decompress1X8Bit(dst, src []byte) ([]byte, error) { + if d.actualTableLog == 8 { + return d.decompress1X8BitExactly(dst, src) + } + var br bitReaderBytes + err := br.init(src) + if err != nil { + return dst, err + } + maxDecodedSize := cap(dst) + dst = dst[:0] + + // Avoid bounds check by always having full sized table. + dt := d.dt.single[:256] + + // Use temp table to avoid bound checks/append penalty. + var buf [256]byte + var off uint8 + + shift := (8 - d.actualTableLog) & 7 + + //fmt.Printf("mask: %b, tl:%d\n", mask, d.actualTableLog) + for br.off >= 4 { + br.fillFast() + v := dt[br.peekByteFast()>>shift] + br.advance(uint8(v.entry)) + buf[off+0] = uint8(v.entry >> 8) + + v = dt[br.peekByteFast()>>shift] + br.advance(uint8(v.entry)) + buf[off+1] = uint8(v.entry >> 8) + + v = dt[br.peekByteFast()>>shift] + br.advance(uint8(v.entry)) + buf[off+2] = uint8(v.entry >> 8) + + v = dt[br.peekByteFast()>>shift] + br.advance(uint8(v.entry)) + buf[off+3] = uint8(v.entry >> 8) + + off += 4 + if off == 0 { + if len(dst)+256 > maxDecodedSize { + br.close() + return nil, ErrMaxDecodedSizeExceeded + } + dst = append(dst, buf[:]...) + } + } + + if len(dst)+int(off) > maxDecodedSize { + br.close() + return nil, ErrMaxDecodedSizeExceeded + } + dst = append(dst, buf[:off]...) + + // br < 4, so uint8 is fine + bitsLeft := int8(uint8(br.off)*8 + (64 - br.bitsRead)) + for bitsLeft > 0 { + if br.bitsRead >= 64-8 { + for br.off > 0 { + br.value |= uint64(br.in[br.off-1]) << (br.bitsRead - 8) + br.bitsRead -= 8 + br.off-- + } + } + if len(dst) >= maxDecodedSize { + br.close() + return nil, ErrMaxDecodedSizeExceeded + } + v := dt[br.peekByteFast()>>shift] + nBits := uint8(v.entry) + br.advance(nBits) + bitsLeft -= int8(nBits) + dst = append(dst, uint8(v.entry>>8)) + } + return dst, br.close() +} + +// decompress1X8Bit will decompress a 1X encoded stream with tablelog <= 8. +// The cap of the output buffer will be the maximum decompressed size. +// The length of the supplied input must match the end of a block exactly. +func (d *Decoder) decompress1X8BitExactly(dst, src []byte) ([]byte, error) { + var br bitReaderBytes + err := br.init(src) + if err != nil { + return dst, err + } + maxDecodedSize := cap(dst) + dst = dst[:0] + + // Avoid bounds check by always having full sized table. + dt := d.dt.single[:256] + + // Use temp table to avoid bound checks/append penalty. + var buf [256]byte + var off uint8 + + const shift = 0 + + //fmt.Printf("mask: %b, tl:%d\n", mask, d.actualTableLog) + for br.off >= 4 { + br.fillFast() + v := dt[br.peekByteFast()>>shift] + br.advance(uint8(v.entry)) + buf[off+0] = uint8(v.entry >> 8) + + v = dt[br.peekByteFast()>>shift] + br.advance(uint8(v.entry)) + buf[off+1] = uint8(v.entry >> 8) + + v = dt[br.peekByteFast()>>shift] + br.advance(uint8(v.entry)) + buf[off+2] = uint8(v.entry >> 8) + + v = dt[br.peekByteFast()>>shift] + br.advance(uint8(v.entry)) + buf[off+3] = uint8(v.entry >> 8) + + off += 4 + if off == 0 { + if len(dst)+256 > maxDecodedSize { + br.close() + return nil, ErrMaxDecodedSizeExceeded + } + dst = append(dst, buf[:]...) + } + } + + if len(dst)+int(off) > maxDecodedSize { + br.close() + return nil, ErrMaxDecodedSizeExceeded + } + dst = append(dst, buf[:off]...) + + // br < 4, so uint8 is fine + bitsLeft := int8(uint8(br.off)*8 + (64 - br.bitsRead)) + for bitsLeft > 0 { + if br.bitsRead >= 64-8 { + for br.off > 0 { + br.value |= uint64(br.in[br.off-1]) << (br.bitsRead - 8) + br.bitsRead -= 8 + br.off-- + } + } + if len(dst) >= maxDecodedSize { + br.close() + return nil, ErrMaxDecodedSizeExceeded + } + v := dt[br.peekByteFast()>>shift] + nBits := uint8(v.entry) + br.advance(nBits) + bitsLeft -= int8(nBits) + dst = append(dst, uint8(v.entry>>8)) } return dst, br.close() } @@ -274,15 +469,18 @@ func (d *Decoder) Decompress1X(dst, src []byte) ([]byte, error) { // The length of the supplied input must match the end of a block exactly. // The *capacity* of the dst slice must match the destination size of // the uncompressed data exactly. -func (s *Decoder) Decompress4X(dst, src []byte) ([]byte, error) { - if len(s.dt.single) == 0 { +func (d *Decoder) Decompress4X(dst, src []byte) ([]byte, error) { + if len(d.dt.single) == 0 { return nil, errors.New("no table loaded") } if len(src) < 6+(4*1) { return nil, errors.New("input too small") } + if use8BitTables && d.actualTableLog <= 8 { + return d.decompress4X8bit(dst, src) + } - var br [4]bitReader + var br [4]bitReaderShifted start := 6 for i := 0; i < 3; i++ { length := int(src[i*2]) | (int(src[i*2+1]) << 8) @@ -308,14 +506,7 @@ func (s *Decoder) Decompress4X(dst, src []byte) ([]byte, error) { const tlSize = 1 << tableLogMax const tlMask = tlSize - 1 - single := s.dt.single[:tlSize] - - decode := func(br *bitReader) byte { - val := br.peekBitsFast(s.actualTableLog) /* note : actualTableLog >= 1 */ - v := single[val&tlMask] - br.bitsRead += uint8(v.entry) - return uint8(v.entry >> 8) - } + single := d.dt.single[:tlSize] // Use temp table to avoid bound checks/append penalty. var buf [256]byte @@ -324,69 +515,484 @@ func (s *Decoder) Decompress4X(dst, src []byte) ([]byte, error) { // Decode 2 values from each decoder/loop. const bufoff = 256 / 4 -bigloop: for { - for i := range br { - br := &br[i] - if br.off < 4 { - break bigloop - } - br.fillFast() + if br[0].off < 4 || br[1].off < 4 || br[2].off < 4 || br[3].off < 4 { + break } { const stream = 0 - val := br[stream].peekBitsFast(s.actualTableLog) + const stream2 = 1 + br[stream].fillFast() + br[stream2].fillFast() + + val := br[stream].peekBitsFast(d.actualTableLog) v := single[val&tlMask] - br[stream].bitsRead += uint8(v.entry) + br[stream].advance(uint8(v.entry)) + buf[off+bufoff*stream] = uint8(v.entry >> 8) - val2 := br[stream].peekBitsFast(s.actualTableLog) + val2 := br[stream2].peekBitsFast(d.actualTableLog) v2 := single[val2&tlMask] - buf[off+bufoff*stream+1] = uint8(v2.entry >> 8) - buf[off+bufoff*stream] = uint8(v.entry >> 8) - br[stream].bitsRead += uint8(v2.entry) + br[stream2].advance(uint8(v2.entry)) + buf[off+bufoff*stream2] = uint8(v2.entry >> 8) + + val = br[stream].peekBitsFast(d.actualTableLog) + v = single[val&tlMask] + br[stream].advance(uint8(v.entry)) + buf[off+bufoff*stream+1] = uint8(v.entry >> 8) + + val2 = br[stream2].peekBitsFast(d.actualTableLog) + v2 = single[val2&tlMask] + br[stream2].advance(uint8(v2.entry)) + buf[off+bufoff*stream2+1] = uint8(v2.entry >> 8) } { - const stream = 1 - val := br[stream].peekBitsFast(s.actualTableLog) + const stream = 2 + const stream2 = 3 + br[stream].fillFast() + br[stream2].fillFast() + + val := br[stream].peekBitsFast(d.actualTableLog) v := single[val&tlMask] - br[stream].bitsRead += uint8(v.entry) + br[stream].advance(uint8(v.entry)) + buf[off+bufoff*stream] = uint8(v.entry >> 8) - val2 := br[stream].peekBitsFast(s.actualTableLog) + val2 := br[stream2].peekBitsFast(d.actualTableLog) v2 := single[val2&tlMask] - buf[off+bufoff*stream+1] = uint8(v2.entry >> 8) - buf[off+bufoff*stream] = uint8(v.entry >> 8) - br[stream].bitsRead += uint8(v2.entry) + br[stream2].advance(uint8(v2.entry)) + buf[off+bufoff*stream2] = uint8(v2.entry >> 8) + + val = br[stream].peekBitsFast(d.actualTableLog) + v = single[val&tlMask] + br[stream].advance(uint8(v.entry)) + buf[off+bufoff*stream+1] = uint8(v.entry >> 8) + + val2 = br[stream2].peekBitsFast(d.actualTableLog) + v2 = single[val2&tlMask] + br[stream2].advance(uint8(v2.entry)) + buf[off+bufoff*stream2+1] = uint8(v2.entry >> 8) + } + + off += 2 + + if off == bufoff { + if bufoff > dstEvery { + return nil, errors.New("corruption detected: stream overrun 1") + } + copy(out, buf[:bufoff]) + copy(out[dstEvery:], buf[bufoff:bufoff*2]) + copy(out[dstEvery*2:], buf[bufoff*2:bufoff*3]) + copy(out[dstEvery*3:], buf[bufoff*3:bufoff*4]) + off = 0 + out = out[bufoff:] + decoded += 256 + // There must at least be 3 buffers left. + if len(out) < dstEvery*3 { + return nil, errors.New("corruption detected: stream overrun 2") + } + } + } + if off > 0 { + ioff := int(off) + if len(out) < dstEvery*3+ioff { + return nil, errors.New("corruption detected: stream overrun 3") + } + copy(out, buf[:off]) + copy(out[dstEvery:dstEvery+ioff], buf[bufoff:bufoff*2]) + copy(out[dstEvery*2:dstEvery*2+ioff], buf[bufoff*2:bufoff*3]) + copy(out[dstEvery*3:dstEvery*3+ioff], buf[bufoff*3:bufoff*4]) + decoded += int(off) * 4 + out = out[off:] + } + + // Decode remaining. + for i := range br { + offset := dstEvery * i + br := &br[i] + bitsLeft := br.off*8 + uint(64-br.bitsRead) + for bitsLeft > 0 { + br.fill() + if false && br.bitsRead >= 32 { + if br.off >= 4 { + v := br.in[br.off-4:] + v = v[:4] + low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) + br.value = (br.value << 32) | uint64(low) + br.bitsRead -= 32 + br.off -= 4 + } else { + for br.off > 0 { + br.value = (br.value << 8) | uint64(br.in[br.off-1]) + br.bitsRead -= 8 + br.off-- + } + } + } + // end inline... + if offset >= len(out) { + return nil, errors.New("corruption detected: stream overrun 4") + } + + // Read value and increment offset. + val := br.peekBitsFast(d.actualTableLog) + v := single[val&tlMask].entry + nBits := uint8(v) + br.advance(nBits) + bitsLeft -= uint(nBits) + out[offset] = uint8(v >> 8) + offset++ + } + decoded += offset - dstEvery*i + err = br.close() + if err != nil { + return nil, err + } + } + if dstSize != decoded { + return nil, errors.New("corruption detected: short output block") + } + return dst, nil +} + +// Decompress4X will decompress a 4X encoded stream. +// The length of the supplied input must match the end of a block exactly. +// The *capacity* of the dst slice must match the destination size of +// the uncompressed data exactly. +func (d *Decoder) decompress4X8bit(dst, src []byte) ([]byte, error) { + if d.actualTableLog == 8 { + return d.decompress4X8bitExactly(dst, src) + } + + var br [4]bitReaderBytes + start := 6 + for i := 0; i < 3; i++ { + length := int(src[i*2]) | (int(src[i*2+1]) << 8) + if start+length >= len(src) { + return nil, errors.New("truncated input (or invalid offset)") + } + err := br[i].init(src[start : start+length]) + if err != nil { + return nil, err + } + start += length + } + err := br[3].init(src[start:]) + if err != nil { + return nil, err + } + + // destination, offset to match first output + dstSize := cap(dst) + dst = dst[:dstSize] + out := dst + dstEvery := (dstSize + 3) / 4 + + shift := (8 - d.actualTableLog) & 7 + + const tlSize = 1 << 8 + const tlMask = tlSize - 1 + single := d.dt.single[:tlSize] + + // Use temp table to avoid bound checks/append penalty. + var buf [256]byte + var off uint8 + var decoded int + + // Decode 4 values from each decoder/loop. + const bufoff = 256 / 4 + for { + if br[0].off < 4 || br[1].off < 4 || br[2].off < 4 || br[3].off < 4 { + break + } + + { + // Interleave 2 decodes. + const stream = 0 + const stream2 = 1 + br[stream].fillFast() + br[stream2].fillFast() + + v := single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 := single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+1] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+1] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+2] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+2] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+3] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+3] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) } { const stream = 2 - val := br[stream].peekBitsFast(s.actualTableLog) - v := single[val&tlMask] - br[stream].bitsRead += uint8(v.entry) + const stream2 = 3 + br[stream].fillFast() + br[stream2].fillFast() - val2 := br[stream].peekBitsFast(s.actualTableLog) - v2 := single[val2&tlMask] - buf[off+bufoff*stream+1] = uint8(v2.entry >> 8) - buf[off+bufoff*stream] = uint8(v.entry >> 8) - br[stream].bitsRead += uint8(v2.entry) + v := single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 := single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+1] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+1] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+2] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+2] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+3] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+3] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + } + + off += 4 + + if off == bufoff { + if bufoff > dstEvery { + return nil, errors.New("corruption detected: stream overrun 1") + } + copy(out, buf[:bufoff]) + copy(out[dstEvery:], buf[bufoff:bufoff*2]) + copy(out[dstEvery*2:], buf[bufoff*2:bufoff*3]) + copy(out[dstEvery*3:], buf[bufoff*3:bufoff*4]) + off = 0 + out = out[bufoff:] + decoded += 256 + // There must at least be 3 buffers left. + if len(out) < dstEvery*3 { + return nil, errors.New("corruption detected: stream overrun 2") + } + } + } + if off > 0 { + ioff := int(off) + if len(out) < dstEvery*3+ioff { + return nil, errors.New("corruption detected: stream overrun 3") + } + copy(out, buf[:off]) + copy(out[dstEvery:dstEvery+ioff], buf[bufoff:bufoff*2]) + copy(out[dstEvery*2:dstEvery*2+ioff], buf[bufoff*2:bufoff*3]) + copy(out[dstEvery*3:dstEvery*3+ioff], buf[bufoff*3:bufoff*4]) + decoded += int(off) * 4 + out = out[off:] + } + + // Decode remaining. + for i := range br { + offset := dstEvery * i + br := &br[i] + bitsLeft := int(br.off*8) + int(64-br.bitsRead) + for bitsLeft > 0 { + if br.finished() { + return nil, io.ErrUnexpectedEOF + } + if br.bitsRead >= 56 { + if br.off >= 4 { + v := br.in[br.off-4:] + v = v[:4] + low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) + br.value |= uint64(low) << (br.bitsRead - 32) + br.bitsRead -= 32 + br.off -= 4 + } else { + for br.off > 0 { + br.value |= uint64(br.in[br.off-1]) << (br.bitsRead - 8) + br.bitsRead -= 8 + br.off-- + } + } + } + // end inline... + if offset >= len(out) { + return nil, errors.New("corruption detected: stream overrun 4") + } + + // Read value and increment offset. + v := single[br.peekByteFast()>>shift].entry + nBits := uint8(v) + br.advance(nBits) + bitsLeft -= int(nBits) + out[offset] = uint8(v >> 8) + offset++ + } + decoded += offset - dstEvery*i + err = br.close() + if err != nil { + return nil, err + } + } + if dstSize != decoded { + return nil, errors.New("corruption detected: short output block") + } + return dst, nil +} + +// Decompress4X will decompress a 4X encoded stream. +// The length of the supplied input must match the end of a block exactly. +// The *capacity* of the dst slice must match the destination size of +// the uncompressed data exactly. +func (d *Decoder) decompress4X8bitExactly(dst, src []byte) ([]byte, error) { + var br [4]bitReaderBytes + start := 6 + for i := 0; i < 3; i++ { + length := int(src[i*2]) | (int(src[i*2+1]) << 8) + if start+length >= len(src) { + return nil, errors.New("truncated input (or invalid offset)") + } + err := br[i].init(src[start : start+length]) + if err != nil { + return nil, err + } + start += length + } + err := br[3].init(src[start:]) + if err != nil { + return nil, err + } + + // destination, offset to match first output + dstSize := cap(dst) + dst = dst[:dstSize] + out := dst + dstEvery := (dstSize + 3) / 4 + + const shift = 0 + const tlSize = 1 << 8 + const tlMask = tlSize - 1 + single := d.dt.single[:tlSize] + + // Use temp table to avoid bound checks/append penalty. + var buf [256]byte + var off uint8 + var decoded int + + // Decode 4 values from each decoder/loop. + const bufoff = 256 / 4 + for { + if br[0].off < 4 || br[1].off < 4 || br[2].off < 4 || br[3].off < 4 { + break } { - const stream = 3 - val := br[stream].peekBitsFast(s.actualTableLog) - v := single[val&tlMask] - br[stream].bitsRead += uint8(v.entry) + // Interleave 2 decodes. + const stream = 0 + const stream2 = 1 + br[stream].fillFast() + br[stream2].fillFast() - val2 := br[stream].peekBitsFast(s.actualTableLog) - v2 := single[val2&tlMask] - buf[off+bufoff*stream+1] = uint8(v2.entry >> 8) - buf[off+bufoff*stream] = uint8(v.entry >> 8) - br[stream].bitsRead += uint8(v2.entry) + v := single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 := single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+1] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+1] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+2] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+2] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+3] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+3] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) } - off += 2 + { + const stream = 2 + const stream2 = 3 + br[stream].fillFast() + br[stream2].fillFast() + + v := single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 := single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+1] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+1] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+2] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+2] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + + v = single[br[stream].peekByteFast()>>shift].entry + buf[off+bufoff*stream+3] = uint8(v >> 8) + br[stream].advance(uint8(v)) + + v2 = single[br[stream2].peekByteFast()>>shift].entry + buf[off+bufoff*stream2+3] = uint8(v2 >> 8) + br[stream2].advance(uint8(v2)) + } + + off += 4 if off == bufoff { if bufoff > dstEvery { @@ -422,12 +1028,38 @@ bigloop: for i := range br { offset := dstEvery * i br := &br[i] - for !br.finished() { - br.fill() + bitsLeft := int(br.off*8) + int(64-br.bitsRead) + for bitsLeft > 0 { + if br.finished() { + return nil, io.ErrUnexpectedEOF + } + if br.bitsRead >= 56 { + if br.off >= 4 { + v := br.in[br.off-4:] + v = v[:4] + low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) + br.value |= uint64(low) << (br.bitsRead - 32) + br.bitsRead -= 32 + br.off -= 4 + } else { + for br.off > 0 { + br.value |= uint64(br.in[br.off-1]) << (br.bitsRead - 8) + br.bitsRead -= 8 + br.off-- + } + } + } + // end inline... if offset >= len(out) { return nil, errors.New("corruption detected: stream overrun 4") } - out[offset] = decode(br) + + // Read value and increment offset. + v := single[br.peekByteFast()>>shift].entry + nBits := uint8(v) + br.advance(nBits) + bitsLeft -= int(nBits) + out[offset] = uint8(v >> 8) offset++ } decoded += offset - dstEvery*i diff --git a/vendor/github.com/klauspost/compress/zstd/bitreader.go b/vendor/github.com/klauspost/compress/zstd/bitreader.go index 15d79d439fa..85445853715 100644 --- a/vendor/github.com/klauspost/compress/zstd/bitreader.go +++ b/vendor/github.com/klauspost/compress/zstd/bitreader.go @@ -5,6 +5,7 @@ package zstd import ( + "encoding/binary" "errors" "io" "math/bits" @@ -34,8 +35,12 @@ func (b *bitReader) init(in []byte) error { } b.bitsRead = 64 b.value = 0 - b.fill() - b.fill() + if len(in) >= 8 { + b.fillFastStart() + } else { + b.fill() + b.fill() + } b.bitsRead += 8 - uint8(highBits(uint32(v))) return nil } @@ -63,21 +68,31 @@ func (b *bitReader) fillFast() { if b.bitsRead < 32 { return } - // Do single re-slice to avoid bounds checks. - v := b.in[b.off-4 : b.off] + // 2 bounds checks. + v := b.in[b.off-4:] + v = v[:4] low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) b.value = (b.value << 32) | uint64(low) b.bitsRead -= 32 b.off -= 4 } +// fillFastStart() assumes the bitreader is empty and there is at least 8 bytes to read. +func (b *bitReader) fillFastStart() { + // Do single re-slice to avoid bounds checks. + b.value = binary.LittleEndian.Uint64(b.in[b.off-8:]) + b.bitsRead = 0 + b.off -= 8 +} + // fill() will make sure at least 32 bits are available. func (b *bitReader) fill() { if b.bitsRead < 32 { return } if b.off >= 4 { - v := b.in[b.off-4 : b.off] + v := b.in[b.off-4:] + v = v[:4] low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24) b.value = (b.value << 32) | uint64(low) b.bitsRead -= 32 diff --git a/vendor/github.com/klauspost/compress/zstd/blockdec.go b/vendor/github.com/klauspost/compress/zstd/blockdec.go index 4a14242c761..c8ec6e3312d 100644 --- a/vendor/github.com/klauspost/compress/zstd/blockdec.go +++ b/vendor/github.com/klauspost/compress/zstd/blockdec.go @@ -83,6 +83,10 @@ type blockDec struct { err error decWG sync.WaitGroup + // Frame to use for singlethreaded decoding. + // Should not be used by the decoder itself since parent may be another frame. + localFrame *frameDec + // Block is RLE, this is the size. RLESize uint32 tmp [4]byte diff --git a/vendor/github.com/klauspost/compress/zstd/bytereader.go b/vendor/github.com/klauspost/compress/zstd/bytereader.go index f708df1c4ce..2c4fca17fa1 100644 --- a/vendor/github.com/klauspost/compress/zstd/bytereader.go +++ b/vendor/github.com/klauspost/compress/zstd/bytereader.go @@ -4,8 +4,6 @@ package zstd -import "encoding/binary" - // byteReader provides a byte reader that reads // little endian values from a byte stream. // The input stream is manually advanced. @@ -33,7 +31,8 @@ func (b *byteReader) overread() bool { // Int32 returns a little endian int32 starting at current offset. func (b byteReader) Int32() int32 { - b2 := b.b[b.off : b.off+4 : b.off+4] + b2 := b.b[b.off:] + b2 = b2[:4] v3 := int32(b2[3]) v2 := int32(b2[2]) v1 := int32(b2[1]) @@ -57,7 +56,25 @@ func (b byteReader) Uint32() uint32 { } return v } - return binary.LittleEndian.Uint32(b.b[b.off : b.off+4]) + b2 := b.b[b.off:] + b2 = b2[:4] + v3 := uint32(b2[3]) + v2 := uint32(b2[2]) + v1 := uint32(b2[1]) + v0 := uint32(b2[0]) + return v0 | (v1 << 8) | (v2 << 16) | (v3 << 24) +} + +// Uint32NC returns a little endian uint32 starting at current offset. +// The caller must be sure if there are at least 4 bytes left. +func (b byteReader) Uint32NC() uint32 { + b2 := b.b[b.off:] + b2 = b2[:4] + v3 := uint32(b2[3]) + v2 := uint32(b2[2]) + v1 := uint32(b2[1]) + v0 := uint32(b2[0]) + return v0 | (v1 << 8) | (v2 << 16) | (v3 << 24) } // unread returns the unread portion of the input. diff --git a/vendor/github.com/klauspost/compress/zstd/decoder.go b/vendor/github.com/klauspost/compress/zstd/decoder.go index 8e34479ff80..75bf05bc9a3 100644 --- a/vendor/github.com/klauspost/compress/zstd/decoder.go +++ b/vendor/github.com/klauspost/compress/zstd/decoder.go @@ -23,9 +23,6 @@ type Decoder struct { // Unreferenced decoders, ready for use. decoders chan *blockDec - // Unreferenced decoders, ready for use. - frames chan *frameDec - // Streams ready to be decoded. stream chan decodeStream @@ -90,10 +87,10 @@ func NewReader(r io.Reader, opts ...DOption) (*Decoder, error) { // Create decoders d.decoders = make(chan *blockDec, d.o.concurrent) - d.frames = make(chan *frameDec, d.o.concurrent) for i := 0; i < d.o.concurrent; i++ { - d.frames <- newFrameDec(d.o) - d.decoders <- newBlockDec(d.o.lowMem) + dec := newBlockDec(d.o.lowMem) + dec.localFrame = newFrameDec(d.o) + d.decoders <- dec } if r == nil { @@ -283,15 +280,15 @@ func (d *Decoder) DecodeAll(input, dst []byte) ([]byte, error) { } // Grab a block decoder and frame decoder. - block, frame := <-d.decoders, <-d.frames + block := <-d.decoders + frame := block.localFrame defer func() { if debug { printf("re-adding decoder: %p", block) } - d.decoders <- block frame.rawInput = nil frame.bBuf = nil - d.frames <- frame + d.decoders <- block }() frame.bBuf = input diff --git a/vendor/github.com/klauspost/compress/zstd/fse_decoder.go b/vendor/github.com/klauspost/compress/zstd/fse_decoder.go index 957cfeb79cc..e6d3d49b39c 100644 --- a/vendor/github.com/klauspost/compress/zstd/fse_decoder.go +++ b/vendor/github.com/klauspost/compress/zstd/fse_decoder.go @@ -55,7 +55,7 @@ func (s *fseDecoder) readNCount(b *byteReader, maxSymbol uint16) error { if b.remain() < 4 { return errors.New("input too small") } - bitStream := b.Uint32() + bitStream := b.Uint32NC() nbBits := uint((bitStream & 0xF) + minTablelog) // extract tableLog if nbBits > tablelogAbsoluteMax { println("Invalid tablelog:", nbBits) @@ -79,7 +79,8 @@ func (s *fseDecoder) readNCount(b *byteReader, maxSymbol uint16) error { n0 += 24 if r := b.remain(); r > 5 { b.advance(2) - bitStream = b.Uint32() >> bitCount + // The check above should make sure we can read 32 bits + bitStream = b.Uint32NC() >> bitCount } else { // end of bit stream bitStream >>= 16 @@ -104,10 +105,11 @@ func (s *fseDecoder) readNCount(b *byteReader, maxSymbol uint16) error { charnum++ } - if r := b.remain(); r >= 7 || r+int(bitCount>>3) >= 4 { + if r := b.remain(); r >= 7 || r-int(bitCount>>3) >= 4 { b.advance(bitCount >> 3) bitCount &= 7 - bitStream = b.Uint32() >> bitCount + // The check above should make sure we can read 32 bits + bitStream = b.Uint32NC() >> bitCount } else { bitStream >>= 2 } @@ -148,17 +150,16 @@ func (s *fseDecoder) readNCount(b *byteReader, maxSymbol uint16) error { threshold >>= 1 } - //println("b.off:", b.off, "len:", len(b.b), "bc:", bitCount, "remain:", b.remain()) - if r := b.remain(); r >= 7 || r+int(bitCount>>3) >= 4 { + if r := b.remain(); r >= 7 || r-int(bitCount>>3) >= 4 { b.advance(bitCount >> 3) bitCount &= 7 + // The check above should make sure we can read 32 bits + bitStream = b.Uint32NC() >> (bitCount & 31) } else { bitCount -= (uint)(8 * (len(b.b) - 4 - b.off)) b.off = len(b.b) - 4 - //println("b.off:", b.off, "len:", len(b.b), "bc:", bitCount, "iend", iend) + bitStream = b.Uint32() >> (bitCount & 31) } - bitStream = b.Uint32() >> (bitCount & 31) - //printf("bitstream is now: 0b%b", bitStream) } s.symbolLen = charnum if s.symbolLen <= 1 { diff --git a/vendor/github.com/mattn/go-isatty/.travis.yml b/vendor/github.com/mattn/go-isatty/.travis.yml new file mode 100644 index 00000000000..604314dd44c --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/.travis.yml @@ -0,0 +1,14 @@ +language: go +sudo: false +go: + - 1.13.x + - tip + +before_install: + - go get -t -v ./... + +script: + - ./go.test.sh + +after_success: + - bash <(curl -s https://codecov.io/bash) diff --git a/vendor/github.com/mattn/go-isatty/LICENSE b/vendor/github.com/mattn/go-isatty/LICENSE new file mode 100644 index 00000000000..65dc692b6b1 --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/LICENSE @@ -0,0 +1,9 @@ +Copyright (c) Yasuhiro MATSUMOTO + +MIT License (Expat) + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/github.com/mattn/go-isatty/README.md b/vendor/github.com/mattn/go-isatty/README.md new file mode 100644 index 00000000000..38418353e31 --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/README.md @@ -0,0 +1,50 @@ +# go-isatty + +[![Godoc Reference](https://godoc.org/github.com/mattn/go-isatty?status.svg)](http://godoc.org/github.com/mattn/go-isatty) +[![Codecov](https://codecov.io/gh/mattn/go-isatty/branch/master/graph/badge.svg)](https://codecov.io/gh/mattn/go-isatty) +[![Coverage Status](https://coveralls.io/repos/github/mattn/go-isatty/badge.svg?branch=master)](https://coveralls.io/github/mattn/go-isatty?branch=master) +[![Go Report Card](https://goreportcard.com/badge/mattn/go-isatty)](https://goreportcard.com/report/mattn/go-isatty) + +isatty for golang + +## Usage + +```go +package main + +import ( + "fmt" + "github.com/mattn/go-isatty" + "os" +) + +func main() { + if isatty.IsTerminal(os.Stdout.Fd()) { + fmt.Println("Is Terminal") + } else if isatty.IsCygwinTerminal(os.Stdout.Fd()) { + fmt.Println("Is Cygwin/MSYS2 Terminal") + } else { + fmt.Println("Is Not Terminal") + } +} +``` + +## Installation + +``` +$ go get github.com/mattn/go-isatty +``` + +## License + +MIT + +## Author + +Yasuhiro Matsumoto (a.k.a mattn) + +## Thanks + +* k-takata: base idea for IsCygwinTerminal + + https://github.com/k-takata/go-iscygpty diff --git a/vendor/github.com/mattn/go-isatty/doc.go b/vendor/github.com/mattn/go-isatty/doc.go new file mode 100644 index 00000000000..17d4f90ebcc --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/doc.go @@ -0,0 +1,2 @@ +// Package isatty implements interface to isatty +package isatty diff --git a/vendor/github.com/mattn/go-isatty/go.mod b/vendor/github.com/mattn/go-isatty/go.mod new file mode 100644 index 00000000000..605c4c22109 --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/go.mod @@ -0,0 +1,5 @@ +module github.com/mattn/go-isatty + +go 1.12 + +require golang.org/x/sys v0.0.0-20200116001909-b77594299b42 diff --git a/vendor/github.com/mattn/go-isatty/go.sum b/vendor/github.com/mattn/go-isatty/go.sum new file mode 100644 index 00000000000..912e29cbc19 --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/go.sum @@ -0,0 +1,2 @@ +golang.org/x/sys v0.0.0-20200116001909-b77594299b42 h1:vEOn+mP2zCOVzKckCZy6YsCtDblrpj/w7B9nxGNELpg= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/github.com/mattn/go-isatty/go.test.sh b/vendor/github.com/mattn/go-isatty/go.test.sh new file mode 100644 index 00000000000..012162b077c --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/go.test.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +set -e +echo "" > coverage.txt + +for d in $(go list ./... | grep -v vendor); do + go test -race -coverprofile=profile.out -covermode=atomic "$d" + if [ -f profile.out ]; then + cat profile.out >> coverage.txt + rm profile.out + fi +done diff --git a/vendor/github.com/mattn/go-isatty/isatty_bsd.go b/vendor/github.com/mattn/go-isatty/isatty_bsd.go new file mode 100644 index 00000000000..711f288085a --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/isatty_bsd.go @@ -0,0 +1,18 @@ +// +build darwin freebsd openbsd netbsd dragonfly +// +build !appengine + +package isatty + +import "golang.org/x/sys/unix" + +// IsTerminal return true if the file descriptor is terminal. +func IsTerminal(fd uintptr) bool { + _, err := unix.IoctlGetTermios(int(fd), unix.TIOCGETA) + return err == nil +} + +// IsCygwinTerminal return true if the file descriptor is a cygwin or msys2 +// terminal. This is also always false on this environment. +func IsCygwinTerminal(fd uintptr) bool { + return false +} diff --git a/vendor/github.com/mattn/go-isatty/isatty_others.go b/vendor/github.com/mattn/go-isatty/isatty_others.go new file mode 100644 index 00000000000..ff714a37615 --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/isatty_others.go @@ -0,0 +1,15 @@ +// +build appengine js nacl + +package isatty + +// IsTerminal returns true if the file descriptor is terminal which +// is always false on js and appengine classic which is a sandboxed PaaS. +func IsTerminal(fd uintptr) bool { + return false +} + +// IsCygwinTerminal() return true if the file descriptor is a cygwin or msys2 +// terminal. This is also always false on this environment. +func IsCygwinTerminal(fd uintptr) bool { + return false +} diff --git a/vendor/github.com/mattn/go-isatty/isatty_plan9.go b/vendor/github.com/mattn/go-isatty/isatty_plan9.go new file mode 100644 index 00000000000..c5b6e0c084a --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/isatty_plan9.go @@ -0,0 +1,22 @@ +// +build plan9 + +package isatty + +import ( + "syscall" +) + +// IsTerminal returns true if the given file descriptor is a terminal. +func IsTerminal(fd uintptr) bool { + path, err := syscall.Fd2path(int(fd)) + if err != nil { + return false + } + return path == "/dev/cons" || path == "/mnt/term/dev/cons" +} + +// IsCygwinTerminal return true if the file descriptor is a cygwin or msys2 +// terminal. This is also always false on this environment. +func IsCygwinTerminal(fd uintptr) bool { + return false +} diff --git a/vendor/github.com/mattn/go-isatty/isatty_solaris.go b/vendor/github.com/mattn/go-isatty/isatty_solaris.go new file mode 100644 index 00000000000..bdd5c79a07f --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/isatty_solaris.go @@ -0,0 +1,22 @@ +// +build solaris +// +build !appengine + +package isatty + +import ( + "golang.org/x/sys/unix" +) + +// IsTerminal returns true if the given file descriptor is a terminal. +// see: http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c +func IsTerminal(fd uintptr) bool { + var termio unix.Termio + err := unix.IoctlSetTermio(int(fd), unix.TCGETA, &termio) + return err == nil +} + +// IsCygwinTerminal return true if the file descriptor is a cygwin or msys2 +// terminal. This is also always false on this environment. +func IsCygwinTerminal(fd uintptr) bool { + return false +} diff --git a/vendor/github.com/mattn/go-isatty/isatty_tcgets.go b/vendor/github.com/mattn/go-isatty/isatty_tcgets.go new file mode 100644 index 00000000000..31a1ca973c7 --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/isatty_tcgets.go @@ -0,0 +1,18 @@ +// +build linux aix +// +build !appengine + +package isatty + +import "golang.org/x/sys/unix" + +// IsTerminal return true if the file descriptor is terminal. +func IsTerminal(fd uintptr) bool { + _, err := unix.IoctlGetTermios(int(fd), unix.TCGETS) + return err == nil +} + +// IsCygwinTerminal return true if the file descriptor is a cygwin or msys2 +// terminal. This is also always false on this environment. +func IsCygwinTerminal(fd uintptr) bool { + return false +} diff --git a/vendor/github.com/mattn/go-isatty/isatty_windows.go b/vendor/github.com/mattn/go-isatty/isatty_windows.go new file mode 100644 index 00000000000..1fa86915405 --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/isatty_windows.go @@ -0,0 +1,125 @@ +// +build windows +// +build !appengine + +package isatty + +import ( + "errors" + "strings" + "syscall" + "unicode/utf16" + "unsafe" +) + +const ( + objectNameInfo uintptr = 1 + fileNameInfo = 2 + fileTypePipe = 3 +) + +var ( + kernel32 = syscall.NewLazyDLL("kernel32.dll") + ntdll = syscall.NewLazyDLL("ntdll.dll") + procGetConsoleMode = kernel32.NewProc("GetConsoleMode") + procGetFileInformationByHandleEx = kernel32.NewProc("GetFileInformationByHandleEx") + procGetFileType = kernel32.NewProc("GetFileType") + procNtQueryObject = ntdll.NewProc("NtQueryObject") +) + +func init() { + // Check if GetFileInformationByHandleEx is available. + if procGetFileInformationByHandleEx.Find() != nil { + procGetFileInformationByHandleEx = nil + } +} + +// IsTerminal return true if the file descriptor is terminal. +func IsTerminal(fd uintptr) bool { + var st uint32 + r, _, e := syscall.Syscall(procGetConsoleMode.Addr(), 2, fd, uintptr(unsafe.Pointer(&st)), 0) + return r != 0 && e == 0 +} + +// Check pipe name is used for cygwin/msys2 pty. +// Cygwin/MSYS2 PTY has a name like: +// \{cygwin,msys}-XXXXXXXXXXXXXXXX-ptyN-{from,to}-master +func isCygwinPipeName(name string) bool { + token := strings.Split(name, "-") + if len(token) < 5 { + return false + } + + if token[0] != `\msys` && + token[0] != `\cygwin` && + token[0] != `\Device\NamedPipe\msys` && + token[0] != `\Device\NamedPipe\cygwin` { + return false + } + + if token[1] == "" { + return false + } + + if !strings.HasPrefix(token[2], "pty") { + return false + } + + if token[3] != `from` && token[3] != `to` { + return false + } + + if token[4] != "master" { + return false + } + + return true +} + +// getFileNameByHandle use the undocomented ntdll NtQueryObject to get file full name from file handler +// since GetFileInformationByHandleEx is not avilable under windows Vista and still some old fashion +// guys are using Windows XP, this is a workaround for those guys, it will also work on system from +// Windows vista to 10 +// see https://stackoverflow.com/a/18792477 for details +func getFileNameByHandle(fd uintptr) (string, error) { + if procNtQueryObject == nil { + return "", errors.New("ntdll.dll: NtQueryObject not supported") + } + + var buf [4 + syscall.MAX_PATH]uint16 + var result int + r, _, e := syscall.Syscall6(procNtQueryObject.Addr(), 5, + fd, objectNameInfo, uintptr(unsafe.Pointer(&buf)), uintptr(2*len(buf)), uintptr(unsafe.Pointer(&result)), 0) + if r != 0 { + return "", e + } + return string(utf16.Decode(buf[4 : 4+buf[0]/2])), nil +} + +// IsCygwinTerminal() return true if the file descriptor is a cygwin or msys2 +// terminal. +func IsCygwinTerminal(fd uintptr) bool { + if procGetFileInformationByHandleEx == nil { + name, err := getFileNameByHandle(fd) + if err != nil { + return false + } + return isCygwinPipeName(name) + } + + // Cygwin/msys's pty is a pipe. + ft, _, e := syscall.Syscall(procGetFileType.Addr(), 1, fd, 0, 0) + if ft != fileTypePipe || e != 0 { + return false + } + + var buf [2 + syscall.MAX_PATH]uint16 + r, _, e := syscall.Syscall6(procGetFileInformationByHandleEx.Addr(), + 4, fd, fileNameInfo, uintptr(unsafe.Pointer(&buf)), + uintptr(len(buf)*2), 0, 0) + if r == 0 || e != 0 { + return false + } + + l := *(*uint32)(unsafe.Pointer(&buf)) + return isCygwinPipeName(string(utf16.Decode(buf[2 : 2+l/2]))) +} diff --git a/vendor/github.com/mattn/go-isatty/renovate.json b/vendor/github.com/mattn/go-isatty/renovate.json new file mode 100644 index 00000000000..5ae9d96b74b --- /dev/null +++ b/vendor/github.com/mattn/go-isatty/renovate.json @@ -0,0 +1,8 @@ +{ + "extends": [ + "config:base" + ], + "postUpdateOptions": [ + "gomodTidy" + ] +} diff --git a/vendor/github.com/mattn/go-runewidth/.travis.yml b/vendor/github.com/mattn/go-runewidth/.travis.yml new file mode 100644 index 00000000000..6a21813a3e3 --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/.travis.yml @@ -0,0 +1,16 @@ +language: go +sudo: false +go: + - 1.13.x + - tip + +before_install: + - go get -t -v ./... + +script: + - go generate + - git diff --cached --exit-code + - ./go.test.sh + +after_success: + - bash <(curl -s https://codecov.io/bash) diff --git a/vendor/github.com/mattn/go-runewidth/LICENSE b/vendor/github.com/mattn/go-runewidth/LICENSE new file mode 100644 index 00000000000..91b5cef30eb --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Yasuhiro Matsumoto + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/mattn/go-runewidth/README.md b/vendor/github.com/mattn/go-runewidth/README.md new file mode 100644 index 00000000000..aa56ab96c2b --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/README.md @@ -0,0 +1,27 @@ +go-runewidth +============ + +[![Build Status](https://travis-ci.org/mattn/go-runewidth.png?branch=master)](https://travis-ci.org/mattn/go-runewidth) +[![Codecov](https://codecov.io/gh/mattn/go-runewidth/branch/master/graph/badge.svg)](https://codecov.io/gh/mattn/go-runewidth) +[![GoDoc](https://godoc.org/github.com/mattn/go-runewidth?status.svg)](http://godoc.org/github.com/mattn/go-runewidth) +[![Go Report Card](https://goreportcard.com/badge/github.com/mattn/go-runewidth)](https://goreportcard.com/report/github.com/mattn/go-runewidth) + +Provides functions to get fixed width of the character or string. + +Usage +----- + +```go +runewidth.StringWidth("つのだ☆HIRO") == 12 +``` + + +Author +------ + +Yasuhiro Matsumoto + +License +------- + +under the MIT License: http://mattn.mit-license.org/2013 diff --git a/vendor/github.com/mattn/go-runewidth/go.mod b/vendor/github.com/mattn/go-runewidth/go.mod new file mode 100644 index 00000000000..fa7f4d864e4 --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/go.mod @@ -0,0 +1,3 @@ +module github.com/mattn/go-runewidth + +go 1.9 diff --git a/vendor/github.com/mattn/go-runewidth/go.test.sh b/vendor/github.com/mattn/go-runewidth/go.test.sh new file mode 100644 index 00000000000..012162b077c --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/go.test.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +set -e +echo "" > coverage.txt + +for d in $(go list ./... | grep -v vendor); do + go test -race -coverprofile=profile.out -covermode=atomic "$d" + if [ -f profile.out ]; then + cat profile.out >> coverage.txt + rm profile.out + fi +done diff --git a/vendor/github.com/mattn/go-runewidth/runewidth.go b/vendor/github.com/mattn/go-runewidth/runewidth.go new file mode 100644 index 00000000000..19f8e0449b7 --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/runewidth.go @@ -0,0 +1,257 @@ +package runewidth + +import ( + "os" +) + +//go:generate go run script/generate.go + +var ( + // EastAsianWidth will be set true if the current locale is CJK + EastAsianWidth bool + + // ZeroWidthJoiner is flag to set to use UTR#51 ZWJ + ZeroWidthJoiner bool + + // DefaultCondition is a condition in current locale + DefaultCondition = &Condition{} +) + +func init() { + handleEnv() +} + +func handleEnv() { + env := os.Getenv("RUNEWIDTH_EASTASIAN") + if env == "" { + EastAsianWidth = IsEastAsian() + } else { + EastAsianWidth = env == "1" + } + // update DefaultCondition + DefaultCondition.EastAsianWidth = EastAsianWidth + DefaultCondition.ZeroWidthJoiner = ZeroWidthJoiner +} + +type interval struct { + first rune + last rune +} + +type table []interval + +func inTables(r rune, ts ...table) bool { + for _, t := range ts { + if inTable(r, t) { + return true + } + } + return false +} + +func inTable(r rune, t table) bool { + if r < t[0].first { + return false + } + + bot := 0 + top := len(t) - 1 + for top >= bot { + mid := (bot + top) >> 1 + + switch { + case t[mid].last < r: + bot = mid + 1 + case t[mid].first > r: + top = mid - 1 + default: + return true + } + } + + return false +} + +var private = table{ + {0x00E000, 0x00F8FF}, {0x0F0000, 0x0FFFFD}, {0x100000, 0x10FFFD}, +} + +var nonprint = table{ + {0x0000, 0x001F}, {0x007F, 0x009F}, {0x00AD, 0x00AD}, + {0x070F, 0x070F}, {0x180B, 0x180E}, {0x200B, 0x200F}, + {0x2028, 0x202E}, {0x206A, 0x206F}, {0xD800, 0xDFFF}, + {0xFEFF, 0xFEFF}, {0xFFF9, 0xFFFB}, {0xFFFE, 0xFFFF}, +} + +// Condition have flag EastAsianWidth whether the current locale is CJK or not. +type Condition struct { + EastAsianWidth bool + ZeroWidthJoiner bool +} + +// NewCondition return new instance of Condition which is current locale. +func NewCondition() *Condition { + return &Condition{ + EastAsianWidth: EastAsianWidth, + ZeroWidthJoiner: ZeroWidthJoiner, + } +} + +// RuneWidth returns the number of cells in r. +// See http://www.unicode.org/reports/tr11/ +func (c *Condition) RuneWidth(r rune) int { + switch { + case r < 0 || r > 0x10FFFF || inTables(r, nonprint, combining, notassigned): + return 0 + case (c.EastAsianWidth && IsAmbiguousWidth(r)) || inTables(r, doublewidth): + return 2 + default: + return 1 + } +} + +func (c *Condition) stringWidth(s string) (width int) { + for _, r := range []rune(s) { + width += c.RuneWidth(r) + } + return width +} + +func (c *Condition) stringWidthZeroJoiner(s string) (width int) { + r1, r2 := rune(0), rune(0) + for _, r := range []rune(s) { + if r == 0xFE0E || r == 0xFE0F { + continue + } + w := c.RuneWidth(r) + if r2 == 0x200D && inTables(r, emoji) && inTables(r1, emoji) { + if width < w { + width = w + } + } else { + width += w + } + r1, r2 = r2, r + } + return width +} + +// StringWidth return width as you can see +func (c *Condition) StringWidth(s string) (width int) { + if c.ZeroWidthJoiner { + return c.stringWidthZeroJoiner(s) + } + return c.stringWidth(s) +} + +// Truncate return string truncated with w cells +func (c *Condition) Truncate(s string, w int, tail string) string { + if c.StringWidth(s) <= w { + return s + } + r := []rune(s) + tw := c.StringWidth(tail) + w -= tw + width := 0 + i := 0 + for ; i < len(r); i++ { + cw := c.RuneWidth(r[i]) + if width+cw > w { + break + } + width += cw + } + return string(r[0:i]) + tail +} + +// Wrap return string wrapped with w cells +func (c *Condition) Wrap(s string, w int) string { + width := 0 + out := "" + for _, r := range []rune(s) { + cw := RuneWidth(r) + if r == '\n' { + out += string(r) + width = 0 + continue + } else if width+cw > w { + out += "\n" + width = 0 + out += string(r) + width += cw + continue + } + out += string(r) + width += cw + } + return out +} + +// FillLeft return string filled in left by spaces in w cells +func (c *Condition) FillLeft(s string, w int) string { + width := c.StringWidth(s) + count := w - width + if count > 0 { + b := make([]byte, count) + for i := range b { + b[i] = ' ' + } + return string(b) + s + } + return s +} + +// FillRight return string filled in left by spaces in w cells +func (c *Condition) FillRight(s string, w int) string { + width := c.StringWidth(s) + count := w - width + if count > 0 { + b := make([]byte, count) + for i := range b { + b[i] = ' ' + } + return s + string(b) + } + return s +} + +// RuneWidth returns the number of cells in r. +// See http://www.unicode.org/reports/tr11/ +func RuneWidth(r rune) int { + return DefaultCondition.RuneWidth(r) +} + +// IsAmbiguousWidth returns whether is ambiguous width or not. +func IsAmbiguousWidth(r rune) bool { + return inTables(r, private, ambiguous) +} + +// IsNeutralWidth returns whether is neutral width or not. +func IsNeutralWidth(r rune) bool { + return inTable(r, neutral) +} + +// StringWidth return width as you can see +func StringWidth(s string) (width int) { + return DefaultCondition.StringWidth(s) +} + +// Truncate return string truncated with w cells +func Truncate(s string, w int, tail string) string { + return DefaultCondition.Truncate(s, w, tail) +} + +// Wrap return string wrapped with w cells +func Wrap(s string, w int) string { + return DefaultCondition.Wrap(s, w) +} + +// FillLeft return string filled in left by spaces in w cells +func FillLeft(s string, w int) string { + return DefaultCondition.FillLeft(s, w) +} + +// FillRight return string filled in left by spaces in w cells +func FillRight(s string, w int) string { + return DefaultCondition.FillRight(s, w) +} diff --git a/vendor/github.com/mattn/go-runewidth/runewidth_appengine.go b/vendor/github.com/mattn/go-runewidth/runewidth_appengine.go new file mode 100644 index 00000000000..7d99f6e5210 --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/runewidth_appengine.go @@ -0,0 +1,8 @@ +// +build appengine + +package runewidth + +// IsEastAsian return true if the current locale is CJK +func IsEastAsian() bool { + return false +} diff --git a/vendor/github.com/mattn/go-runewidth/runewidth_js.go b/vendor/github.com/mattn/go-runewidth/runewidth_js.go new file mode 100644 index 00000000000..c5fdf40baa0 --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/runewidth_js.go @@ -0,0 +1,9 @@ +// +build js +// +build !appengine + +package runewidth + +func IsEastAsian() bool { + // TODO: Implement this for the web. Detect east asian in a compatible way, and return true. + return false +} diff --git a/vendor/github.com/mattn/go-runewidth/runewidth_posix.go b/vendor/github.com/mattn/go-runewidth/runewidth_posix.go new file mode 100644 index 00000000000..480ad748538 --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/runewidth_posix.go @@ -0,0 +1,82 @@ +// +build !windows +// +build !js +// +build !appengine + +package runewidth + +import ( + "os" + "regexp" + "strings" +) + +var reLoc = regexp.MustCompile(`^[a-z][a-z][a-z]?(?:_[A-Z][A-Z])?\.(.+)`) + +var mblenTable = map[string]int{ + "utf-8": 6, + "utf8": 6, + "jis": 8, + "eucjp": 3, + "euckr": 2, + "euccn": 2, + "sjis": 2, + "cp932": 2, + "cp51932": 2, + "cp936": 2, + "cp949": 2, + "cp950": 2, + "big5": 2, + "gbk": 2, + "gb2312": 2, +} + +func isEastAsian(locale string) bool { + charset := strings.ToLower(locale) + r := reLoc.FindStringSubmatch(locale) + if len(r) == 2 { + charset = strings.ToLower(r[1]) + } + + if strings.HasSuffix(charset, "@cjk_narrow") { + return false + } + + for pos, b := range []byte(charset) { + if b == '@' { + charset = charset[:pos] + break + } + } + max := 1 + if m, ok := mblenTable[charset]; ok { + max = m + } + if max > 1 && (charset[0] != 'u' || + strings.HasPrefix(locale, "ja") || + strings.HasPrefix(locale, "ko") || + strings.HasPrefix(locale, "zh")) { + return true + } + return false +} + +// IsEastAsian return true if the current locale is CJK +func IsEastAsian() bool { + locale := os.Getenv("LC_ALL") + if locale == "" { + locale = os.Getenv("LC_CTYPE") + } + if locale == "" { + locale = os.Getenv("LANG") + } + + // ignore C locale + if locale == "POSIX" || locale == "C" { + return false + } + if len(locale) > 1 && locale[0] == 'C' && (locale[1] == '.' || locale[1] == '-') { + return false + } + + return isEastAsian(locale) +} diff --git a/vendor/github.com/mattn/go-runewidth/runewidth_table.go b/vendor/github.com/mattn/go-runewidth/runewidth_table.go new file mode 100644 index 00000000000..b27d77d8911 --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/runewidth_table.go @@ -0,0 +1,437 @@ +// Code generated by script/generate.go. DO NOT EDIT. + +package runewidth + +var combining = table{ + {0x0300, 0x036F}, {0x0483, 0x0489}, {0x07EB, 0x07F3}, + {0x0C00, 0x0C00}, {0x0C04, 0x0C04}, {0x0D00, 0x0D01}, + {0x135D, 0x135F}, {0x1A7F, 0x1A7F}, {0x1AB0, 0x1AC0}, + {0x1B6B, 0x1B73}, {0x1DC0, 0x1DF9}, {0x1DFB, 0x1DFF}, + {0x20D0, 0x20F0}, {0x2CEF, 0x2CF1}, {0x2DE0, 0x2DFF}, + {0x3099, 0x309A}, {0xA66F, 0xA672}, {0xA674, 0xA67D}, + {0xA69E, 0xA69F}, {0xA6F0, 0xA6F1}, {0xA8E0, 0xA8F1}, + {0xFE20, 0xFE2F}, {0x101FD, 0x101FD}, {0x10376, 0x1037A}, + {0x10EAB, 0x10EAC}, {0x10F46, 0x10F50}, {0x11300, 0x11301}, + {0x1133B, 0x1133C}, {0x11366, 0x1136C}, {0x11370, 0x11374}, + {0x16AF0, 0x16AF4}, {0x1D165, 0x1D169}, {0x1D16D, 0x1D172}, + {0x1D17B, 0x1D182}, {0x1D185, 0x1D18B}, {0x1D1AA, 0x1D1AD}, + {0x1D242, 0x1D244}, {0x1E000, 0x1E006}, {0x1E008, 0x1E018}, + {0x1E01B, 0x1E021}, {0x1E023, 0x1E024}, {0x1E026, 0x1E02A}, + {0x1E8D0, 0x1E8D6}, +} + +var doublewidth = table{ + {0x1100, 0x115F}, {0x231A, 0x231B}, {0x2329, 0x232A}, + {0x23E9, 0x23EC}, {0x23F0, 0x23F0}, {0x23F3, 0x23F3}, + {0x25FD, 0x25FE}, {0x2614, 0x2615}, {0x2648, 0x2653}, + {0x267F, 0x267F}, {0x2693, 0x2693}, {0x26A1, 0x26A1}, + {0x26AA, 0x26AB}, {0x26BD, 0x26BE}, {0x26C4, 0x26C5}, + {0x26CE, 0x26CE}, {0x26D4, 0x26D4}, {0x26EA, 0x26EA}, + {0x26F2, 0x26F3}, {0x26F5, 0x26F5}, {0x26FA, 0x26FA}, + {0x26FD, 0x26FD}, {0x2705, 0x2705}, {0x270A, 0x270B}, + {0x2728, 0x2728}, {0x274C, 0x274C}, {0x274E, 0x274E}, + {0x2753, 0x2755}, {0x2757, 0x2757}, {0x2795, 0x2797}, + {0x27B0, 0x27B0}, {0x27BF, 0x27BF}, {0x2B1B, 0x2B1C}, + {0x2B50, 0x2B50}, {0x2B55, 0x2B55}, {0x2E80, 0x2E99}, + {0x2E9B, 0x2EF3}, {0x2F00, 0x2FD5}, {0x2FF0, 0x2FFB}, + {0x3000, 0x303E}, {0x3041, 0x3096}, {0x3099, 0x30FF}, + {0x3105, 0x312F}, {0x3131, 0x318E}, {0x3190, 0x31E3}, + {0x31F0, 0x321E}, {0x3220, 0x3247}, {0x3250, 0x4DBF}, + {0x4E00, 0xA48C}, {0xA490, 0xA4C6}, {0xA960, 0xA97C}, + {0xAC00, 0xD7A3}, {0xF900, 0xFAFF}, {0xFE10, 0xFE19}, + {0xFE30, 0xFE52}, {0xFE54, 0xFE66}, {0xFE68, 0xFE6B}, + {0xFF01, 0xFF60}, {0xFFE0, 0xFFE6}, {0x16FE0, 0x16FE4}, + {0x16FF0, 0x16FF1}, {0x17000, 0x187F7}, {0x18800, 0x18CD5}, + {0x18D00, 0x18D08}, {0x1B000, 0x1B11E}, {0x1B150, 0x1B152}, + {0x1B164, 0x1B167}, {0x1B170, 0x1B2FB}, {0x1F004, 0x1F004}, + {0x1F0CF, 0x1F0CF}, {0x1F18E, 0x1F18E}, {0x1F191, 0x1F19A}, + {0x1F200, 0x1F202}, {0x1F210, 0x1F23B}, {0x1F240, 0x1F248}, + {0x1F250, 0x1F251}, {0x1F260, 0x1F265}, {0x1F300, 0x1F320}, + {0x1F32D, 0x1F335}, {0x1F337, 0x1F37C}, {0x1F37E, 0x1F393}, + {0x1F3A0, 0x1F3CA}, {0x1F3CF, 0x1F3D3}, {0x1F3E0, 0x1F3F0}, + {0x1F3F4, 0x1F3F4}, {0x1F3F8, 0x1F43E}, {0x1F440, 0x1F440}, + {0x1F442, 0x1F4FC}, {0x1F4FF, 0x1F53D}, {0x1F54B, 0x1F54E}, + {0x1F550, 0x1F567}, {0x1F57A, 0x1F57A}, {0x1F595, 0x1F596}, + {0x1F5A4, 0x1F5A4}, {0x1F5FB, 0x1F64F}, {0x1F680, 0x1F6C5}, + {0x1F6CC, 0x1F6CC}, {0x1F6D0, 0x1F6D2}, {0x1F6D5, 0x1F6D7}, + {0x1F6EB, 0x1F6EC}, {0x1F6F4, 0x1F6FC}, {0x1F7E0, 0x1F7EB}, + {0x1F90C, 0x1F93A}, {0x1F93C, 0x1F945}, {0x1F947, 0x1F978}, + {0x1F97A, 0x1F9CB}, {0x1F9CD, 0x1F9FF}, {0x1FA70, 0x1FA74}, + {0x1FA78, 0x1FA7A}, {0x1FA80, 0x1FA86}, {0x1FA90, 0x1FAA8}, + {0x1FAB0, 0x1FAB6}, {0x1FAC0, 0x1FAC2}, {0x1FAD0, 0x1FAD6}, + {0x20000, 0x2FFFD}, {0x30000, 0x3FFFD}, +} + +var ambiguous = table{ + {0x00A1, 0x00A1}, {0x00A4, 0x00A4}, {0x00A7, 0x00A8}, + {0x00AA, 0x00AA}, {0x00AD, 0x00AE}, {0x00B0, 0x00B4}, + {0x00B6, 0x00BA}, {0x00BC, 0x00BF}, {0x00C6, 0x00C6}, + {0x00D0, 0x00D0}, {0x00D7, 0x00D8}, {0x00DE, 0x00E1}, + {0x00E6, 0x00E6}, {0x00E8, 0x00EA}, {0x00EC, 0x00ED}, + {0x00F0, 0x00F0}, {0x00F2, 0x00F3}, {0x00F7, 0x00FA}, + {0x00FC, 0x00FC}, {0x00FE, 0x00FE}, {0x0101, 0x0101}, + {0x0111, 0x0111}, {0x0113, 0x0113}, {0x011B, 0x011B}, + {0x0126, 0x0127}, {0x012B, 0x012B}, {0x0131, 0x0133}, + {0x0138, 0x0138}, {0x013F, 0x0142}, {0x0144, 0x0144}, + {0x0148, 0x014B}, {0x014D, 0x014D}, {0x0152, 0x0153}, + {0x0166, 0x0167}, {0x016B, 0x016B}, {0x01CE, 0x01CE}, + {0x01D0, 0x01D0}, {0x01D2, 0x01D2}, {0x01D4, 0x01D4}, + {0x01D6, 0x01D6}, {0x01D8, 0x01D8}, {0x01DA, 0x01DA}, + {0x01DC, 0x01DC}, {0x0251, 0x0251}, {0x0261, 0x0261}, + {0x02C4, 0x02C4}, {0x02C7, 0x02C7}, {0x02C9, 0x02CB}, + {0x02CD, 0x02CD}, {0x02D0, 0x02D0}, {0x02D8, 0x02DB}, + {0x02DD, 0x02DD}, {0x02DF, 0x02DF}, {0x0300, 0x036F}, + {0x0391, 0x03A1}, {0x03A3, 0x03A9}, {0x03B1, 0x03C1}, + {0x03C3, 0x03C9}, {0x0401, 0x0401}, {0x0410, 0x044F}, + {0x0451, 0x0451}, {0x2010, 0x2010}, {0x2013, 0x2016}, + {0x2018, 0x2019}, {0x201C, 0x201D}, {0x2020, 0x2022}, + {0x2024, 0x2027}, {0x2030, 0x2030}, {0x2032, 0x2033}, + {0x2035, 0x2035}, {0x203B, 0x203B}, {0x203E, 0x203E}, + {0x2074, 0x2074}, {0x207F, 0x207F}, {0x2081, 0x2084}, + {0x20AC, 0x20AC}, {0x2103, 0x2103}, {0x2105, 0x2105}, + {0x2109, 0x2109}, {0x2113, 0x2113}, {0x2116, 0x2116}, + {0x2121, 0x2122}, {0x2126, 0x2126}, {0x212B, 0x212B}, + {0x2153, 0x2154}, {0x215B, 0x215E}, {0x2160, 0x216B}, + {0x2170, 0x2179}, {0x2189, 0x2189}, {0x2190, 0x2199}, + {0x21B8, 0x21B9}, {0x21D2, 0x21D2}, {0x21D4, 0x21D4}, + {0x21E7, 0x21E7}, {0x2200, 0x2200}, {0x2202, 0x2203}, + {0x2207, 0x2208}, {0x220B, 0x220B}, {0x220F, 0x220F}, + {0x2211, 0x2211}, {0x2215, 0x2215}, {0x221A, 0x221A}, + {0x221D, 0x2220}, {0x2223, 0x2223}, {0x2225, 0x2225}, + {0x2227, 0x222C}, {0x222E, 0x222E}, {0x2234, 0x2237}, + {0x223C, 0x223D}, {0x2248, 0x2248}, {0x224C, 0x224C}, + {0x2252, 0x2252}, {0x2260, 0x2261}, {0x2264, 0x2267}, + {0x226A, 0x226B}, {0x226E, 0x226F}, {0x2282, 0x2283}, + {0x2286, 0x2287}, {0x2295, 0x2295}, {0x2299, 0x2299}, + {0x22A5, 0x22A5}, {0x22BF, 0x22BF}, {0x2312, 0x2312}, + {0x2460, 0x24E9}, {0x24EB, 0x254B}, {0x2550, 0x2573}, + {0x2580, 0x258F}, {0x2592, 0x2595}, {0x25A0, 0x25A1}, + {0x25A3, 0x25A9}, {0x25B2, 0x25B3}, {0x25B6, 0x25B7}, + {0x25BC, 0x25BD}, {0x25C0, 0x25C1}, {0x25C6, 0x25C8}, + {0x25CB, 0x25CB}, {0x25CE, 0x25D1}, {0x25E2, 0x25E5}, + {0x25EF, 0x25EF}, {0x2605, 0x2606}, {0x2609, 0x2609}, + {0x260E, 0x260F}, {0x261C, 0x261C}, {0x261E, 0x261E}, + {0x2640, 0x2640}, {0x2642, 0x2642}, {0x2660, 0x2661}, + {0x2663, 0x2665}, {0x2667, 0x266A}, {0x266C, 0x266D}, + {0x266F, 0x266F}, {0x269E, 0x269F}, {0x26BF, 0x26BF}, + {0x26C6, 0x26CD}, {0x26CF, 0x26D3}, {0x26D5, 0x26E1}, + {0x26E3, 0x26E3}, {0x26E8, 0x26E9}, {0x26EB, 0x26F1}, + {0x26F4, 0x26F4}, {0x26F6, 0x26F9}, {0x26FB, 0x26FC}, + {0x26FE, 0x26FF}, {0x273D, 0x273D}, {0x2776, 0x277F}, + {0x2B56, 0x2B59}, {0x3248, 0x324F}, {0xE000, 0xF8FF}, + {0xFE00, 0xFE0F}, {0xFFFD, 0xFFFD}, {0x1F100, 0x1F10A}, + {0x1F110, 0x1F12D}, {0x1F130, 0x1F169}, {0x1F170, 0x1F18D}, + {0x1F18F, 0x1F190}, {0x1F19B, 0x1F1AC}, {0xE0100, 0xE01EF}, + {0xF0000, 0xFFFFD}, {0x100000, 0x10FFFD}, +} +var notassigned = table{ + {0x27E6, 0x27ED}, {0x2985, 0x2986}, +} + +var neutral = table{ + {0x0000, 0x001F}, {0x007F, 0x00A0}, {0x00A9, 0x00A9}, + {0x00AB, 0x00AB}, {0x00B5, 0x00B5}, {0x00BB, 0x00BB}, + {0x00C0, 0x00C5}, {0x00C7, 0x00CF}, {0x00D1, 0x00D6}, + {0x00D9, 0x00DD}, {0x00E2, 0x00E5}, {0x00E7, 0x00E7}, + {0x00EB, 0x00EB}, {0x00EE, 0x00EF}, {0x00F1, 0x00F1}, + {0x00F4, 0x00F6}, {0x00FB, 0x00FB}, {0x00FD, 0x00FD}, + {0x00FF, 0x0100}, {0x0102, 0x0110}, {0x0112, 0x0112}, + {0x0114, 0x011A}, {0x011C, 0x0125}, {0x0128, 0x012A}, + {0x012C, 0x0130}, {0x0134, 0x0137}, {0x0139, 0x013E}, + {0x0143, 0x0143}, {0x0145, 0x0147}, {0x014C, 0x014C}, + {0x014E, 0x0151}, {0x0154, 0x0165}, {0x0168, 0x016A}, + {0x016C, 0x01CD}, {0x01CF, 0x01CF}, {0x01D1, 0x01D1}, + {0x01D3, 0x01D3}, {0x01D5, 0x01D5}, {0x01D7, 0x01D7}, + {0x01D9, 0x01D9}, {0x01DB, 0x01DB}, {0x01DD, 0x0250}, + {0x0252, 0x0260}, {0x0262, 0x02C3}, {0x02C5, 0x02C6}, + {0x02C8, 0x02C8}, {0x02CC, 0x02CC}, {0x02CE, 0x02CF}, + {0x02D1, 0x02D7}, {0x02DC, 0x02DC}, {0x02DE, 0x02DE}, + {0x02E0, 0x02FF}, {0x0370, 0x0377}, {0x037A, 0x037F}, + {0x0384, 0x038A}, {0x038C, 0x038C}, {0x038E, 0x0390}, + {0x03AA, 0x03B0}, {0x03C2, 0x03C2}, {0x03CA, 0x0400}, + {0x0402, 0x040F}, {0x0450, 0x0450}, {0x0452, 0x052F}, + {0x0531, 0x0556}, {0x0559, 0x058A}, {0x058D, 0x058F}, + {0x0591, 0x05C7}, {0x05D0, 0x05EA}, {0x05EF, 0x05F4}, + {0x0600, 0x061C}, {0x061E, 0x070D}, {0x070F, 0x074A}, + {0x074D, 0x07B1}, {0x07C0, 0x07FA}, {0x07FD, 0x082D}, + {0x0830, 0x083E}, {0x0840, 0x085B}, {0x085E, 0x085E}, + {0x0860, 0x086A}, {0x08A0, 0x08B4}, {0x08B6, 0x08C7}, + {0x08D3, 0x0983}, {0x0985, 0x098C}, {0x098F, 0x0990}, + {0x0993, 0x09A8}, {0x09AA, 0x09B0}, {0x09B2, 0x09B2}, + {0x09B6, 0x09B9}, {0x09BC, 0x09C4}, {0x09C7, 0x09C8}, + {0x09CB, 0x09CE}, {0x09D7, 0x09D7}, {0x09DC, 0x09DD}, + {0x09DF, 0x09E3}, {0x09E6, 0x09FE}, {0x0A01, 0x0A03}, + {0x0A05, 0x0A0A}, {0x0A0F, 0x0A10}, {0x0A13, 0x0A28}, + {0x0A2A, 0x0A30}, {0x0A32, 0x0A33}, {0x0A35, 0x0A36}, + {0x0A38, 0x0A39}, {0x0A3C, 0x0A3C}, {0x0A3E, 0x0A42}, + {0x0A47, 0x0A48}, {0x0A4B, 0x0A4D}, {0x0A51, 0x0A51}, + {0x0A59, 0x0A5C}, {0x0A5E, 0x0A5E}, {0x0A66, 0x0A76}, + {0x0A81, 0x0A83}, {0x0A85, 0x0A8D}, {0x0A8F, 0x0A91}, + {0x0A93, 0x0AA8}, {0x0AAA, 0x0AB0}, {0x0AB2, 0x0AB3}, + {0x0AB5, 0x0AB9}, {0x0ABC, 0x0AC5}, {0x0AC7, 0x0AC9}, + {0x0ACB, 0x0ACD}, {0x0AD0, 0x0AD0}, {0x0AE0, 0x0AE3}, + {0x0AE6, 0x0AF1}, {0x0AF9, 0x0AFF}, {0x0B01, 0x0B03}, + {0x0B05, 0x0B0C}, {0x0B0F, 0x0B10}, {0x0B13, 0x0B28}, + {0x0B2A, 0x0B30}, {0x0B32, 0x0B33}, {0x0B35, 0x0B39}, + {0x0B3C, 0x0B44}, {0x0B47, 0x0B48}, {0x0B4B, 0x0B4D}, + {0x0B55, 0x0B57}, {0x0B5C, 0x0B5D}, {0x0B5F, 0x0B63}, + {0x0B66, 0x0B77}, {0x0B82, 0x0B83}, {0x0B85, 0x0B8A}, + {0x0B8E, 0x0B90}, {0x0B92, 0x0B95}, {0x0B99, 0x0B9A}, + {0x0B9C, 0x0B9C}, {0x0B9E, 0x0B9F}, {0x0BA3, 0x0BA4}, + {0x0BA8, 0x0BAA}, {0x0BAE, 0x0BB9}, {0x0BBE, 0x0BC2}, + {0x0BC6, 0x0BC8}, {0x0BCA, 0x0BCD}, {0x0BD0, 0x0BD0}, + {0x0BD7, 0x0BD7}, {0x0BE6, 0x0BFA}, {0x0C00, 0x0C0C}, + {0x0C0E, 0x0C10}, {0x0C12, 0x0C28}, {0x0C2A, 0x0C39}, + {0x0C3D, 0x0C44}, {0x0C46, 0x0C48}, {0x0C4A, 0x0C4D}, + {0x0C55, 0x0C56}, {0x0C58, 0x0C5A}, {0x0C60, 0x0C63}, + {0x0C66, 0x0C6F}, {0x0C77, 0x0C8C}, {0x0C8E, 0x0C90}, + {0x0C92, 0x0CA8}, {0x0CAA, 0x0CB3}, {0x0CB5, 0x0CB9}, + {0x0CBC, 0x0CC4}, {0x0CC6, 0x0CC8}, {0x0CCA, 0x0CCD}, + {0x0CD5, 0x0CD6}, {0x0CDE, 0x0CDE}, {0x0CE0, 0x0CE3}, + {0x0CE6, 0x0CEF}, {0x0CF1, 0x0CF2}, {0x0D00, 0x0D0C}, + {0x0D0E, 0x0D10}, {0x0D12, 0x0D44}, {0x0D46, 0x0D48}, + {0x0D4A, 0x0D4F}, {0x0D54, 0x0D63}, {0x0D66, 0x0D7F}, + {0x0D81, 0x0D83}, {0x0D85, 0x0D96}, {0x0D9A, 0x0DB1}, + {0x0DB3, 0x0DBB}, {0x0DBD, 0x0DBD}, {0x0DC0, 0x0DC6}, + {0x0DCA, 0x0DCA}, {0x0DCF, 0x0DD4}, {0x0DD6, 0x0DD6}, + {0x0DD8, 0x0DDF}, {0x0DE6, 0x0DEF}, {0x0DF2, 0x0DF4}, + {0x0E01, 0x0E3A}, {0x0E3F, 0x0E5B}, {0x0E81, 0x0E82}, + {0x0E84, 0x0E84}, {0x0E86, 0x0E8A}, {0x0E8C, 0x0EA3}, + {0x0EA5, 0x0EA5}, {0x0EA7, 0x0EBD}, {0x0EC0, 0x0EC4}, + {0x0EC6, 0x0EC6}, {0x0EC8, 0x0ECD}, {0x0ED0, 0x0ED9}, + {0x0EDC, 0x0EDF}, {0x0F00, 0x0F47}, {0x0F49, 0x0F6C}, + {0x0F71, 0x0F97}, {0x0F99, 0x0FBC}, {0x0FBE, 0x0FCC}, + {0x0FCE, 0x0FDA}, {0x1000, 0x10C5}, {0x10C7, 0x10C7}, + {0x10CD, 0x10CD}, {0x10D0, 0x10FF}, {0x1160, 0x1248}, + {0x124A, 0x124D}, {0x1250, 0x1256}, {0x1258, 0x1258}, + {0x125A, 0x125D}, {0x1260, 0x1288}, {0x128A, 0x128D}, + {0x1290, 0x12B0}, {0x12B2, 0x12B5}, {0x12B8, 0x12BE}, + {0x12C0, 0x12C0}, {0x12C2, 0x12C5}, {0x12C8, 0x12D6}, + {0x12D8, 0x1310}, {0x1312, 0x1315}, {0x1318, 0x135A}, + {0x135D, 0x137C}, {0x1380, 0x1399}, {0x13A0, 0x13F5}, + {0x13F8, 0x13FD}, {0x1400, 0x169C}, {0x16A0, 0x16F8}, + {0x1700, 0x170C}, {0x170E, 0x1714}, {0x1720, 0x1736}, + {0x1740, 0x1753}, {0x1760, 0x176C}, {0x176E, 0x1770}, + {0x1772, 0x1773}, {0x1780, 0x17DD}, {0x17E0, 0x17E9}, + {0x17F0, 0x17F9}, {0x1800, 0x180E}, {0x1810, 0x1819}, + {0x1820, 0x1878}, {0x1880, 0x18AA}, {0x18B0, 0x18F5}, + {0x1900, 0x191E}, {0x1920, 0x192B}, {0x1930, 0x193B}, + {0x1940, 0x1940}, {0x1944, 0x196D}, {0x1970, 0x1974}, + {0x1980, 0x19AB}, {0x19B0, 0x19C9}, {0x19D0, 0x19DA}, + {0x19DE, 0x1A1B}, {0x1A1E, 0x1A5E}, {0x1A60, 0x1A7C}, + {0x1A7F, 0x1A89}, {0x1A90, 0x1A99}, {0x1AA0, 0x1AAD}, + {0x1AB0, 0x1AC0}, {0x1B00, 0x1B4B}, {0x1B50, 0x1B7C}, + {0x1B80, 0x1BF3}, {0x1BFC, 0x1C37}, {0x1C3B, 0x1C49}, + {0x1C4D, 0x1C88}, {0x1C90, 0x1CBA}, {0x1CBD, 0x1CC7}, + {0x1CD0, 0x1CFA}, {0x1D00, 0x1DF9}, {0x1DFB, 0x1F15}, + {0x1F18, 0x1F1D}, {0x1F20, 0x1F45}, {0x1F48, 0x1F4D}, + {0x1F50, 0x1F57}, {0x1F59, 0x1F59}, {0x1F5B, 0x1F5B}, + {0x1F5D, 0x1F5D}, {0x1F5F, 0x1F7D}, {0x1F80, 0x1FB4}, + {0x1FB6, 0x1FC4}, {0x1FC6, 0x1FD3}, {0x1FD6, 0x1FDB}, + {0x1FDD, 0x1FEF}, {0x1FF2, 0x1FF4}, {0x1FF6, 0x1FFE}, + {0x2000, 0x200F}, {0x2011, 0x2012}, {0x2017, 0x2017}, + {0x201A, 0x201B}, {0x201E, 0x201F}, {0x2023, 0x2023}, + {0x2028, 0x202F}, {0x2031, 0x2031}, {0x2034, 0x2034}, + {0x2036, 0x203A}, {0x203C, 0x203D}, {0x203F, 0x2064}, + {0x2066, 0x2071}, {0x2075, 0x207E}, {0x2080, 0x2080}, + {0x2085, 0x208E}, {0x2090, 0x209C}, {0x20A0, 0x20A8}, + {0x20AA, 0x20AB}, {0x20AD, 0x20BF}, {0x20D0, 0x20F0}, + {0x2100, 0x2102}, {0x2104, 0x2104}, {0x2106, 0x2108}, + {0x210A, 0x2112}, {0x2114, 0x2115}, {0x2117, 0x2120}, + {0x2123, 0x2125}, {0x2127, 0x212A}, {0x212C, 0x2152}, + {0x2155, 0x215A}, {0x215F, 0x215F}, {0x216C, 0x216F}, + {0x217A, 0x2188}, {0x218A, 0x218B}, {0x219A, 0x21B7}, + {0x21BA, 0x21D1}, {0x21D3, 0x21D3}, {0x21D5, 0x21E6}, + {0x21E8, 0x21FF}, {0x2201, 0x2201}, {0x2204, 0x2206}, + {0x2209, 0x220A}, {0x220C, 0x220E}, {0x2210, 0x2210}, + {0x2212, 0x2214}, {0x2216, 0x2219}, {0x221B, 0x221C}, + {0x2221, 0x2222}, {0x2224, 0x2224}, {0x2226, 0x2226}, + {0x222D, 0x222D}, {0x222F, 0x2233}, {0x2238, 0x223B}, + {0x223E, 0x2247}, {0x2249, 0x224B}, {0x224D, 0x2251}, + {0x2253, 0x225F}, {0x2262, 0x2263}, {0x2268, 0x2269}, + {0x226C, 0x226D}, {0x2270, 0x2281}, {0x2284, 0x2285}, + {0x2288, 0x2294}, {0x2296, 0x2298}, {0x229A, 0x22A4}, + {0x22A6, 0x22BE}, {0x22C0, 0x2311}, {0x2313, 0x2319}, + {0x231C, 0x2328}, {0x232B, 0x23E8}, {0x23ED, 0x23EF}, + {0x23F1, 0x23F2}, {0x23F4, 0x2426}, {0x2440, 0x244A}, + {0x24EA, 0x24EA}, {0x254C, 0x254F}, {0x2574, 0x257F}, + {0x2590, 0x2591}, {0x2596, 0x259F}, {0x25A2, 0x25A2}, + {0x25AA, 0x25B1}, {0x25B4, 0x25B5}, {0x25B8, 0x25BB}, + {0x25BE, 0x25BF}, {0x25C2, 0x25C5}, {0x25C9, 0x25CA}, + {0x25CC, 0x25CD}, {0x25D2, 0x25E1}, {0x25E6, 0x25EE}, + {0x25F0, 0x25FC}, {0x25FF, 0x2604}, {0x2607, 0x2608}, + {0x260A, 0x260D}, {0x2610, 0x2613}, {0x2616, 0x261B}, + {0x261D, 0x261D}, {0x261F, 0x263F}, {0x2641, 0x2641}, + {0x2643, 0x2647}, {0x2654, 0x265F}, {0x2662, 0x2662}, + {0x2666, 0x2666}, {0x266B, 0x266B}, {0x266E, 0x266E}, + {0x2670, 0x267E}, {0x2680, 0x2692}, {0x2694, 0x269D}, + {0x26A0, 0x26A0}, {0x26A2, 0x26A9}, {0x26AC, 0x26BC}, + {0x26C0, 0x26C3}, {0x26E2, 0x26E2}, {0x26E4, 0x26E7}, + {0x2700, 0x2704}, {0x2706, 0x2709}, {0x270C, 0x2727}, + {0x2729, 0x273C}, {0x273E, 0x274B}, {0x274D, 0x274D}, + {0x274F, 0x2752}, {0x2756, 0x2756}, {0x2758, 0x2775}, + {0x2780, 0x2794}, {0x2798, 0x27AF}, {0x27B1, 0x27BE}, + {0x27C0, 0x27E5}, {0x27EE, 0x2984}, {0x2987, 0x2B1A}, + {0x2B1D, 0x2B4F}, {0x2B51, 0x2B54}, {0x2B5A, 0x2B73}, + {0x2B76, 0x2B95}, {0x2B97, 0x2C2E}, {0x2C30, 0x2C5E}, + {0x2C60, 0x2CF3}, {0x2CF9, 0x2D25}, {0x2D27, 0x2D27}, + {0x2D2D, 0x2D2D}, {0x2D30, 0x2D67}, {0x2D6F, 0x2D70}, + {0x2D7F, 0x2D96}, {0x2DA0, 0x2DA6}, {0x2DA8, 0x2DAE}, + {0x2DB0, 0x2DB6}, {0x2DB8, 0x2DBE}, {0x2DC0, 0x2DC6}, + {0x2DC8, 0x2DCE}, {0x2DD0, 0x2DD6}, {0x2DD8, 0x2DDE}, + {0x2DE0, 0x2E52}, {0x303F, 0x303F}, {0x4DC0, 0x4DFF}, + {0xA4D0, 0xA62B}, {0xA640, 0xA6F7}, {0xA700, 0xA7BF}, + {0xA7C2, 0xA7CA}, {0xA7F5, 0xA82C}, {0xA830, 0xA839}, + {0xA840, 0xA877}, {0xA880, 0xA8C5}, {0xA8CE, 0xA8D9}, + {0xA8E0, 0xA953}, {0xA95F, 0xA95F}, {0xA980, 0xA9CD}, + {0xA9CF, 0xA9D9}, {0xA9DE, 0xA9FE}, {0xAA00, 0xAA36}, + {0xAA40, 0xAA4D}, {0xAA50, 0xAA59}, {0xAA5C, 0xAAC2}, + {0xAADB, 0xAAF6}, {0xAB01, 0xAB06}, {0xAB09, 0xAB0E}, + {0xAB11, 0xAB16}, {0xAB20, 0xAB26}, {0xAB28, 0xAB2E}, + {0xAB30, 0xAB6B}, {0xAB70, 0xABED}, {0xABF0, 0xABF9}, + {0xD7B0, 0xD7C6}, {0xD7CB, 0xD7FB}, {0xD800, 0xDFFF}, + {0xFB00, 0xFB06}, {0xFB13, 0xFB17}, {0xFB1D, 0xFB36}, + {0xFB38, 0xFB3C}, {0xFB3E, 0xFB3E}, {0xFB40, 0xFB41}, + {0xFB43, 0xFB44}, {0xFB46, 0xFBC1}, {0xFBD3, 0xFD3F}, + {0xFD50, 0xFD8F}, {0xFD92, 0xFDC7}, {0xFDF0, 0xFDFD}, + {0xFE20, 0xFE2F}, {0xFE70, 0xFE74}, {0xFE76, 0xFEFC}, + {0xFEFF, 0xFEFF}, {0xFFF9, 0xFFFC}, {0x10000, 0x1000B}, + {0x1000D, 0x10026}, {0x10028, 0x1003A}, {0x1003C, 0x1003D}, + {0x1003F, 0x1004D}, {0x10050, 0x1005D}, {0x10080, 0x100FA}, + {0x10100, 0x10102}, {0x10107, 0x10133}, {0x10137, 0x1018E}, + {0x10190, 0x1019C}, {0x101A0, 0x101A0}, {0x101D0, 0x101FD}, + {0x10280, 0x1029C}, {0x102A0, 0x102D0}, {0x102E0, 0x102FB}, + {0x10300, 0x10323}, {0x1032D, 0x1034A}, {0x10350, 0x1037A}, + {0x10380, 0x1039D}, {0x1039F, 0x103C3}, {0x103C8, 0x103D5}, + {0x10400, 0x1049D}, {0x104A0, 0x104A9}, {0x104B0, 0x104D3}, + {0x104D8, 0x104FB}, {0x10500, 0x10527}, {0x10530, 0x10563}, + {0x1056F, 0x1056F}, {0x10600, 0x10736}, {0x10740, 0x10755}, + {0x10760, 0x10767}, {0x10800, 0x10805}, {0x10808, 0x10808}, + {0x1080A, 0x10835}, {0x10837, 0x10838}, {0x1083C, 0x1083C}, + {0x1083F, 0x10855}, {0x10857, 0x1089E}, {0x108A7, 0x108AF}, + {0x108E0, 0x108F2}, {0x108F4, 0x108F5}, {0x108FB, 0x1091B}, + {0x1091F, 0x10939}, {0x1093F, 0x1093F}, {0x10980, 0x109B7}, + {0x109BC, 0x109CF}, {0x109D2, 0x10A03}, {0x10A05, 0x10A06}, + {0x10A0C, 0x10A13}, {0x10A15, 0x10A17}, {0x10A19, 0x10A35}, + {0x10A38, 0x10A3A}, {0x10A3F, 0x10A48}, {0x10A50, 0x10A58}, + {0x10A60, 0x10A9F}, {0x10AC0, 0x10AE6}, {0x10AEB, 0x10AF6}, + {0x10B00, 0x10B35}, {0x10B39, 0x10B55}, {0x10B58, 0x10B72}, + {0x10B78, 0x10B91}, {0x10B99, 0x10B9C}, {0x10BA9, 0x10BAF}, + {0x10C00, 0x10C48}, {0x10C80, 0x10CB2}, {0x10CC0, 0x10CF2}, + {0x10CFA, 0x10D27}, {0x10D30, 0x10D39}, {0x10E60, 0x10E7E}, + {0x10E80, 0x10EA9}, {0x10EAB, 0x10EAD}, {0x10EB0, 0x10EB1}, + {0x10F00, 0x10F27}, {0x10F30, 0x10F59}, {0x10FB0, 0x10FCB}, + {0x10FE0, 0x10FF6}, {0x11000, 0x1104D}, {0x11052, 0x1106F}, + {0x1107F, 0x110C1}, {0x110CD, 0x110CD}, {0x110D0, 0x110E8}, + {0x110F0, 0x110F9}, {0x11100, 0x11134}, {0x11136, 0x11147}, + {0x11150, 0x11176}, {0x11180, 0x111DF}, {0x111E1, 0x111F4}, + {0x11200, 0x11211}, {0x11213, 0x1123E}, {0x11280, 0x11286}, + {0x11288, 0x11288}, {0x1128A, 0x1128D}, {0x1128F, 0x1129D}, + {0x1129F, 0x112A9}, {0x112B0, 0x112EA}, {0x112F0, 0x112F9}, + {0x11300, 0x11303}, {0x11305, 0x1130C}, {0x1130F, 0x11310}, + {0x11313, 0x11328}, {0x1132A, 0x11330}, {0x11332, 0x11333}, + {0x11335, 0x11339}, {0x1133B, 0x11344}, {0x11347, 0x11348}, + {0x1134B, 0x1134D}, {0x11350, 0x11350}, {0x11357, 0x11357}, + {0x1135D, 0x11363}, {0x11366, 0x1136C}, {0x11370, 0x11374}, + {0x11400, 0x1145B}, {0x1145D, 0x11461}, {0x11480, 0x114C7}, + {0x114D0, 0x114D9}, {0x11580, 0x115B5}, {0x115B8, 0x115DD}, + {0x11600, 0x11644}, {0x11650, 0x11659}, {0x11660, 0x1166C}, + {0x11680, 0x116B8}, {0x116C0, 0x116C9}, {0x11700, 0x1171A}, + {0x1171D, 0x1172B}, {0x11730, 0x1173F}, {0x11800, 0x1183B}, + {0x118A0, 0x118F2}, {0x118FF, 0x11906}, {0x11909, 0x11909}, + {0x1190C, 0x11913}, {0x11915, 0x11916}, {0x11918, 0x11935}, + {0x11937, 0x11938}, {0x1193B, 0x11946}, {0x11950, 0x11959}, + {0x119A0, 0x119A7}, {0x119AA, 0x119D7}, {0x119DA, 0x119E4}, + {0x11A00, 0x11A47}, {0x11A50, 0x11AA2}, {0x11AC0, 0x11AF8}, + {0x11C00, 0x11C08}, {0x11C0A, 0x11C36}, {0x11C38, 0x11C45}, + {0x11C50, 0x11C6C}, {0x11C70, 0x11C8F}, {0x11C92, 0x11CA7}, + {0x11CA9, 0x11CB6}, {0x11D00, 0x11D06}, {0x11D08, 0x11D09}, + {0x11D0B, 0x11D36}, {0x11D3A, 0x11D3A}, {0x11D3C, 0x11D3D}, + {0x11D3F, 0x11D47}, {0x11D50, 0x11D59}, {0x11D60, 0x11D65}, + {0x11D67, 0x11D68}, {0x11D6A, 0x11D8E}, {0x11D90, 0x11D91}, + {0x11D93, 0x11D98}, {0x11DA0, 0x11DA9}, {0x11EE0, 0x11EF8}, + {0x11FB0, 0x11FB0}, {0x11FC0, 0x11FF1}, {0x11FFF, 0x12399}, + {0x12400, 0x1246E}, {0x12470, 0x12474}, {0x12480, 0x12543}, + {0x13000, 0x1342E}, {0x13430, 0x13438}, {0x14400, 0x14646}, + {0x16800, 0x16A38}, {0x16A40, 0x16A5E}, {0x16A60, 0x16A69}, + {0x16A6E, 0x16A6F}, {0x16AD0, 0x16AED}, {0x16AF0, 0x16AF5}, + {0x16B00, 0x16B45}, {0x16B50, 0x16B59}, {0x16B5B, 0x16B61}, + {0x16B63, 0x16B77}, {0x16B7D, 0x16B8F}, {0x16E40, 0x16E9A}, + {0x16F00, 0x16F4A}, {0x16F4F, 0x16F87}, {0x16F8F, 0x16F9F}, + {0x1BC00, 0x1BC6A}, {0x1BC70, 0x1BC7C}, {0x1BC80, 0x1BC88}, + {0x1BC90, 0x1BC99}, {0x1BC9C, 0x1BCA3}, {0x1D000, 0x1D0F5}, + {0x1D100, 0x1D126}, {0x1D129, 0x1D1E8}, {0x1D200, 0x1D245}, + {0x1D2E0, 0x1D2F3}, {0x1D300, 0x1D356}, {0x1D360, 0x1D378}, + {0x1D400, 0x1D454}, {0x1D456, 0x1D49C}, {0x1D49E, 0x1D49F}, + {0x1D4A2, 0x1D4A2}, {0x1D4A5, 0x1D4A6}, {0x1D4A9, 0x1D4AC}, + {0x1D4AE, 0x1D4B9}, {0x1D4BB, 0x1D4BB}, {0x1D4BD, 0x1D4C3}, + {0x1D4C5, 0x1D505}, {0x1D507, 0x1D50A}, {0x1D50D, 0x1D514}, + {0x1D516, 0x1D51C}, {0x1D51E, 0x1D539}, {0x1D53B, 0x1D53E}, + {0x1D540, 0x1D544}, {0x1D546, 0x1D546}, {0x1D54A, 0x1D550}, + {0x1D552, 0x1D6A5}, {0x1D6A8, 0x1D7CB}, {0x1D7CE, 0x1DA8B}, + {0x1DA9B, 0x1DA9F}, {0x1DAA1, 0x1DAAF}, {0x1E000, 0x1E006}, + {0x1E008, 0x1E018}, {0x1E01B, 0x1E021}, {0x1E023, 0x1E024}, + {0x1E026, 0x1E02A}, {0x1E100, 0x1E12C}, {0x1E130, 0x1E13D}, + {0x1E140, 0x1E149}, {0x1E14E, 0x1E14F}, {0x1E2C0, 0x1E2F9}, + {0x1E2FF, 0x1E2FF}, {0x1E800, 0x1E8C4}, {0x1E8C7, 0x1E8D6}, + {0x1E900, 0x1E94B}, {0x1E950, 0x1E959}, {0x1E95E, 0x1E95F}, + {0x1EC71, 0x1ECB4}, {0x1ED01, 0x1ED3D}, {0x1EE00, 0x1EE03}, + {0x1EE05, 0x1EE1F}, {0x1EE21, 0x1EE22}, {0x1EE24, 0x1EE24}, + {0x1EE27, 0x1EE27}, {0x1EE29, 0x1EE32}, {0x1EE34, 0x1EE37}, + {0x1EE39, 0x1EE39}, {0x1EE3B, 0x1EE3B}, {0x1EE42, 0x1EE42}, + {0x1EE47, 0x1EE47}, {0x1EE49, 0x1EE49}, {0x1EE4B, 0x1EE4B}, + {0x1EE4D, 0x1EE4F}, {0x1EE51, 0x1EE52}, {0x1EE54, 0x1EE54}, + {0x1EE57, 0x1EE57}, {0x1EE59, 0x1EE59}, {0x1EE5B, 0x1EE5B}, + {0x1EE5D, 0x1EE5D}, {0x1EE5F, 0x1EE5F}, {0x1EE61, 0x1EE62}, + {0x1EE64, 0x1EE64}, {0x1EE67, 0x1EE6A}, {0x1EE6C, 0x1EE72}, + {0x1EE74, 0x1EE77}, {0x1EE79, 0x1EE7C}, {0x1EE7E, 0x1EE7E}, + {0x1EE80, 0x1EE89}, {0x1EE8B, 0x1EE9B}, {0x1EEA1, 0x1EEA3}, + {0x1EEA5, 0x1EEA9}, {0x1EEAB, 0x1EEBB}, {0x1EEF0, 0x1EEF1}, + {0x1F000, 0x1F003}, {0x1F005, 0x1F02B}, {0x1F030, 0x1F093}, + {0x1F0A0, 0x1F0AE}, {0x1F0B1, 0x1F0BF}, {0x1F0C1, 0x1F0CE}, + {0x1F0D1, 0x1F0F5}, {0x1F10B, 0x1F10F}, {0x1F12E, 0x1F12F}, + {0x1F16A, 0x1F16F}, {0x1F1AD, 0x1F1AD}, {0x1F1E6, 0x1F1FF}, + {0x1F321, 0x1F32C}, {0x1F336, 0x1F336}, {0x1F37D, 0x1F37D}, + {0x1F394, 0x1F39F}, {0x1F3CB, 0x1F3CE}, {0x1F3D4, 0x1F3DF}, + {0x1F3F1, 0x1F3F3}, {0x1F3F5, 0x1F3F7}, {0x1F43F, 0x1F43F}, + {0x1F441, 0x1F441}, {0x1F4FD, 0x1F4FE}, {0x1F53E, 0x1F54A}, + {0x1F54F, 0x1F54F}, {0x1F568, 0x1F579}, {0x1F57B, 0x1F594}, + {0x1F597, 0x1F5A3}, {0x1F5A5, 0x1F5FA}, {0x1F650, 0x1F67F}, + {0x1F6C6, 0x1F6CB}, {0x1F6CD, 0x1F6CF}, {0x1F6D3, 0x1F6D4}, + {0x1F6E0, 0x1F6EA}, {0x1F6F0, 0x1F6F3}, {0x1F700, 0x1F773}, + {0x1F780, 0x1F7D8}, {0x1F800, 0x1F80B}, {0x1F810, 0x1F847}, + {0x1F850, 0x1F859}, {0x1F860, 0x1F887}, {0x1F890, 0x1F8AD}, + {0x1F8B0, 0x1F8B1}, {0x1F900, 0x1F90B}, {0x1F93B, 0x1F93B}, + {0x1F946, 0x1F946}, {0x1FA00, 0x1FA53}, {0x1FA60, 0x1FA6D}, + {0x1FB00, 0x1FB92}, {0x1FB94, 0x1FBCA}, {0x1FBF0, 0x1FBF9}, + {0xE0001, 0xE0001}, {0xE0020, 0xE007F}, +} + +var emoji = table{ + {0x203C, 0x203C}, {0x2049, 0x2049}, {0x2122, 0x2122}, + {0x2139, 0x2139}, {0x2194, 0x2199}, {0x21A9, 0x21AA}, + {0x231A, 0x231B}, {0x2328, 0x2328}, {0x2388, 0x2388}, + {0x23CF, 0x23CF}, {0x23E9, 0x23F3}, {0x23F8, 0x23FA}, + {0x24C2, 0x24C2}, {0x25AA, 0x25AB}, {0x25B6, 0x25B6}, + {0x25C0, 0x25C0}, {0x25FB, 0x25FE}, {0x2600, 0x2605}, + {0x2607, 0x2612}, {0x2614, 0x2685}, {0x2690, 0x2705}, + {0x2708, 0x2712}, {0x2714, 0x2714}, {0x2716, 0x2716}, + {0x271D, 0x271D}, {0x2721, 0x2721}, {0x2728, 0x2728}, + {0x2733, 0x2734}, {0x2744, 0x2744}, {0x2747, 0x2747}, + {0x274C, 0x274C}, {0x274E, 0x274E}, {0x2753, 0x2755}, + {0x2757, 0x2757}, {0x2763, 0x2767}, {0x2795, 0x2797}, + {0x27A1, 0x27A1}, {0x27B0, 0x27B0}, {0x27BF, 0x27BF}, + {0x2934, 0x2935}, {0x2B05, 0x2B07}, {0x2B1B, 0x2B1C}, + {0x2B50, 0x2B50}, {0x2B55, 0x2B55}, {0x3030, 0x3030}, + {0x303D, 0x303D}, {0x3297, 0x3297}, {0x3299, 0x3299}, + {0x1F000, 0x1F0FF}, {0x1F10D, 0x1F10F}, {0x1F12F, 0x1F12F}, + {0x1F16C, 0x1F171}, {0x1F17E, 0x1F17F}, {0x1F18E, 0x1F18E}, + {0x1F191, 0x1F19A}, {0x1F1AD, 0x1F1E5}, {0x1F201, 0x1F20F}, + {0x1F21A, 0x1F21A}, {0x1F22F, 0x1F22F}, {0x1F232, 0x1F23A}, + {0x1F23C, 0x1F23F}, {0x1F249, 0x1F3FA}, {0x1F400, 0x1F53D}, + {0x1F546, 0x1F64F}, {0x1F680, 0x1F6FF}, {0x1F774, 0x1F77F}, + {0x1F7D5, 0x1F7FF}, {0x1F80C, 0x1F80F}, {0x1F848, 0x1F84F}, + {0x1F85A, 0x1F85F}, {0x1F888, 0x1F88F}, {0x1F8AE, 0x1F8FF}, + {0x1F90C, 0x1F93A}, {0x1F93C, 0x1F945}, {0x1F947, 0x1FAFF}, + {0x1FC00, 0x1FFFD}, +} diff --git a/vendor/github.com/mattn/go-runewidth/runewidth_windows.go b/vendor/github.com/mattn/go-runewidth/runewidth_windows.go new file mode 100644 index 00000000000..d6a61777d7b --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/runewidth_windows.go @@ -0,0 +1,28 @@ +// +build windows +// +build !appengine + +package runewidth + +import ( + "syscall" +) + +var ( + kernel32 = syscall.NewLazyDLL("kernel32") + procGetConsoleOutputCP = kernel32.NewProc("GetConsoleOutputCP") +) + +// IsEastAsian return true if the current locale is CJK +func IsEastAsian() bool { + r1, _, _ := procGetConsoleOutputCP.Call() + if r1 == 0 { + return false + } + + switch int(r1) { + case 932, 51932, 936, 949, 950: + return true + } + + return false +} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml deleted file mode 100644 index 114db5aec88..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ /dev/null @@ -1,164 +0,0 @@ -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: clusteroperators.config.openshift.io -spec: - additionalPrinterColumns: - - JSONPath: .status.versions[?(@.name=="operator")].version - description: The version the operator is at. - name: Version - type: string - - JSONPath: .status.conditions[?(@.type=="Available")].status - description: Whether the operator is running and stable. - name: Available - type: string - - JSONPath: .status.conditions[?(@.type=="Progressing")].status - description: Whether the operator is processing changes. - name: Progressing - type: string - - JSONPath: .status.conditions[?(@.type=="Degraded")].status - description: Whether the operator is degraded. - name: Degraded - type: string - - JSONPath: .status.conditions[?(@.type=="Available")].lastTransitionTime - description: The time the operator's Available status last changed. - name: Since - type: date - group: config.openshift.io - names: - kind: ClusterOperator - listKind: ClusterOperatorList - plural: clusteroperators - singular: clusteroperator - shortNames: - - co - preserveUnknownFields: false - scope: Cluster - subresources: - status: {} - version: v1 - versions: - - name: v1 - served: true - storage: true - validation: - openAPIV3Schema: - description: ClusterOperator is the Custom Resource object which holds the current - state of an operator. This object is used by operators to convey their state - to the rest of the cluster. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds configuration that could apply to any operator. - type: object - status: - description: status holds the information about the state of an operator. It - is consistent with status information across the Kubernetes ecosystem. - type: object - properties: - conditions: - description: conditions describes the state of the operator's managed - and monitored components. - type: array - items: - description: ClusterOperatorStatusCondition represents the state of - the operator's managed and monitored components. - type: object - required: - - lastTransitionTime - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - type: string - format: date-time - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - extension: - description: extension contains any additional status information specific - to the operator which owns this status object. - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - relatedObjects: - description: 'relatedObjects is a list of objects that are "interesting" - or related to this operator. Common uses are: 1. the detailed resource - driving the operator 2. operator namespaces 3. operand namespaces' - type: array - items: - description: ObjectReference contains enough information to let you - inspect or modify the referred object. - type: object - required: - - group - - name - - resource - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - versions: - description: versions is a slice of operator and operand version tuples. Operators - which manage multiple operands will have multiple operand entries - in the array. Available operators must report the version of the - operator itself with the name "operator". An operator reports a new - "operator" version when it has rolled out the new version to all of - its operands. - type: array - items: - type: object - required: - - name - - version - properties: - name: - description: name is the name of the particular operand this version - is for. It usually matches container images, not operators. - type: string - version: - description: version indicates which version of a particular operand - is currently being managed. It must always match the Available - operand. If 1.0.0 is Available, then this must indicate 1.0.0 - even if the operator is trying to rollout 1.1.0 - type: string - versions: - - name: v1 - served: true - storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml deleted file mode 100644 index ccde0db23bb..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ /dev/null @@ -1,328 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterversions.config.openshift.io -spec: - group: config.openshift.io - versions: - - name: v1 - served: true - storage: true - scope: Cluster - subresources: - status: {} - names: - plural: clusterversions - singular: clusterversion - kind: ClusterVersion - preserveUnknownFields: false - additionalPrinterColumns: - - name: Version - type: string - JSONPath: .status.history[?(@.state=="Completed")].version - - name: Available - type: string - JSONPath: .status.conditions[?(@.type=="Available")].status - - name: Progressing - type: string - JSONPath: .status.conditions[?(@.type=="Progressing")].status - - name: Since - type: date - JSONPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - - name: Status - type: string - JSONPath: .status.conditions[?(@.type=="Progressing")].message - validation: - openAPIV3Schema: - description: ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - type: object - required: - - clusterID - properties: - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for production - clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. You may specify the version field without setting - image if an update exists with that version in the availableUpdates - or history. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - type: object - properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on update. - This option should only be used when the authenticity of the provided - image has been verified out of band because the provided image - will run with full administrative access to the cluster. Do not - use this flag with images that comes from unknown or potentially - malicious sources. \n This flag does not override other forms - of consistency checking that are required before a new update - is deployed." - type: boolean - image: - description: image is a container image location that contains the - update. When this field is part of spec, image is optional if - version is specified and the availableUpdates field contains a - matching version. - type: string - version: - description: version is a semantic versioning identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - overrides: - description: overrides is list of overides for components that are managed - by cluster version operator. Marking a component unmanaged will prevent - the operator from creating or updating the object. - type: array - items: - description: ComponentOverride allows overriding cluster version operator's - behavior for a component. - type: object - required: - - group - - kind - - name - - namespace - - unmanaged - properties: - group: - description: group identifies the API group that the kind is in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the resource - is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator should - stop managing the resources in this cluster. Default: false' - type: boolean - upstream: - description: upstream may be used to specify the preferred update server. - By default it will use the appropriate update server for the cluster - and region. - type: string - status: - description: status contains information about the available updates and - any in-progress updates. - type: object - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - properties: - availableUpdates: - description: availableUpdates contains the list of updates that are - appropriate for this cluster. This list may be empty if no updates - are recommended, if the update service is unavailable, or if an invalid - channel has been specified. - type: array - items: - description: Update represents a release of the ClusterVersionOperator, - referenced by the Image member. - type: object - properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on - update. This option should only be used when the authenticity - of the provided image has been verified out of band because - the provided image will run with full administrative access - to the cluster. Do not use this flag with images that comes - from unknown or potentially malicious sources. \n This flag - does not override other forms of consistency checking that are - required before a new update is deployed." - type: boolean - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - version: - description: version is a semantic versioning identifying the - update version. When this field is part of spec, version is - optional if image is specified. - type: string - nullable: true - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an update - is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - type: array - items: - description: ClusterOperatorStatusCondition represents the state of - the operator's managed and monitored components. - type: object - required: - - lastTransitionTime - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - type: string - format: date-time - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or a - tag. - type: object - properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on update. - This option should only be used when the authenticity of the provided - image has been verified out of band because the provided image - will run with full administrative access to the cluster. Do not - use this flag with images that comes from unknown or potentially - malicious sources. \n This flag does not override other forms - of consistency checking that are required before a new update - is deployed." - type: boolean - image: - description: image is a container image location that contains the - update. When this field is part of spec, image is optional if - version is specified and the availableUpdates field contains a - matching version. - type: string - version: - description: version is a semantic versioning identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, and - then will be updated when a new update is being applied. The newest - update is first in the list and it is ordered by recency. Updates - in the history have state Completed if the rollout completed - if - an update was failing or halfway applied the state will be Partial. - Only a limited amount of update history is preserved. - type: array - items: - description: UpdateHistory is a single attempted update to the cluster. - type: object - required: - - completionTime - - image - - startedTime - - state - - verified - properties: - completionTime: - description: completionTime, if set, is when the update was fully - applied. The update that is currently being applied will have - a null completion time. Completion time will always be set for - entries that are not the current update (usually to the started - time of the next update). - type: string - format: date-time - nullable: true - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was started. - type: string - format: date-time - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update was - properly verified before it was installed. If this is false - the cluster may not be trusted. - type: boolean - version: - description: version is a semantic versioning identifying the - update version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - observedGeneration: - description: observedGeneration reports which version of the spec is - being synced. If this value is not equal to metadata.generation, then - the desired and conditions fields may represent a previous version. - type: integer - format: int64 - versionHash: - description: versionHash is a fingerprint of the content that the cluster - will be updated with. It is used by the operator to avoid unnecessary - work and is for internal use only. - type: string - versions: - - name: v1 - served: true - storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml deleted file mode 100644 index 8c857d45a4b..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorhubs.config.openshift.io -spec: - group: config.openshift.io - names: - kind: OperatorHub - listKind: OperatorHubList - plural: operatorhubs - singular: operatorhub - scope: Cluster - preserveUnknownFields: false - subresources: - status: {} - version: v1 - versions: - - name: v1 - served: true - storage: true - "validation": - "openAPIV3Schema": - description: OperatorHub is the Schema for the operatorhubs API. It can be used - to change the state of the default hub sources for OperatorHub on the cluster - from enabled to disabled and vice versa. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorHubSpec defines the desired state of OperatorHub - type: object - properties: - disableAllDefaultSources: - description: disableAllDefaultSources allows you to disable all the - default hub sources. If this is true, a specific entry in sources - can be used to enable a default source. If this is false, a specific - entry in sources can be used to disable or enable a default source. - type: boolean - sources: - description: sources is the list of default hub sources and their configuration. - If the list is empty, it implies that the default hub sources are - enabled on the cluster unless disableAllDefaultSources is true. If - disableAllDefaultSources is true and sources is not empty, the configuration - present in sources will take precedence. The list of default hub sources - and their current state will always be reflected in the status block. - type: array - items: - description: HubSource is used to specify the hub source and its configuration - type: object - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - name: - description: name is the name of one of the default hub sources - type: string - maxLength: 253 - minLength: 1 - status: - description: OperatorHubStatus defines the observed state of OperatorHub. - The current state of the default hub sources will always be reflected - here. - type: object - properties: - sources: - description: sources encapsulates the result of applying the configuration - for each hub source - type: array - items: - description: HubSourceStatus is used to reflect the current state - of applying the configuration to a default source - type: object - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - message: - description: message provides more information regarding failures - type: string - name: - description: name is the name of one of the default hub sources - type: string - maxLength: 253 - minLength: 1 - status: - description: status indicates success or failure in applying the - configuration - type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml deleted file mode 100644 index cf04b249b98..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: proxies.config.openshift.io -spec: - group: config.openshift.io - scope: Cluster - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: true - names: - kind: Proxy - listKind: ProxyList - plural: proxies - singular: proxy - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Proxy holds cluster-wide information on how to configure default - proxies for the cluster. The canonical name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the proxy configuration - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. Empty - means unset and will not result in an env var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or CIDRs - for which the proxy should not be used. Empty means unset and will - not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used to verify - readiness of the proxy. - type: array - items: - type: string - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing a CA - certificate bundle. The trustedCA field should only be consumed by - a proxy validator. The validator is responsible for reading the certificate - bundle from the required key \"ca-bundle.crt\", merging it with the - system default trust bundle, and writing the merged trust bundle to - a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections must use - the trusted-ca-bundle for all HTTPS requests to the proxy, and may - use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n - The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". - Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap - metadata: name: user-ca-bundle namespace: openshift-config data: - \ ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom - CA certificate bundle. -----END CERTIFICATE-----" - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or CIDRs - for which the proxy should not be used. - type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml deleted file mode 100644 index ebabc900951..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml +++ /dev/null @@ -1,229 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: apiservers.config.openshift.io -spec: - group: config.openshift.io - scope: Cluster - preserveUnknownFields: false - names: - kind: APIServer - singular: apiserver - plural: apiservers - listKind: APIServerList - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: APIServer holds configuration (like serving certificates, client - CA and CORS domains) shared by all API servers in the system, among them especially - kube-apiserver and openshift-apiserver. The canonical name of an instance - is 'cluster'. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - additionalCORSAllowedOrigins: - description: additionalCORSAllowedOrigins lists additional, user-defined - regular expressions describing hosts for which the API server allows - access using the CORS headers. This may be needed to access the API - and the integrated OAuth server from JavaScript applications. The - values are regular expressions that correspond to the Golang regular - expression language. - type: array - items: - type: string - clientCA: - description: 'clientCA references a ConfigMap containing a certificate - bundle for the signers that will be recognized for incoming client - certificates in addition to the operator managed signers. If this - is empty, then only operator managed signers are valid. You usually - only have to set this if you have your own PKI you wish to honor client - certificates from. The ConfigMap must exist in the openshift-config - namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - - CA bundle.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - encryption: - description: encryption allows the configuration of encryption of resources - at the datastore layer. - type: object - properties: - type: - description: "type defines what encryption type should be used to - encrypt resources at the datastore layer. When this field is unset - (i.e. when it is set to the empty string), identity is implied. - The behavior of unset can and will change over time. Even if - encryption is enabled by default, the meaning of unset may change - to a different encryption type based on changes in best practices. - \n When encryption is enabled, all sensitive resources shipped - with the platform are encrypted. This list of sensitive resources - can and will change over time. The current authoritative list - is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io - \ 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" - type: string - enum: - - "" - - identity - - aescbc - servingCerts: - description: servingCert is the TLS cert info for serving secure traffic. - If not specified, operator managed certificates will be used for serving - secure traffic. - type: object - properties: - namedCertificates: - description: namedCertificates references secrets containing the - TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates - match the server name as understood by a client, the defaultServingCertificate - will be used. - type: array - items: - description: APIServerNamedServingCert maps a server DNS name, - as understood by a client, to a certificate. - type: object - properties: - names: - description: names is a optional list of explicit DNS names - (leading wildcards allowed) that should use this certificate - to serve secure traffic. If no names are provided, the implicit - names will be extracted from the certificates. Exact names - trump over wildcard names. Explicit names defined here trump - over extracted implicit names. - type: array - items: - type: string - servingCertificate: - description: 'servingCertificate references a kubernetes.io/tls - type secret containing the TLS cert info for serving secure - traffic. The secret must exist in the openshift-config namespace - and contain the following required fields: - Secret.Data["tls.key"] - - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for externally exposed servers. \n If unset, a default (which may - change between releases) is chosen. Note that only Old and Intermediate - profiles are currently supported, and the maximum available MinTLSVersions - is VersionTLS12." - type: object - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - \ minTLSVersion: TLSv1.1" - type: object - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators may - remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - type: array - items: - type: string - minTLSVersion: - description: "minTLSVersion is used to specify the minimal version - of the TLS protocol that is negotiated during the TLS handshake. - For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): - \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest - minTLSVersion allowed is VersionTLS12" - type: string - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - nullable: true - intermediate: - description: "intermediate is a TLS security profile based on: \n - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ minTLSVersion: TLSv1.2" - type: object - nullable: true - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." - type: object - nullable: true - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - \ - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - \ - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - \ - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: - TLSv1.0" - type: object - nullable: true - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found to - be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - type: string - enum: - - Old - - Intermediate - - Modern - - Custom - status: - type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml deleted file mode 100644 index bb95918d9da..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - preserveUnknownFields: false - subresources: - status: {} - versions: - - name: v1 - served: true - storage: true - "validation": - "openAPIV3Schema": - description: Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an instance - is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: oc - get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" is - used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - serviceAccountIssuer: - description: serviceAccountIssuer is the identifier of the bound service - account token issuer. The default is auth.openshift.io. - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - type: string - webhookTokenAuthenticators: - description: webhookTokenAuthenticators configures remote token reviewers. - These remote authentication webhooks can be used to verify bearer - tokens via the tokenreviews.authentication.k8s.io REST API. This - is required to honor bearer tokens that are provisioned by an external - authentication service. The namespace for these secrets is openshift-config. - type: array - items: - description: webhookTokenAuthenticator holds the necessary configuration - options for a remote token authenticator - type: object - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. If - the specified kube config data is not valid, the webhook is - not honored. The namespace for this secret is determined by - the point of use.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. This - field has no meaning if authentication spec.type is not set to IntegratedOAuth. - The key "oauthMetadata" is used to locate the data. If the config - map or expected key is not found, no metadata is served. If the specified - metadata is not valid, no metadata is served. The namespace for this - config map is openshift-config-managed.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml deleted file mode 100644 index f3957ce34a4..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml +++ /dev/null @@ -1,370 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: builds.config.openshift.io -spec: - group: config.openshift.io - scope: Cluster - preserveUnknownFields: false - names: - kind: Build - singular: build - plural: builds - listKind: BuildList - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: "Build configures the behavior of OpenShift builds for the entire - cluster. This includes default settings that can be overridden in BuildConfig - objects, and overrides which are applied to all builds. \n The canonical name - is \"cluster\"" - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the build controller configuration - type: object - properties: - additionalTrustedCA: - description: "AdditionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted for image pushes and pulls during - builds. The namespace for this config map is openshift-config. \n - DEPRECATED: Additional CAs for image pull and push should be set on - image.config.openshift.io/cluster instead." - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - buildDefaults: - description: BuildDefaults controls the default information for Builds - type: object - properties: - defaultProxy: - description: "DefaultProxy contains the default proxy settings for - all build operations, including image pull/push and source download. - \n Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, - and `NO_PROXY` environment variables in the build config's strategy." - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. Empty - means unset and will not result in an env var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs for which the proxy should not be used. Empty - means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - type: array - items: - type: string - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only be - consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key \"ca-bundle.crt\", - merging it with the system default trust bundle, and writing - the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" - in the \"openshift-config-managed\" namespace. Clients that - expect to make proxy connections must use the trusted-ca-bundle - for all HTTPS requests to the proxy, and may use the trusted-ca-bundle - for non-proxy HTTPS requests as well. \n The namespace for - the ConfigMap referenced by trustedCA is \"openshift-config\". - Here is an example ConfigMap (in yaml): \n apiVersion: v1 - kind: ConfigMap metadata: name: user-ca-bundle namespace: - openshift-config data: ca-bundle.crt: | -----BEGIN - CERTIFICATE----- Custom CA certificate bundle. -----END - CERTIFICATE-----" - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - env: - description: Env is a set of default environment variables that - will be applied to the build if the specified variables do not - exist on the build - type: array - items: - description: EnvVar represents an environment variable present - in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed - resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - gitProxy: - description: "GitProxy contains the proxy settings for git operations - only. If set, this will override any Proxy settings for all git - commands, such as git clone. \n Values that are not set here will - be inherited from DefaultProxy." - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. Empty - means unset and will not result in an env var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs for which the proxy should not be used. Empty - means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - type: array - items: - type: string - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only be - consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key \"ca-bundle.crt\", - merging it with the system default trust bundle, and writing - the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" - in the \"openshift-config-managed\" namespace. Clients that - expect to make proxy connections must use the trusted-ca-bundle - for all HTTPS requests to the proxy, and may use the trusted-ca-bundle - for non-proxy HTTPS requests as well. \n The namespace for - the ConfigMap referenced by trustedCA is \"openshift-config\". - Here is an example ConfigMap (in yaml): \n apiVersion: v1 - kind: ConfigMap metadata: name: user-ca-bundle namespace: - openshift-config data: ca-bundle.crt: | -----BEGIN - CERTIFICATE----- Custom CA certificate bundle. -----END - CERTIFICATE-----" - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. User can override a default label by providing - a label with the same name in their Build/BuildConfig. - type: array - items: - type: object - properties: - name: - description: Name defines the name of the label. It must have - non-zero length. - type: string - value: - description: Value defines the literal value of the label. - type: string - resources: - description: Resources defines resource requirements to execute - the build. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - buildOverrides: - description: BuildOverrides controls override settings for builds - type: object - properties: - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. If user provided a label in their Build/BuildConfig - with the same name as one in this list, the user's label will - be overwritten. - type: array - items: - type: object - properties: - name: - description: Name defines the name of the label. It must have - non-zero length. - type: string - value: - description: Value defines the literal value of the label. - type: string - nodeSelector: - description: NodeSelector is a selector which must be true for the - build pod to fit on a node - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations is a list of Tolerations that will override - any existing tolerations set on a build pod. - type: array - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml deleted file mode 100644 index b527f7aa32d..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: consoles.config.openshift.io -spec: - scope: Cluster - preserveUnknownFields: false - group: config.openshift.io - names: - kind: Console - listKind: ConsoleList - plural: consoles - singular: console - subresources: - status: {} - versions: - - name: v1 - served: true - storage: true - "validation": - "openAPIV3Schema": - description: Console holds cluster-wide configuration for the web console, including - the logout URL, and reports the public URL of the console. The canonical name - is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - authentication: - description: ConsoleAuthentication defines a list of optional configuration - for console authentication. - type: object - properties: - logoutRedirect: - description: 'An optional, absolute URL to redirect web browsers - to after logging out of the console. If not specified, it will - redirect to the default login page. This is required when using - an identity provider that supports single sign-on (SSO) such as: - - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - - OAuth (GitHub, GitLab, Google) Logging out of the console will - destroy the user''s token. The logoutRedirect provides the user - the option to perform single logout (SLO) through the identity - provider to destroy their single sign-on session.' - type: string - pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - consoleURL: - description: The URL for the console. This will be derived from the - host for the route that is created for the console. - type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml deleted file mode 100644 index c883ee0f0cf..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: dnses.config.openshift.io -spec: - group: config.openshift.io - names: - kind: DNS - listKind: DNSList - plural: dnses - singular: dns - scope: Cluster - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: DNS holds cluster-wide information about DNS. The canonical name - is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. All managed - DNS records will be sub-domains of this base. \n For example, given - the base domain `openshift.example.com`, an API server DNS record - may be created for `cluster-api.openshift.example.com`. \n Once set, - this field cannot be changed." - type: string - privateZone: - description: "privateZone is the location where all the DNS records - that are only available internally to the cluster exist. \n If this - field is nil, no private records should be created. \n Once set, this - field cannot be changed." - type: object - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as id - in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone - using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - additionalProperties: - type: string - publicZone: - description: "publicZone is the location where all the DNS records that - are publicly accessible to the internet exist. \n If this field is - nil, no public records should be created. \n Once set, this field - cannot be changed." - type: object - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as id - in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone - using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - additionalProperties: - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml deleted file mode 100644 index 89084a33f57..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: featuregates.config.openshift.io -spec: - group: config.openshift.io - version: v1 - scope: Cluster - preserveUnknownFields: false - names: - kind: FeatureGate - singular: featuregate - plural: featuregates - listKind: FeatureGateList - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Feature holds cluster-wide information about feature gates. The - canonical name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - customNoUpgrade: - description: customNoUpgrade allows the enabling or disabling of any - feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, - and PREVENTS UPGRADES. Because of its nature, this setting cannot - be validated. If you have any typos or accidentally apply invalid - combinations your cluster may fail in an unrecoverable way. featureSet - must equal "CustomNoUpgrade" must be set to use this field. - type: object - properties: - disabled: - description: disabled is a list of all feature gates that you want - to force off - type: array - items: - type: string - enabled: - description: enabled is a list of all feature gates that you want - to force on - type: array - items: - type: string - nullable: true - featureSet: - description: featureSet changes the list of features in the cluster. The - default is empty. Be very careful adjusting this setting. Turning - on or off features may cause irreversible changes in your cluster - which cannot be undone. - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml deleted file mode 100644 index 8e320096713..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml +++ /dev/null @@ -1,144 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: images.config.openshift.io -spec: - group: config.openshift.io - scope: Cluster - preserveUnknownFields: false - names: - kind: Image - singular: image - plural: images - listKind: ImageList - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Image governs policies related to imagestream imports and runtime - configuration for external registries. It allows cluster admins to configure - which registries OpenShift is allowed to import images from, extra CA trust - bundles for external registries, and policies to block or allow registry hostnames. - When exposing OpenShift's image registry to the public, this also lets cluster - admins specify the external hostname. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - additionalTrustedCA: - description: additionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted during imagestream import, pod - image pull, build image pull, and imageregistry pullthrough. The namespace - for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - allowedRegistriesForImport: - description: allowedRegistriesForImport limits the container image registries - that normal users may import images from. Set this list to the registries - that you trust to contain valid Docker images and that you want applications - to be able to import from. Users with permission to create Images - or ImageStreamMappings via the API are not affected by this policy - - typically only administrators or system integrations will have those - permissions. - type: array - items: - description: RegistryLocation contains a location of the registry - specified by the registry domain name. The domain name might include - wildcards, like '*' or '??'. - type: object - properties: - domainName: - description: domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the - port should be included in the domain name as well. - type: string - insecure: - description: insecure indicates whether the registry is secure - (https) or insecure (http) By default (if not specified) the - registry is assumed as secure. - type: boolean - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for the - default external image registry. The external hostname should be set - only when the image registry is exposed externally. The first value - is used in 'publicDockerImageRepository' field in ImageStreams. The - value must be in "hostname[:port]" format. - type: array - items: - type: string - registrySources: - description: registrySources contains configuration that determines - how the container runtime should treat individual registries when - accessing images for builds+pods. (e.g. whether or not to allow insecure - access). It does not contain configuration for the internal cluster - registry. - type: object - properties: - allowedRegistries: - description: "allowedRegistries are the only registries permitted - for image pull and push actions. All other registries are denied. - \n Only one of BlockedRegistries or AllowedRegistries may be set." - type: array - items: - type: string - blockedRegistries: - description: "blockedRegistries cannot be used for image pull and - push actions. All other registries are permitted. \n Only one - of BlockedRegistries or AllowedRegistries may be set." - type: array - items: - type: string - insecureRegistries: - description: insecureRegistries are registries which do not have - a valid TLS certificates or only support HTTP connections. - type: array - items: - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for the - default external image registry. The external hostname should be set - only when the image registry is exposed externally. The first value - is used in 'publicDockerImageRepository' field in ImageStreams. The - value must be in "hostname[:port]" format. - type: array - items: - type: string - internalRegistryHostname: - description: internalRegistryHostname sets the hostname for the default - internal image registry. The value must be in "hostname[:port]" format. - This value is set by the image registry operator which controls the - internal registry hostname. For backward compatibility, users can - still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this - setting overrides the environment variable. - type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml deleted file mode 100644 index 076ff0ad77a..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ /dev/null @@ -1,264 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: infrastructures.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Infrastructure - listKind: InfrastructureList - plural: infrastructures - singular: infrastructure - scope: Cluster - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: true - "validation": - "openAPIV3Schema": - description: Infrastructure holds cluster-wide information about Infrastructure. The - canonical name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - cloudConfig: - description: cloudConfig is a reference to a ConfigMap containing the - cloud provider configuration file. This configuration file is used - to configure the Kubernetes cloud provider integration when using - the built-in cloud provider integration or the external cloud controller - manager. The namespace for this config map is openshift-config. - type: object - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme(http/https), - address and port. apiServerInternalURL can be used by components - like kubelets, to contact the Kubernetes API server using the infrastructure - provider rather than Kubernetes networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme(http/https), address - and port. apiServerURL can be used by components like the web console - to tell users where to find the Kubernetes API. - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the SRV - records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with a - human friendly name. Once set it should not be changed. Must be of - max length 27 and must have only alphanumeric or hyphen characters. - type: string - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - type: string - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - type: object - properties: - aws: - description: AWS contains settings specific to the Amazon Web Services - infrastructure provider. - type: object - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - properties: - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components inside - the cluster, like kubelets using the infrastructure rather - than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer in - front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target of - a wildcard DNS record used to resolve default route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal DNS - used by the nodes. Unlike the one managed by the DNS operator, - `NodeDNSIP` provides name resolution for the nodes themselves. - There is no DNS-as-a-service for BareMetal deployments. In - order to minimize necessary changes to the datacenter DNS, - a DNS service is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - properties: - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources created - for the cluster. - type: string - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - properties: - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components inside - the cluster, like kubelets using the infrastructure rather - than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer in - front of the API servers. - type: string - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target of - a wildcard DNS record used to resolve default route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal DNS - used by the nodes. Unlike the one managed by the DNS operator, - `NodeDNSIP` provides name resolution for the nodes themselves. - There is no DNS-as-a-service for OpenStack deployments. In - order to minimize necessary changes to the datacenter DNS, - a DNS service is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components inside - the cluster, like kubelets using the infrastructure rather - than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer in - front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target of - a wildcard DNS record used to resolve default route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal DNS - used by the nodes. Unlike the one managed by the DNS operator, - `NodeDNSIP` provides name resolution for the nodes themselves. - There is no DNS-as-a-service for oVirt deployments. In order - to minimize necessary changes to the datacenter DNS, a DNS - service is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, machine - creation and deletion, and other integrations are enabled. If - None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", and "None". Individual components may not - support all platforms, and must handle unrecognized platforms - as None if they do not support that platform. - type: string - vsphere: - description: VSphere contains settings specific to the VSphere infrastructure - provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components inside - the cluster, like kubelets using the infrastructure rather - than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer in - front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target of - a wildcard DNS record used to resolve default route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal DNS - used by the nodes. Unlike the one managed by the DNS operator, - `NodeDNSIP` provides name resolution for the nodes themselves. - There is no DNS-as-a-service for vSphere deployments. In order - to minimize necessary changes to the datacenter DNS, a DNS - service is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml deleted file mode 100644 index ada4404256a..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingresses.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Ingress - listKind: IngressList - plural: ingresses - singular: ingress - scope: Cluster - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Ingress holds cluster-wide information about ingress, including - the default ingress domain used for routes. The canonical name is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - domain: - description: "domain is used to generate a default host name for a route - when the route's host name is empty. The generated host name will - follow this pattern: \"..\". - \n It is also used as the default wildcard domain suffix for ingress. - The default ingresscontroller domain will follow this pattern: \"*.\". - \n Once set, changing domain is not currently supported." - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml deleted file mode 100644 index bc3b62a8715..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml +++ /dev/null @@ -1,141 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: networks.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: true - "validation": - "openAPIV3Schema": - description: 'Network holds cluster-wide information about Network. The canonical - name is `cluster`. It is used to configure the desired network configuration, - such as: IP address pools for services/pod IPs, network plugin, etc. Please - view network.spec for an explanation on what applies when configuring this - resource.' - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration. As a general - rule, this SHOULD NOT be read directly. Instead, you should consume the - NetworkStatus, as it indicates the currently deployed configuration. Currently, - most spec fields are immutable after installation. Please view the individual - ones for further details on each. - type: object - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. This field is immutable - after installation. - type: array - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - type: object - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each node. - type: integer - format: int32 - minimum: 0 - externalIP: - description: externalIP defines configuration for controllers that affect - Service.ExternalIP. If nil, then ExternalIP is not allowed to be set. - type: object - properties: - autoAssignCIDRs: - description: autoAssignCIDRs is a list of CIDRs from which to automatically - assign Service.ExternalIP. These are assigned when the service - is of type LoadBalancer. In general, this is only useful for bare-metal - clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". - Automatically assigned External IPs are not affected by any ExternalIPPolicy - rules. Currently, only one entry may be provided. - type: array - items: - type: string - policy: - description: policy is a set of restrictions applied to the ExternalIP - field. If nil or empty, then ExternalIP is not allowed to be set. - type: object - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - type: array - items: - type: string - rejectedCIDRs: - description: rejectedCIDRs is the list of disallowed CIDRs. - These take precedence over allowedCIDRs. - type: array - items: - type: string - networkType: - description: 'NetworkType is the plugin that is to be deployed (e.g. - OpenShiftSDN). This should match a value that the cluster-network-operator - understands, or else no networking will be installed. Currently supported - values are: - OpenShiftSDN This field is immutable after installation.' - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. This field is immutable after installation. - type: array - items: - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. - type: array - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - type: object - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each node. - type: integer - format: int32 - minimum: 0 - clusterNetworkMTU: - description: ClusterNetworkMTU is the MTU for inter-pod networking. - type: integer - networkType: - description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. - type: array - items: - type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml deleted file mode 100644 index fd763d04776..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml +++ /dev/null @@ -1,661 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: oauths.config.openshift.io -spec: - group: config.openshift.io - names: - kind: OAuth - listKind: OAuthList - plural: oauths - singular: oauth - scope: Cluster - preserveUnknownFields: false - subresources: - status: {} - versions: - - name: v1 - served: true - storage: true - "validation": - "openAPIV3Schema": - description: OAuth holds cluster-wide information about OAuth. The canonical - name is `cluster`. It is used to configure the integrated OAuth server. This - configuration is only honored when the top level Authentication config has - type set to IntegratedOAuth. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OAuthSpec contains desired cluster auth configuration - type: object - properties: - identityProviders: - description: identityProviders is an ordered list of ways for a user - to identify themselves. When this list is empty, no identities are - provisioned for users. - type: array - items: - description: IdentityProvider provides identities for users authenticating - using credentials - type: object - properties: - basicAuth: - description: basicAuth contains configuration options for the - BasicAuth IdP - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a secret - by name that contains the PEM-encoded TLS client certificate - to present when connecting to the server. The key "tls.crt" - is used to locate the data. If specified and the secret - or expected key is not found, the identity provider is not - honored. If the specified certificate data is not valid, - the identity provider is not honored. The namespace for - this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - tlsClientKey: - description: tlsClientKey is an optional reference to a secret - by name that contains the PEM-encoded TLS private key for - the client certificate referenced in tlsClientCert. The - key "tls.key" is used to locate the data. If specified and - the secret or expected key is not found, the identity provider - is not honored. If the specified certificate data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - url: - description: url is the remote URL to connect to - type: string - github: - description: github enables user authentication using GitHub credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - This can only be configured when hostname is set to a non-empty - value. The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - hostname: - description: hostname is the optional domain (e.g. "mycompany.com") - for use with a hosted instance of GitHub Enterprise. It - must match the GitHub Enterprise settings value configured - at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts which organizations - are allowed to log in - type: array - items: - type: string - teams: - description: teams optionally restricts which teams are allowed - to log in. Format is /. - type: array - items: - type: string - gitlab: - description: gitlab enables user authentication using GitLab credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - url: - description: url is the oauth server base URL - type: string - google: - description: google enables user authentication using Google credentials - type: object - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - hostedDomain: - description: hostedDomain is the optional Google App domain - (e.g. "mycompany.com") to restrict logins to - type: string - htpasswd: - description: htpasswd enables user authentication using an HTPasswd - file to validate credentials - type: object - properties: - fileData: - description: fileData is a required reference to a secret - by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. If the secret - or expected key is not found, the identity provider is not - honored. If the specified htpasswd data is not valid, the - identity provider is not honored. The namespace for this - secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - keystone: - description: keystone enables user authentication using keystone - password credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - domainName: - description: domainName is required for keystone v3 - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a secret - by name that contains the PEM-encoded TLS client certificate - to present when connecting to the server. The key "tls.crt" - is used to locate the data. If specified and the secret - or expected key is not found, the identity provider is not - honored. If the specified certificate data is not valid, - the identity provider is not honored. The namespace for - this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - tlsClientKey: - description: tlsClientKey is an optional reference to a secret - by name that contains the PEM-encoded TLS private key for - the client certificate referenced in tlsClientCert. The - key "tls.key" is used to locate the data. If specified and - the secret or expected key is not found, the identity provider - is not honored. If the specified certificate data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - url: - description: url is the remote URL to connect to - type: string - ldap: - description: ldap enables user authentication using LDAP credentials - type: object - properties: - attributes: - description: attributes maps LDAP attributes to identities - type: object - properties: - email: - description: email is the list of attributes whose values - should be used as the email address. Optional. If unspecified, - no email is set for the identity - type: array - items: - type: string - id: - description: id is the list of attributes whose values - should be used as the user ID. Required. First non-empty - attribute is used. At least one attribute is required. - If none of the listed attribute have a value, authentication - fails. LDAP standard identity attribute is "dn" - type: array - items: - type: string - name: - description: name is the list of attributes whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity LDAP standard - display name attribute is "cn" - type: array - items: - type: string - preferredUsername: - description: preferredUsername is the list of attributes - whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - type: array - items: - type: string - bindDN: - description: bindDN is an optional DN to bind with during - the search phase. - type: string - bindPassword: - description: bindPassword is an optional reference to a secret - by name containing a password to bind with during the search - phase. The key "bindPassword" is used to locate the data. - If specified and the secret or expected key is not found, - the identity provider is not honored. The namespace for - this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - insecure: - description: 'insecure, if true, indicates the connection - should not use TLS WARNING: Should not be set to `true` - with the URL scheme "ldaps://" as "ldaps://" URLs always attempt - to connect using TLS, even when `insecure` is set to `true` - When `true`, "ldap://" URLS connect insecurely. When `false`, - "ldap://" URLs are upgraded to a TLS connection using StartTLS - as specified in https://tools.ietf.org/html/rfc2830.' - type: boolean - url: - description: 'url is an RFC 2255 URL which specifies the LDAP - search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter' - type: string - mappingMethod: - description: mappingMethod determines how identities from this - provider are mapped to users Defaults to "claim" - type: string - name: - description: 'name is used to qualify the identities returned - by this provider. - It MUST be unique and not shared by any - other identity provider used - It MUST be a valid path segment: - name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: - https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' - type: string - openID: - description: openID enables user authentication using OpenID credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - claims: - description: claims mappings - type: object - properties: - email: - description: email is the list of claims whose values - should be used as the email address. Optional. If unspecified, - no email is set for the identity - type: array - items: - type: string - name: - description: name is the list of claims whose values should - be used as the display name. Optional. If unspecified, - no display name is set for the identity - type: array - items: - type: string - preferredUsername: - description: preferredUsername is the list of claims whose - values should be used as the preferred username. If - unspecified, the preferred username is determined from - the value of the sub claim - type: array - items: - type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - extraAuthorizeParameters: - description: extraAuthorizeParameters are any custom parameters - to add to the authorize request. - type: object - additionalProperties: - type: string - extraScopes: - description: extraScopes are any scopes to request in addition - to the standard "openid" scope. - type: array - items: - type: string - issuer: - description: issuer is the URL that the OpenID Provider asserts - as its Issuer Identifier. It must use the https scheme with - no query or fragment component. - type: string - requestHeader: - description: requestHeader enables user authentication using request - header credentials - type: object - properties: - ca: - description: ca is a required reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. Specifically, it allows verification - of incoming requests to prevent header spoofing. The key - "ca.crt" is used to locate the data. If the config map or - expected key is not found, the identity provider is not - honored. If the specified ca data is not valid, the identity - provider is not honored. The namespace for this config map - is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - challengeURL: - description: challengeURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect WWW-Authenticate challenges will be - redirected here. ${url} is replaced with the current URL, - escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. - type: string - clientCommonNames: - description: clientCommonNames is an optional list of common - names to require a match from. If empty, any client certificate - validated against the clientCA bundle is considered authoritative. - type: array - items: - type: string - emailHeaders: - description: emailHeaders is the set of headers to check for - the email address - type: array - items: - type: string - headers: - description: headers is the set of headers to check for identity - information - type: array - items: - type: string - loginURL: - description: loginURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect interactive logins will be redirected - here ${url} is replaced with the current URL, escaped to - be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to check for - the display name - type: array - items: - type: string - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set of headers - to check for the preferred username - type: array - items: - type: string - type: - description: type identifies the identity provider type for this - entry. - type: string - templates: - description: templates allow you to customize pages like the login page. - type: object - properties: - error: - description: error is the name of a secret that specifies a go template - to use to render error pages during the authentication or grant - flow. The key "errors.html" is used to locate the template data. - If specified and the secret or expected key is not found, the - default error page is used. If the specified template is not valid, - the default error page is used. If unspecified, the default error - page is used. The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - login: - description: login is the name of a secret that specifies a go template - to use to render the login page. The key "login.html" is used - to locate the template data. If specified and the secret or expected - key is not found, the default login page is used. If the specified - template is not valid, the default login page is used. If unspecified, - the default login page is used. The namespace for this secret - is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - providerSelection: - description: providerSelection is the name of a secret that specifies - a go template to use to render the provider selection page. The - key "providers.html" is used to locate the template data. If specified - and the secret or expected key is not found, the default provider - selection page is used. If the specified template is not valid, - the default provider selection page is used. If unspecified, the - default provider selection page is used. The namespace for this - secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - tokenConfig: - description: tokenConfig contains options for authorization and access - tokens - type: object - properties: - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds defines the default - token inactivity timeout for tokens granted by any client. The - value represents the maximum amount of time that can occur between - consecutive uses of the token. Tokens become invalid if they are - not used within this temporal window. The user will need to acquire - a new token to regain access once a token times out. Valid values - are integer values: x < 0 Tokens time out is enabled but tokens - never timeout unless configured per client (e.g. `-1`) x = 0 Tokens - time out is disabled (default) x > 0 Tokens time out if there - is no activity for x seconds The current minimum allowed value - for X is 300 (5 minutes)' - type: integer - format: int32 - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum age of - access tokens - type: integer - format: int32 - status: - description: OAuthStatus shows current known state of OAuth server in the - cluster - type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml deleted file mode 100644 index a625aa61716..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: projects.config.openshift.io -spec: - group: config.openshift.io - scope: Cluster - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: true - names: - kind: Project - listKind: ProjectList - plural: projects - singular: project - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Project holds cluster-wide information about Project. The canonical - name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - projectRequestMessage: - description: projectRequestMessage is the string presented to a user - if they are unable to request a project via the projectrequest api - endpoint - type: string - projectRequestTemplate: - description: projectRequestTemplate is the template to use for creating - projects in response to projectrequest. This must point to a template - in 'openshift-config' namespace. It is optional. If it is not specified, - a default template is used. - type: object - properties: - name: - description: name is the metadata.name of the referenced project - request template - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml deleted file mode 100644 index 6f5336c8f6d..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: schedulers.config.openshift.io -spec: - group: config.openshift.io - scope: Cluster - preserveUnknownFields: false - names: - kind: Scheduler - singular: scheduler - plural: schedulers - listKind: SchedulerList - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Scheduler holds cluster-wide config information to run the Kubernetes - Scheduler and influence its placement decisions. The canonical name for this - config is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - defaultNodeSelector: - description: 'defaultNodeSelector helps set the cluster-wide default - node selector to restrict pod placement to specific nodes. This is - applied to the pods created in all namespaces without a specified - nodeSelector value. For example, defaultNodeSelector: "type=user-node,region=east" - would set nodeSelector field in pod spec to "type=user-node,region=east" - to all pods created in all namespaces. Namespaces having project-wide - node selectors won''t be impacted even if this field is set. This - adds an annotation section to the namespace. For example, if a new - namespace is created with node-selector=''type=user-node,region=east'', - the annotation openshift.io/node-selector: type=user-node,region=east - gets added to the project. When the openshift.io/node-selector annotation - is set on the project the value is used in preference to the value - we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: - "type=user-node,region=west" means that the default of "type=user-node,region=east" - set in defaultNodeSelector would not be applied.' - type: string - mastersSchedulable: - description: 'MastersSchedulable allows masters nodes to be schedulable. - When this flag is turned on, all the master nodes in the cluster will - be made schedulable, so that workload pods can run on them. The default - value for this field is false, meaning none of the master nodes are - schedulable. Important Note: Once the workload pods start running - on the master nodes, extreme care must be taken to ensure that cluster-critical - control plane components are not impacted. Please turn on this field - after doing due diligence.' - type: boolean - policy: - description: policy is a reference to a ConfigMap containing scheduler - policy which has user specified predicates and priorities. If this - ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. - The namespace for this configmap is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object diff --git a/vendor/github.com/openshift/api/config/v1/doc.go b/vendor/github.com/openshift/api/config/v1/doc.go deleted file mode 100644 index 4ff5208f2c2..00000000000 --- a/vendor/github.com/openshift/api/config/v1/doc.go +++ /dev/null @@ -1,8 +0,0 @@ -// +k8s:deepcopy-gen=package,register -// +k8s:defaulter-gen=TypeMeta -// +k8s:openapi-gen=true - -// +kubebuilder:validation:Optional -// +groupName=config.openshift.io -// Package v1 is the v1 version of the API. -package v1 diff --git a/vendor/github.com/openshift/api/config/v1/register.go b/vendor/github.com/openshift/api/config/v1/register.go deleted file mode 100644 index 35eace3701c..00000000000 --- a/vendor/github.com/openshift/api/config/v1/register.go +++ /dev/null @@ -1,70 +0,0 @@ -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -var ( - GroupName = "config.openshift.io" - GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - // Install is a function which adds this version to a scheme - Install = schemeBuilder.AddToScheme - - // SchemeGroupVersion generated code relies on this name - // Deprecated - SchemeGroupVersion = GroupVersion - // AddToScheme exists solely to keep the old generators creating valid code - // DEPRECATED - AddToScheme = schemeBuilder.AddToScheme -) - -// Resource generated code relies on this being here, but it logically belongs to the group -// DEPRECATED -func Resource(resource string) schema.GroupResource { - return schema.GroupResource{Group: GroupName, Resource: resource} -} - -// Adds the list of known types to api.Scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(GroupVersion, - &APIServer{}, - &APIServerList{}, - &Authentication{}, - &AuthenticationList{}, - &Build{}, - &BuildList{}, - &ClusterOperator{}, - &ClusterOperatorList{}, - &ClusterVersion{}, - &ClusterVersionList{}, - &Console{}, - &ConsoleList{}, - &DNS{}, - &DNSList{}, - &FeatureGate{}, - &FeatureGateList{}, - &Image{}, - &ImageList{}, - &Infrastructure{}, - &InfrastructureList{}, - &Ingress{}, - &IngressList{}, - &Network{}, - &NetworkList{}, - &OAuth{}, - &OAuthList{}, - &OperatorHub{}, - &OperatorHubList{}, - &Project{}, - &ProjectList{}, - &Proxy{}, - &ProxyList{}, - &Scheduler{}, - &SchedulerList{}, - ) - metav1.AddToGroupVersion(scheme, GroupVersion) - return nil -} diff --git a/vendor/github.com/openshift/api/config/v1/stringsource.go b/vendor/github.com/openshift/api/config/v1/stringsource.go deleted file mode 100644 index 6a5718c1db2..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stringsource.go +++ /dev/null @@ -1,31 +0,0 @@ -package v1 - -import "encoding/json" - -// UnmarshalJSON implements the json.Unmarshaller interface. -// If the value is a string, it sets the Value field of the StringSource. -// Otherwise, it is unmarshaled into the StringSourceSpec struct -func (s *StringSource) UnmarshalJSON(value []byte) error { - // If we can unmarshal to a simple string, just set the value - var simpleValue string - if err := json.Unmarshal(value, &simpleValue); err == nil { - s.Value = simpleValue - return nil - } - - // Otherwise do the full struct unmarshal - return json.Unmarshal(value, &s.StringSourceSpec) -} - -// MarshalJSON implements the json.Marshaller interface. -// If the StringSource contains only a string Value (or is empty), it is marshaled as a JSON string. -// Otherwise, the StringSourceSpec struct is marshaled as a JSON object. -func (s *StringSource) MarshalJSON() ([]byte, error) { - // If we have only a cleartext value set, do a simple string marshal - if s.StringSourceSpec == (StringSourceSpec{Value: s.Value}) { - return json.Marshal(s.Value) - } - - // Otherwise do the full struct marshal of the externalized bits - return json.Marshal(s.StringSourceSpec) -} diff --git a/vendor/github.com/openshift/api/config/v1/types.go b/vendor/github.com/openshift/api/config/v1/types.go deleted file mode 100644 index 14274842365..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types.go +++ /dev/null @@ -1,312 +0,0 @@ -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// ConfigMapFileReference references a config map in a specific namespace. -// The namespace must be specified at the point of use. -type ConfigMapFileReference struct { - Name string `json:"name"` - // Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. - Key string `json:"key,omitempty"` -} - -// ConfigMapNameReference references a config map in a specific namespace. -// The namespace must be specified at the point of use. -type ConfigMapNameReference struct { - // name is the metadata.name of the referenced config map - // +kubebuilder:validation:Required - // +required - Name string `json:"name"` -} - -// SecretNameReference references a secret in a specific namespace. -// The namespace must be specified at the point of use. -type SecretNameReference struct { - // name is the metadata.name of the referenced secret - // +kubebuilder:validation:Required - // +required - Name string `json:"name"` -} - -// HTTPServingInfo holds configuration for serving HTTP -type HTTPServingInfo struct { - // ServingInfo is the HTTP serving information - ServingInfo `json:",inline"` - // MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit. - MaxRequestsInFlight int64 `json:"maxRequestsInFlight"` - // RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if - // -1 there is no limit on requests. - RequestTimeoutSeconds int64 `json:"requestTimeoutSeconds"` -} - -// ServingInfo holds information about serving web pages -type ServingInfo struct { - // BindAddress is the ip:port to serve on - BindAddress string `json:"bindAddress"` - // BindNetwork is the type of network to bind to - defaults to "tcp4", accepts "tcp", - // "tcp4", and "tcp6" - BindNetwork string `json:"bindNetwork"` - // CertInfo is the TLS cert info for serving secure traffic. - // this is anonymous so that we can inline it for serialization - CertInfo `json:",inline"` - // ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates - // +optional - ClientCA string `json:"clientCA,omitempty"` - // NamedCertificates is a list of certificates to use to secure requests to specific hostnames - NamedCertificates []NamedCertificate `json:"namedCertificates,omitempty"` - // MinTLSVersion is the minimum TLS version supported. - // Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants - MinTLSVersion string `json:"minTLSVersion,omitempty"` - // CipherSuites contains an overridden list of ciphers for the server to support. - // Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants - CipherSuites []string `json:"cipherSuites,omitempty"` -} - -// CertInfo relates a certificate with a private key -type CertInfo struct { - // CertFile is a file containing a PEM-encoded certificate - CertFile string `json:"certFile"` - // KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile - KeyFile string `json:"keyFile"` -} - -// NamedCertificate specifies a certificate/key, and the names it should be served for -type NamedCertificate struct { - // Names is a list of DNS names this certificate should be used to secure - // A name can be a normal DNS name, or can contain leading wildcard segments. - Names []string `json:"names,omitempty"` - // CertInfo is the TLS cert info for serving secure traffic - CertInfo `json:",inline"` -} - -// LeaderElection provides information to elect a leader -type LeaderElection struct { - // disable allows leader election to be suspended while allowing a fully defaulted "normal" startup case. - Disable bool `json:"disable,omitempty"` - // namespace indicates which namespace the resource is in - Namespace string `json:"namespace,omitempty"` - // name indicates what name to use for the resource - Name string `json:"name,omitempty"` - - // leaseDuration is the duration that non-leader candidates will wait - // after observing a leadership renewal until attempting to acquire - // leadership of a led but unrenewed leader slot. This is effectively the - // maximum duration that a leader can be stopped before it is replaced - // by another candidate. This is only applicable if leader election is - // enabled. - // +nullable - LeaseDuration metav1.Duration `json:"leaseDuration"` - // renewDeadline is the interval between attempts by the acting master to - // renew a leadership slot before it stops leading. This must be less - // than or equal to the lease duration. This is only applicable if leader - // election is enabled. - // +nullable - RenewDeadline metav1.Duration `json:"renewDeadline"` - // retryPeriod is the duration the clients should wait between attempting - // acquisition and renewal of a leadership. This is only applicable if - // leader election is enabled. - // +nullable - RetryPeriod metav1.Duration `json:"retryPeriod"` -} - -// StringSource allows specifying a string inline, or externally via env var or file. -// When it contains only a string value, it marshals to a simple JSON string. -type StringSource struct { - // StringSourceSpec specifies the string value, or external location - StringSourceSpec `json:",inline"` -} - -// StringSourceSpec specifies a string value, or external location -type StringSourceSpec struct { - // Value specifies the cleartext value, or an encrypted value if keyFile is specified. - Value string `json:"value"` - - // Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified. - Env string `json:"env"` - - // File references a file containing the cleartext value, or an encrypted value if a keyFile is specified. - File string `json:"file"` - - // KeyFile references a file containing the key to use to decrypt the value. - KeyFile string `json:"keyFile"` -} - -// RemoteConnectionInfo holds information necessary for establishing a remote connection -type RemoteConnectionInfo struct { - // URL is the remote URL to connect to - URL string `json:"url"` - // CA is the CA for verifying TLS connections - CA string `json:"ca"` - // CertInfo is the TLS client cert information to present - // this is anonymous so that we can inline it for serialization - CertInfo `json:",inline"` -} - -type AdmissionConfig struct { - PluginConfig map[string]AdmissionPluginConfig `json:"pluginConfig,omitempty"` - - // enabledPlugins is a list of admission plugins that must be on in addition to the default list. - // Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon - // and can result in performance penalties and unexpected behavior. - EnabledAdmissionPlugins []string `json:"enabledPlugins,omitempty"` - - // disabledPlugins is a list of admission plugins that must be off. Putting something in this list - // is almost always a mistake and likely to result in cluster instability. - DisabledAdmissionPlugins []string `json:"disabledPlugins,omitempty"` -} - -// AdmissionPluginConfig holds the necessary configuration options for admission plugins -type AdmissionPluginConfig struct { - // Location is the path to a configuration file that contains the plugin's - // configuration - Location string `json:"location"` - - // Configuration is an embedded configuration object to be used as the plugin's - // configuration. If present, it will be used instead of the path to the configuration file. - // +nullable - // +kubebuilder:pruning:PreserveUnknownFields - Configuration runtime.RawExtension `json:"configuration"` -} - -type LogFormatType string - -type WebHookModeType string - -const ( - // LogFormatLegacy saves event in 1-line text format. - LogFormatLegacy LogFormatType = "legacy" - // LogFormatJson saves event in structured json format. - LogFormatJson LogFormatType = "json" - - // WebHookModeBatch indicates that the webhook should buffer audit events - // internally, sending batch updates either once a certain number of - // events have been received or a certain amount of time has passed. - WebHookModeBatch WebHookModeType = "batch" - // WebHookModeBlocking causes the webhook to block on every attempt to process - // a set of events. This causes requests to the API server to wait for a - // round trip to the external audit service before sending a response. - WebHookModeBlocking WebHookModeType = "blocking" -) - -// AuditConfig holds configuration for the audit capabilities -type AuditConfig struct { - // If this flag is set, audit log will be printed in the logs. - // The logs contains, method, user and a requested URL. - Enabled bool `json:"enabled"` - // All requests coming to the apiserver will be logged to this file. - AuditFilePath string `json:"auditFilePath"` - // Maximum number of days to retain old log files based on the timestamp encoded in their filename. - MaximumFileRetentionDays int32 `json:"maximumFileRetentionDays"` - // Maximum number of old log files to retain. - MaximumRetainedFiles int32 `json:"maximumRetainedFiles"` - // Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB. - MaximumFileSizeMegabytes int32 `json:"maximumFileSizeMegabytes"` - - // PolicyFile is a path to the file that defines the audit policy configuration. - PolicyFile string `json:"policyFile"` - // PolicyConfiguration is an embedded policy configuration object to be used - // as the audit policy configuration. If present, it will be used instead of - // the path to the policy file. - // +nullable - // +kubebuilder:pruning:PreserveUnknownFields - PolicyConfiguration runtime.RawExtension `json:"policyConfiguration"` - - // Format of saved audits (legacy or json). - LogFormat LogFormatType `json:"logFormat"` - - // Path to a .kubeconfig formatted file that defines the audit webhook configuration. - WebHookKubeConfig string `json:"webHookKubeConfig"` - // Strategy for sending audit events (block or batch). - WebHookMode WebHookModeType `json:"webHookMode"` -} - -// EtcdConnectionInfo holds information necessary for connecting to an etcd server -type EtcdConnectionInfo struct { - // URLs are the URLs for etcd - URLs []string `json:"urls,omitempty"` - // CA is a file containing trusted roots for the etcd server certificates - CA string `json:"ca"` - // CertInfo is the TLS client cert information for securing communication to etcd - // this is anonymous so that we can inline it for serialization - CertInfo `json:",inline"` -} - -type EtcdStorageConfig struct { - EtcdConnectionInfo `json:",inline"` - - // StoragePrefix is the path within etcd that the OpenShift resources will - // be rooted under. This value, if changed, will mean existing objects in etcd will - // no longer be located. - StoragePrefix string `json:"storagePrefix"` -} - -// GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd -type GenericAPIServerConfig struct { - // servingInfo describes how to start serving - ServingInfo HTTPServingInfo `json:"servingInfo"` - - // corsAllowedOrigins - CORSAllowedOrigins []string `json:"corsAllowedOrigins"` - - // auditConfig describes how to configure audit information - AuditConfig AuditConfig `json:"auditConfig"` - - // storageConfig contains information about how to use - StorageConfig EtcdStorageConfig `json:"storageConfig"` - - // admissionConfig holds information about how to configure admission. - AdmissionConfig AdmissionConfig `json:"admission"` - - KubeClientConfig KubeClientConfig `json:"kubeClientConfig"` -} - -type KubeClientConfig struct { - // kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config - KubeConfig string `json:"kubeConfig"` - - // connectionOverrides specifies client overrides for system components to loop back to this master. - ConnectionOverrides ClientConnectionOverrides `json:"connectionOverrides"` -} - -type ClientConnectionOverrides struct { - // acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the - // default value of 'application/json'. This field will control all connections to the server used by a particular - // client. - AcceptContentTypes string `json:"acceptContentTypes"` - // contentType is the content type used when sending data to the server from this client. - ContentType string `json:"contentType"` - - // qps controls the number of queries per second allowed for this connection. - QPS float32 `json:"qps"` - // burst allows extra queries to accumulate when a client is exceeding its rate. - Burst int32 `json:"burst"` -} - -// GenericControllerConfig provides information to configure a controller -type GenericControllerConfig struct { - // ServingInfo is the HTTP serving information for the controller's endpoints - ServingInfo HTTPServingInfo `json:"servingInfo"` - - // leaderElection provides information to elect a leader. Only override this if you have a specific need - LeaderElection LeaderElection `json:"leaderElection"` - - // authentication allows configuration of authentication for the endpoints - Authentication DelegatedAuthentication `json:"authentication"` - // authorization allows configuration of authentication for the endpoints - Authorization DelegatedAuthorization `json:"authorization"` -} - -// DelegatedAuthentication allows authentication to be disabled. -type DelegatedAuthentication struct { - // disabled indicates that authentication should be disabled. By default it will use delegated authentication. - Disabled bool `json:"disabled,omitempty"` -} - -// DelegatedAuthorization allows authorization to be disabled. -type DelegatedAuthorization struct { - // disabled indicates that authorization should be disabled. By default it will use delegated authorization. - Disabled bool `json:"disabled,omitempty"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go deleted file mode 100644 index b347bd80eb6..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ /dev/null @@ -1,118 +0,0 @@ -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// APIServer holds configuration (like serving certificates, client CA and CORS domains) -// shared by all API servers in the system, among them especially kube-apiserver -// and openshift-apiserver. The canonical name of an instance is 'cluster'. -type APIServer struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - // +kubebuilder:validation:Required - // +required - Spec APIServerSpec `json:"spec"` - // +optional - Status APIServerStatus `json:"status"` -} - -type APIServerSpec struct { - // servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates - // will be used for serving secure traffic. - // +optional - ServingCerts APIServerServingCerts `json:"servingCerts"` - // clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for - // incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. - // You usually only have to set this if you have your own PKI you wish to honor client certificates from. - // The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - // - ConfigMap.Data["ca-bundle.crt"] - CA bundle. - // +optional - ClientCA ConfigMapNameReference `json:"clientCA"` - // additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the - // API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth - // server from JavaScript applications. - // The values are regular expressions that correspond to the Golang regular expression language. - // +optional - AdditionalCORSAllowedOrigins []string `json:"additionalCORSAllowedOrigins,omitempty"` - // encryption allows the configuration of encryption of resources at the datastore layer. - // +optional - Encryption APIServerEncryption `json:"encryption"` - // tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. - // - // If unset, a default (which may change between releases) is chosen. Note that only Old and - // Intermediate profiles are currently supported, and the maximum available MinTLSVersions - // is VersionTLS12. - // +optional - TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` -} - -type APIServerServingCerts struct { - // namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. - // If no named certificates are provided, or no named certificates match the server name as understood by a client, - // the defaultServingCertificate will be used. - // +optional - NamedCertificates []APIServerNamedServingCert `json:"namedCertificates,omitempty"` -} - -// APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate. -type APIServerNamedServingCert struct { - // names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to - // serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. - // Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. - // +optional - Names []string `json:"names,omitempty"` - // servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. - // The secret must exist in the openshift-config namespace and contain the following required fields: - // - Secret.Data["tls.key"] - TLS private key. - // - Secret.Data["tls.crt"] - TLS certificate. - ServingCertificate SecretNameReference `json:"servingCertificate"` -} - -type APIServerEncryption struct { - // type defines what encryption type should be used to encrypt resources at the datastore layer. - // When this field is unset (i.e. when it is set to the empty string), identity is implied. - // The behavior of unset can and will change over time. Even if encryption is enabled by default, - // the meaning of unset may change to a different encryption type based on changes in best practices. - // - // When encryption is enabled, all sensitive resources shipped with the platform are encrypted. - // This list of sensitive resources can and will change over time. The current authoritative list is: - // - // 1. secrets - // 2. configmaps - // 3. routes.route.openshift.io - // 4. oauthaccesstokens.oauth.openshift.io - // 5. oauthauthorizetokens.oauth.openshift.io - // - // +unionDiscriminator - // +optional - Type EncryptionType `json:"type,omitempty"` -} - -// +kubebuilder:validation:Enum="";identity;aescbc -type EncryptionType string - -const ( - // identity refers to a type where no encryption is performed at the datastore layer. - // Resources are written as-is without encryption. - EncryptionTypeIdentity EncryptionType = "identity" - - // aescbc refers to a type where AES-CBC with PKCS#7 padding and a 32-byte key - // is used to perform encryption at the datastore layer. - EncryptionTypeAESCBC EncryptionType = "aescbc" -) - -type APIServerStatus struct { -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type APIServerList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - Items []APIServer `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go deleted file mode 100644 index df2cdf2b9ae..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ /dev/null @@ -1,124 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Authentication specifies cluster-wide settings for authentication (like OAuth and -// webhook token authenticators). The canonical name of an instance is `cluster`. -type Authentication struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +kubebuilder:validation:Required - // +required - Spec AuthenticationSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status AuthenticationStatus `json:"status"` -} - -type AuthenticationSpec struct { - // type identifies the cluster managed, user facing authentication mode in use. - // Specifically, it manages the component that responds to login attempts. - // The default is IntegratedOAuth. - // +optional - Type AuthenticationType `json:"type"` - - // oauthMetadata contains the discovery endpoint data for OAuth 2.0 - // Authorization Server Metadata for an external OAuth server. - // This discovery document can be viewed from its served location: - // oc get --raw '/.well-known/oauth-authorization-server' - // For further details, see the IETF Draft: - // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - // If oauthMetadata.name is non-empty, this value has precedence - // over any metadata reference stored in status. - // The key "oauthMetadata" is used to locate the data. - // If specified and the config map or expected key is not found, no metadata is served. - // If the specified metadata is not valid, no metadata is served. - // The namespace for this config map is openshift-config. - // +optional - OAuthMetadata ConfigMapNameReference `json:"oauthMetadata"` - - // webhookTokenAuthenticators configures remote token reviewers. - // These remote authentication webhooks can be used to verify bearer tokens - // via the tokenreviews.authentication.k8s.io REST API. This is required to - // honor bearer tokens that are provisioned by an external authentication service. - // The namespace for these secrets is openshift-config. - // +optional - WebhookTokenAuthenticators []WebhookTokenAuthenticator `json:"webhookTokenAuthenticators,omitempty"` - - // serviceAccountIssuer is the identifier of the bound service account token - // issuer. - // The default is auth.openshift.io. - // +optional - ServiceAccountIssuer string `json:"serviceAccountIssuer"` -} - -type AuthenticationStatus struct { - // integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 - // Authorization Server Metadata for the in-cluster integrated OAuth server. - // This discovery document can be viewed from its served location: - // oc get --raw '/.well-known/oauth-authorization-server' - // For further details, see the IETF Draft: - // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - // This contains the observed value based on cluster state. - // An explicitly set value in spec.oauthMetadata has precedence over this field. - // This field has no meaning if authentication spec.type is not set to IntegratedOAuth. - // The key "oauthMetadata" is used to locate the data. - // If the config map or expected key is not found, no metadata is served. - // If the specified metadata is not valid, no metadata is served. - // The namespace for this config map is openshift-config-managed. - IntegratedOAuthMetadata ConfigMapNameReference `json:"integratedOAuthMetadata"` - - // TODO if we add support for an in-cluster operator managed Keycloak instance - // KeycloakOAuthMetadata ConfigMapNameReference `json:"keycloakOAuthMetadata"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type AuthenticationList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Authentication `json:"items"` -} - -type AuthenticationType string - -const ( - // None means that no cluster managed authentication system is in place. - // Note that user login will only work if a manually configured system is in place and - // referenced in authentication spec via oauthMetadata and webhookTokenAuthenticators. - AuthenticationTypeNone AuthenticationType = "None" - - // IntegratedOAuth refers to the cluster managed OAuth server. - // It is configured via the top level OAuth config. - AuthenticationTypeIntegratedOAuth AuthenticationType = "IntegratedOAuth" - - // TODO if we add support for an in-cluster operator managed Keycloak instance - // AuthenticationTypeKeycloak AuthenticationType = "Keycloak" -) - -// webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator -type WebhookTokenAuthenticator struct { - // kubeConfig contains kube config file data which describes how to access the remote webhook service. - // For further details, see: - // https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - // The key "kubeConfig" is used to locate the data. - // If the secret or expected key is not found, the webhook is not honored. - // If the specified kube config data is not valid, the webhook is not honored. - // The namespace for this secret is determined by the point of use. - KubeConfig SecretNameReference `json:"kubeConfig"` -} - -const ( - // OAuthMetadataKey is the key for the oauth authorization server metadata - OAuthMetadataKey = "oauthMetadata" - - // KubeConfigKey is the key for the kube config file data in a secret - KubeConfigKey = "kubeConfig" -) diff --git a/vendor/github.com/openshift/api/config/v1/types_build.go b/vendor/github.com/openshift/api/config/v1/types_build.go deleted file mode 100644 index ef4512aa170..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_build.go +++ /dev/null @@ -1,109 +0,0 @@ -package v1 - -import ( - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Build configures the behavior of OpenShift builds for the entire cluster. -// This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. -// -// The canonical name is "cluster" -type Build struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // Spec holds user-settable values for the build controller configuration - // +kubebuilder:validation:Required - // +required - Spec BuildSpec `json:"spec"` -} - -type BuildSpec struct { - // AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that - // should be trusted for image pushes and pulls during builds. - // The namespace for this config map is openshift-config. - // - // DEPRECATED: Additional CAs for image pull and push should be set on - // image.config.openshift.io/cluster instead. - // - // +optional - AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"` - // BuildDefaults controls the default information for Builds - // +optional - BuildDefaults BuildDefaults `json:"buildDefaults"` - // BuildOverrides controls override settings for builds - // +optional - BuildOverrides BuildOverrides `json:"buildOverrides"` -} - -type BuildDefaults struct { - // DefaultProxy contains the default proxy settings for all build operations, including image pull/push - // and source download. - // - // Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables - // in the build config's strategy. - // +optional - DefaultProxy *ProxySpec `json:"defaultProxy,omitempty"` - - // GitProxy contains the proxy settings for git operations only. If set, this will override - // any Proxy settings for all git commands, such as git clone. - // - // Values that are not set here will be inherited from DefaultProxy. - // +optional - GitProxy *ProxySpec `json:"gitProxy,omitempty"` - - // Env is a set of default environment variables that will be applied to the - // build if the specified variables do not exist on the build - // +optional - Env []corev1.EnvVar `json:"env,omitempty"` - - // ImageLabels is a list of docker labels that are applied to the resulting image. - // User can override a default label by providing a label with the same name in their - // Build/BuildConfig. - // +optional - ImageLabels []ImageLabel `json:"imageLabels,omitempty"` - - // Resources defines resource requirements to execute the build. - // +optional - Resources corev1.ResourceRequirements `json:"resources"` -} - -type ImageLabel struct { - // Name defines the name of the label. It must have non-zero length. - Name string `json:"name"` - - // Value defines the literal value of the label. - // +optional - Value string `json:"value,omitempty"` -} - -type BuildOverrides struct { - // ImageLabels is a list of docker labels that are applied to the resulting image. - // If user provided a label in their Build/BuildConfig with the same name as one in this - // list, the user's label will be overwritten. - // +optional - ImageLabels []ImageLabel `json:"imageLabels,omitempty"` - - // NodeSelector is a selector which must be true for the build pod to fit on a node - // +optional - NodeSelector map[string]string `json:"nodeSelector,omitempty"` - - // Tolerations is a list of Tolerations that will override any existing - // tolerations set on a build pod. - // +optional - Tolerations []corev1.Toleration `json:"tolerations,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type BuildList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Build `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go deleted file mode 100644 index 3681d0ff02b..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ /dev/null @@ -1,184 +0,0 @@ -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterOperator is the Custom Resource object which holds the current state -// of an operator. This object is used by operators to convey their state to -// the rest of the cluster. -type ClusterOperator struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata"` - - // spec holds configuration that could apply to any operator. - // +kubebuilder:validation:Required - // +required - Spec ClusterOperatorSpec `json:"spec"` - - // status holds the information about the state of an operator. It is consistent with status information across - // the Kubernetes ecosystem. - // +optional - Status ClusterOperatorStatus `json:"status"` -} - -// ClusterOperatorSpec is empty for now, but you could imagine holding information like "pause". -type ClusterOperatorSpec struct { -} - -// ClusterOperatorStatus provides information about the status of the operator. -// +k8s:deepcopy-gen=true -type ClusterOperatorStatus struct { - // conditions describes the state of the operator's managed and monitored components. - // +patchMergeKey=type - // +patchStrategy=merge - // +optional - Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` - - // versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple - // operand entries in the array. Available operators must report the version of the operator itself with the name "operator". - // An operator reports a new "operator" version when it has rolled out the new version to all of its operands. - // +optional - Versions []OperandVersion `json:"versions,omitempty"` - - // relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are: - // 1. the detailed resource driving the operator - // 2. operator namespaces - // 3. operand namespaces - // +optional - RelatedObjects []ObjectReference `json:"relatedObjects,omitempty"` - - // extension contains any additional status information specific to the - // operator which owns this status object. - // +nullable - // +optional - // +kubebuilder:pruning:PreserveUnknownFields - Extension runtime.RawExtension `json:"extension"` -} - -type OperandVersion struct { - // name is the name of the particular operand this version is for. It usually matches container images, not operators. - // +kubebuilder:validation:Required - // +required - Name string `json:"name"` - - // version indicates which version of a particular operand is currently being managed. It must always match the Available - // operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout - // 1.1.0 - // +kubebuilder:validation:Required - // +required - Version string `json:"version"` -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -type ObjectReference struct { - // group of the referent. - // +kubebuilder:validation:Required - // +required - Group string `json:"group"` - // resource of the referent. - // +kubebuilder:validation:Required - // +required - Resource string `json:"resource"` - // namespace of the referent. - // +optional - Namespace string `json:"namespace,omitempty"` - // name of the referent. - // +kubebuilder:validation:Required - // +required - Name string `json:"name"` -} - -type ConditionStatus string - -// These are valid condition statuses. "ConditionTrue" means a resource is in the condition. -// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes -// can't decide if a resource is in the condition or not. In the future, we could add other -// intermediate conditions, e.g. ConditionDegraded. -const ( - ConditionTrue ConditionStatus = "True" - ConditionFalse ConditionStatus = "False" - ConditionUnknown ConditionStatus = "Unknown" -) - -// ClusterOperatorStatusCondition represents the state of the operator's -// managed and monitored components. -// +k8s:deepcopy-gen=true -type ClusterOperatorStatusCondition struct { - // type specifies the aspect reported by this condition. - // +kubebuilder:validation:Required - // +required - Type ClusterStatusConditionType `json:"type"` - - // status of the condition, one of True, False, Unknown. - // +kubebuilder:validation:Required - // +required - Status ConditionStatus `json:"status"` - - // lastTransitionTime is the time of the last update to the current status property. - // +kubebuilder:validation:Required - // +required - LastTransitionTime metav1.Time `json:"lastTransitionTime"` - - // reason is the CamelCase reason for the condition's current status. - // +optional - Reason string `json:"reason,omitempty"` - - // message provides additional information about the current condition. - // This is only to be consumed by humans. - // +optional - Message string `json:"message,omitempty"` -} - -// ClusterStatusConditionType is an aspect of operator state. -type ClusterStatusConditionType string - -const ( - // Available indicates that the operand (eg: openshift-apiserver for the - // openshift-apiserver-operator), is functional and available in the cluster. - OperatorAvailable ClusterStatusConditionType = "Available" - - // Progressing indicates that the operator is actively rolling out new code, - // propagating config changes, or otherwise moving from one steady state to - // another. Operators should not report progressing when they are reconciling - // a previously known state. - OperatorProgressing ClusterStatusConditionType = "Progressing" - - // Degraded indicates that the operator's current state does not match its - // desired state over a period of time resulting in a lower quality of service. - // The period of time may vary by component, but a Degraded state represents - // persistent observation of a condition. As a result, a component should not - // oscillate in and out of Degraded state. A service may be Available even - // if its degraded. For example, your service may desire 3 running pods, but 1 - // pod is crash-looping. The service is Available but Degraded because it - // may have a lower quality of service. A component may be Progressing but - // not Degraded because the transition from one state to another does not - // persist over a long enough period to report Degraded. A service should not - // report Degraded during the course of a normal upgrade. A service may report - // Degraded in response to a persistent infrastructure failure that requires - // administrator intervention. For example, if a control plane host is unhealthy - // and must be replaced. An operator should report Degraded if unexpected - // errors occur over a period, but the expectation is that all unexpected errors - // are handled as operators mature. - OperatorDegraded ClusterStatusConditionType = "Degraded" - - // Upgradeable indicates whether the operator is in a state that is safe to upgrade. When status is `False` - // administrators should not upgrade their cluster and the message field should contain a human readable description - // of what the administrator should do to allow the operator to successfully update. A missing condition, True, - // and Unknown are all treated by the CVO as allowing an upgrade. - OperatorUpgradeable ClusterStatusConditionType = "Upgradeable" -) - -// ClusterOperatorList is a list of OperatorStatus resources. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type ClusterOperatorList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []ClusterOperator `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go deleted file mode 100644 index 771e962add0..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ /dev/null @@ -1,267 +0,0 @@ -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterVersion is the configuration for the ClusterVersionOperator. This is where -// parameters related to automatic updates can be set. -type ClusterVersion struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec is the desired state of the cluster version - the operator will work - // to ensure that the desired version is applied to the cluster. - // +kubebuilder:validation:Required - // +required - Spec ClusterVersionSpec `json:"spec"` - // status contains information about the available updates and any in-progress - // updates. - // +optional - Status ClusterVersionStatus `json:"status"` -} - -// ClusterVersionSpec is the desired version state of the cluster. It includes -// the version the cluster should be at, how the cluster is identified, and -// where the cluster should look for version updates. -// +k8s:deepcopy-gen=true -type ClusterVersionSpec struct { - // clusterID uniquely identifies this cluster. This is expected to be - // an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in - // hexadecimal values). This is a required field. - // +kubebuilder:validation:Required - // +required - ClusterID ClusterID `json:"clusterID"` - - // desiredUpdate is an optional field that indicates the desired value of - // the cluster version. Setting this value will trigger an upgrade (if - // the current version does not match the desired version). The set of - // recommended update values is listed as part of available updates in - // status, and setting values outside that range may cause the upgrade - // to fail. You may specify the version field without setting image if - // an update exists with that version in the availableUpdates or history. - // - // If an upgrade fails the operator will halt and report status - // about the failing component. Setting the desired update value back to - // the previous version will cause a rollback to be attempted. Not all - // rollbacks will succeed. - // - // +optional - DesiredUpdate *Update `json:"desiredUpdate,omitempty"` - - // upstream may be used to specify the preferred update server. By default - // it will use the appropriate update server for the cluster and region. - // - // +optional - Upstream URL `json:"upstream,omitempty"` - // channel is an identifier for explicitly requesting that a non-default - // set of updates be applied to this cluster. The default channel will be - // contain stable updates that are appropriate for production clusters. - // - // +optional - Channel string `json:"channel,omitempty"` - - // overrides is list of overides for components that are managed by - // cluster version operator. Marking a component unmanaged will prevent - // the operator from creating or updating the object. - // +optional - Overrides []ComponentOverride `json:"overrides,omitempty"` -} - -// ClusterVersionStatus reports the status of the cluster versioning, -// including any upgrades that are in progress. The current field will -// be set to whichever version the cluster is reconciling to, and the -// conditions array will report whether the update succeeded, is in -// progress, or is failing. -// +k8s:deepcopy-gen=true -type ClusterVersionStatus struct { - // desired is the version that the cluster is reconciling towards. - // If the cluster is not yet fully initialized desired will be set - // with the information available, which may be an image or a tag. - // +kubebuilder:validation:Required - // +required - Desired Update `json:"desired"` - - // history contains a list of the most recent versions applied to the cluster. - // This value may be empty during cluster startup, and then will be updated - // when a new update is being applied. The newest update is first in the - // list and it is ordered by recency. Updates in the history have state - // Completed if the rollout completed - if an update was failing or halfway - // applied the state will be Partial. Only a limited amount of update history - // is preserved. - // +optional - History []UpdateHistory `json:"history,omitempty"` - - // observedGeneration reports which version of the spec is being synced. - // If this value is not equal to metadata.generation, then the desired - // and conditions fields may represent a previous version. - // +kubebuilder:validation:Required - // +required - ObservedGeneration int64 `json:"observedGeneration"` - - // versionHash is a fingerprint of the content that the cluster will be - // updated with. It is used by the operator to avoid unnecessary work - // and is for internal use only. - // +kubebuilder:validation:Required - // +required - VersionHash string `json:"versionHash"` - - // conditions provides information about the cluster version. The condition - // "Available" is set to true if the desiredUpdate has been reached. The - // condition "Progressing" is set to true if an update is being applied. - // The condition "Degraded" is set to true if an update is currently blocked - // by a temporary or permanent error. Conditions are only valid for the - // current desiredUpdate when metadata.generation is equal to - // status.generation. - // +optional - Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty"` - - // availableUpdates contains the list of updates that are appropriate - // for this cluster. This list may be empty if no updates are recommended, - // if the update service is unavailable, or if an invalid channel has - // been specified. - // +nullable - // +kubebuilder:validation:Required - // +required - AvailableUpdates []Update `json:"availableUpdates"` -} - -// UpdateState is a constant representing whether an update was successfully -// applied to the cluster or not. -type UpdateState string - -const ( - // CompletedUpdate indicates an update was successfully applied - // to the cluster (all resource updates were successful). - CompletedUpdate UpdateState = "Completed" - // PartialUpdate indicates an update was never completely applied - // or is currently being applied. - PartialUpdate UpdateState = "Partial" -) - -// UpdateHistory is a single attempted update to the cluster. -type UpdateHistory struct { - // state reflects whether the update was fully applied. The Partial state - // indicates the update is not fully applied, while the Completed state - // indicates the update was successfully rolled out at least once (all - // parts of the update successfully applied). - // +kubebuilder:validation:Required - // +required - State UpdateState `json:"state"` - - // startedTime is the time at which the update was started. - // +kubebuilder:validation:Required - // +required - StartedTime metav1.Time `json:"startedTime"` - // completionTime, if set, is when the update was fully applied. The update - // that is currently being applied will have a null completion time. - // Completion time will always be set for entries that are not the current - // update (usually to the started time of the next update). - // +kubebuilder:validation:Required - // +required - // +nullable - CompletionTime *metav1.Time `json:"completionTime"` - - // version is a semantic versioning identifying the update version. If the - // requested image does not define a version, or if a failure occurs - // retrieving the image, this value may be empty. - // - // +optional - Version string `json:"version"` - // image is a container image location that contains the update. This value - // is always populated. - // +kubebuilder:validation:Required - // +required - Image string `json:"image"` - // verified indicates whether the provided update was properly verified - // before it was installed. If this is false the cluster may not be trusted. - // +kubebuilder:validation:Required - // +required - Verified bool `json:"verified"` -} - -// ClusterID is string RFC4122 uuid. -type ClusterID string - -// ComponentOverride allows overriding cluster version operator's behavior -// for a component. -// +k8s:deepcopy-gen=true -type ComponentOverride struct { - // kind indentifies which object to override. - // +kubebuilder:validation:Required - // +required - Kind string `json:"kind"` - // group identifies the API group that the kind is in. - // +kubebuilder:validation:Required - // +required - Group string `json:"group"` - - // namespace is the component's namespace. If the resource is cluster - // scoped, the namespace should be empty. - // +kubebuilder:validation:Required - // +required - Namespace string `json:"namespace"` - // name is the component's name. - // +kubebuilder:validation:Required - // +required - Name string `json:"name"` - - // unmanaged controls if cluster version operator should stop managing the - // resources in this cluster. - // Default: false - // +kubebuilder:validation:Required - // +required - Unmanaged bool `json:"unmanaged"` -} - -// URL is a thin wrapper around string that ensures the string is a valid URL. -type URL string - -// Update represents a release of the ClusterVersionOperator, referenced by the -// Image member. -// +k8s:deepcopy-gen=true -type Update struct { - // version is a semantic versioning identifying the update version. When this - // field is part of spec, version is optional if image is specified. - // - // +optional - Version string `json:"version"` - // image is a container image location that contains the update. When this - // field is part of spec, image is optional if version is specified and the - // availableUpdates field contains a matching version. - // - // +optional - Image string `json:"image"` - // force allows an administrator to update to an image that has failed - // verification, does not appear in the availableUpdates list, or otherwise - // would be blocked by normal protections on update. This option should only - // be used when the authenticity of the provided image has been verified out - // of band because the provided image will run with full administrative access - // to the cluster. Do not use this flag with images that comes from unknown - // or potentially malicious sources. - // - // This flag does not override other forms of consistency checking that are - // required before a new update is deployed. - // - // +optional - Force bool `json:"force"` -} - -// RetrievedUpdates reports whether available updates have been retrieved from -// the upstream update server. The condition is Unknown before retrieval, False -// if the updates could not be retrieved or recently failed, or True if the -// availableUpdates field is accurate and recent. -const RetrievedUpdates ClusterStatusConditionType = "RetrievedUpdates" - -// ClusterVersionList is a list of ClusterVersion resources. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type ClusterVersionList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []ClusterVersion `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_console.go b/vendor/github.com/openshift/api/config/v1/types_console.go deleted file mode 100644 index 22b0b5160ae..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_console.go +++ /dev/null @@ -1,62 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Console holds cluster-wide configuration for the web console, including the -// logout URL, and reports the public URL of the console. The canonical name is -// `cluster`. -type Console struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +kubebuilder:validation:Required - // +required - Spec ConsoleSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status ConsoleStatus `json:"status"` -} - -// ConsoleSpec is the specification of the desired behavior of the Console. -type ConsoleSpec struct { - // +optional - Authentication ConsoleAuthentication `json:"authentication"` -} - -// ConsoleStatus defines the observed status of the Console. -type ConsoleStatus struct { - // The URL for the console. This will be derived from the host for the route that - // is created for the console. - ConsoleURL string `json:"consoleURL"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type ConsoleList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Console `json:"items"` -} - -// ConsoleAuthentication defines a list of optional configuration for console authentication. -type ConsoleAuthentication struct { - // An optional, absolute URL to redirect web browsers to after logging out of - // the console. If not specified, it will redirect to the default login page. - // This is required when using an identity provider that supports single - // sign-on (SSO) such as: - // - OpenID (Keycloak, Azure) - // - RequestHeader (GSSAPI, SSPI, SAML) - // - OAuth (GitHub, GitLab, Google) - // Logging out of the console will destroy the user's token. The logoutRedirect - // provides the user the option to perform single logout (SLO) through the identity - // provider to destroy their single sign-on session. - // +optional - // +kubebuilder:validation:Pattern=`^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$` - LogoutRedirect string `json:"logoutRedirect,omitempty"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_dns.go b/vendor/github.com/openshift/api/config/v1/types_dns.go deleted file mode 100644 index 989ef99c3cd..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_dns.go +++ /dev/null @@ -1,87 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// DNS holds cluster-wide information about DNS. The canonical name is `cluster` -type DNS struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +kubebuilder:validation:Required - // +required - Spec DNSSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status DNSStatus `json:"status"` -} - -type DNSSpec struct { - // baseDomain is the base domain of the cluster. All managed DNS records will - // be sub-domains of this base. - // - // For example, given the base domain `openshift.example.com`, an API server - // DNS record may be created for `cluster-api.openshift.example.com`. - // - // Once set, this field cannot be changed. - BaseDomain string `json:"baseDomain"` - // publicZone is the location where all the DNS records that are publicly accessible to - // the internet exist. - // - // If this field is nil, no public records should be created. - // - // Once set, this field cannot be changed. - // - // +optional - PublicZone *DNSZone `json:"publicZone,omitempty"` - // privateZone is the location where all the DNS records that are only available internally - // to the cluster exist. - // - // If this field is nil, no private records should be created. - // - // Once set, this field cannot be changed. - // - // +optional - PrivateZone *DNSZone `json:"privateZone,omitempty"` -} - -// DNSZone is used to define a DNS hosted zone. -// A zone can be identified by an ID or tags. -type DNSZone struct { - // id is the identifier that can be used to find the DNS hosted zone. - // - // on AWS zone can be fetched using `ID` as id in [1] - // on Azure zone can be fetched using `ID` as a pre-determined name in [2], - // on GCP zone can be fetched using `ID` as a pre-determined name in [3]. - // - // [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - // [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - // [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get - // +optional - ID string `json:"id,omitempty"` - - // tags can be used to query the DNS hosted zone. - // - // on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, - // - // [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options - // +optional - Tags map[string]string `json:"tags,omitempty"` -} - -type DNSStatus struct { - // dnsSuffix (service-ca amongst others) -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type DNSList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []DNS `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go deleted file mode 100644 index ce901262729..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ /dev/null @@ -1,194 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Feature holds cluster-wide information about feature gates. The canonical name is `cluster` -type FeatureGate struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +kubebuilder:validation:Required - // +required - Spec FeatureGateSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status FeatureGateStatus `json:"status"` -} - -type FeatureSet string - -var ( - // Default feature set that allows upgrades. - Default FeatureSet = "" - - // TechPreviewNoUpgrade turns on tech preview features that are not part of the normal supported platform. Turning - // this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES. - TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade" - - // CustomNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. - // Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations - // your cluster may fail in an unrecoverable way. - CustomNoUpgrade FeatureSet = "CustomNoUpgrade" - - // TopologyManager enables ToplogyManager support. Upgrades are enabled with this feature. - LatencySensitive FeatureSet = "LatencySensitive" -) - -type FeatureGateSpec struct { - FeatureGateSelection `json:",inline"` -} - -// +union -type FeatureGateSelection struct { - // featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. - // Turning on or off features may cause irreversible changes in your cluster which cannot be undone. - // +unionDiscriminator - // +optional - FeatureSet FeatureSet `json:"featureSet,omitempty"` - - // customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. - // Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations - // your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field. - // +optional - // +nullable - CustomNoUpgrade *CustomFeatureGates `json:"customNoUpgrade,omitempty"` -} - -type CustomFeatureGates struct { - // enabled is a list of all feature gates that you want to force on - // +optional - Enabled []string `json:"enabled,omitempty"` - // disabled is a list of all feature gates that you want to force off - // +optional - Disabled []string `json:"disabled,omitempty"` -} - -type FeatureGateStatus struct { -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type FeatureGateList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []FeatureGate `json:"items"` -} - -type FeatureGateEnabledDisabled struct { - Enabled []string - Disabled []string -} - -// FeatureSets Contains a map of Feature names to Enabled/Disabled Feature. -// -// NOTE: The caller needs to make sure to check for the existence of the value -// using golang's existence field. A possible scenario is an upgrade where new -// FeatureSets are added and a controller has not been upgraded with a newer -// version of this file. In this upgrade scenario the map could return nil. -// -// example: -// if featureSet, ok := FeatureSets["SomeNewFeature"]; ok { } -// -// If you put an item in either of these lists, put your area and name on it so we can find owners. -var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ - Default: defaultFeatures, - CustomNoUpgrade: { - Enabled: []string{}, - Disabled: []string{}, - }, - TechPreviewNoUpgrade: newDefaultFeatures().toFeatures(), - LatencySensitive: newDefaultFeatures(). - with( - "TopologyManager", // sig-pod, sjenning - ). - toFeatures(), -} - -var defaultFeatures = &FeatureGateEnabledDisabled{ - Enabled: []string{ - "RotateKubeletServerCertificate", // sig-pod, sjenning - "SupportPodPidsLimit", // sig-pod, sjenning - "NodeDisruptionExclusion", // sig-scheduling, ccoleman - "ServiceNodeExclusion", // sig-scheduling, ccoleman - "SCTPSupport", // sig-network, ccallend - }, - Disabled: []string{ - "LegacyNodeRoleBehavior", // sig-scheduling, ccoleman - }, -} - -type featureSetBuilder struct { - forceOn []string - forceOff []string -} - -func newDefaultFeatures() *featureSetBuilder { - return &featureSetBuilder{} -} - -func (f *featureSetBuilder) with(forceOn ...string) *featureSetBuilder { - f.forceOn = append(f.forceOn, forceOn...) - return f -} - -func (f *featureSetBuilder) without(forceOff ...string) *featureSetBuilder { - f.forceOff = append(f.forceOff, forceOff...) - return f -} - -func (f *featureSetBuilder) isForcedOff(needle string) bool { - for _, forcedOff := range f.forceOff { - if needle == forcedOff { - return true - } - } - return false -} - -func (f *featureSetBuilder) isForcedOn(needle string) bool { - for _, forceOn := range f.forceOn { - if needle == forceOn { - return true - } - } - return false -} - -func (f *featureSetBuilder) toFeatures() *FeatureGateEnabledDisabled { - finalOn := []string{} - finalOff := []string{} - - // only add the default enabled features if they haven't been explicitly set off - for _, defaultOn := range defaultFeatures.Enabled { - if !f.isForcedOff(defaultOn) { - finalOn = append(finalOn, defaultOn) - } - } - for _, currOn := range f.forceOn { - if f.isForcedOff(currOn) { - panic("coding error, you can't have features both on and off") - } - finalOn = append(finalOn, currOn) - } - - // only add the default disabled features if they haven't been explicitly set on - for _, defaultOff := range defaultFeatures.Disabled { - if !f.isForcedOn(defaultOff) { - finalOff = append(finalOff, defaultOff) - } - } - for _, currOff := range f.forceOff { - finalOff = append(finalOff, currOff) - } - - return &FeatureGateEnabledDisabled{ - Enabled: finalOn, - Disabled: finalOff, - } -} diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go deleted file mode 100644 index 63d3d1379bc..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ /dev/null @@ -1,115 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Image governs policies related to imagestream imports and runtime configuration -// for external registries. It allows cluster admins to configure which registries -// OpenShift is allowed to import images from, extra CA trust bundles for external -// registries, and policies to block or allow registry hostnames. -// When exposing OpenShift's image registry to the public, this also lets cluster -// admins specify the external hostname. -type Image struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +kubebuilder:validation:Required - // +required - Spec ImageSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status ImageStatus `json:"status"` -} - -type ImageSpec struct { - // allowedRegistriesForImport limits the container image registries that normal users may import - // images from. Set this list to the registries that you trust to contain valid Docker - // images and that you want applications to be able to import from. Users with - // permission to create Images or ImageStreamMappings via the API are not affected by - // this policy - typically only administrators or system integrations will have those - // permissions. - // +optional - AllowedRegistriesForImport []RegistryLocation `json:"allowedRegistriesForImport,omitempty"` - - // externalRegistryHostnames provides the hostnames for the default external image - // registry. The external hostname should be set only when the image registry - // is exposed externally. The first value is used in 'publicDockerImageRepository' - // field in ImageStreams. The value must be in "hostname[:port]" format. - // +optional - ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"` - - // additionalTrustedCA is a reference to a ConfigMap containing additional CAs that - // should be trusted during imagestream import, pod image pull, build image pull, and - // imageregistry pullthrough. - // The namespace for this config map is openshift-config. - // +optional - AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"` - - // registrySources contains configuration that determines how the container runtime - // should treat individual registries when accessing images for builds+pods. (e.g. - // whether or not to allow insecure access). It does not contain configuration for the - // internal cluster registry. - // +optional - RegistrySources RegistrySources `json:"registrySources"` -} - -type ImageStatus struct { - - // internalRegistryHostname sets the hostname for the default internal image - // registry. The value must be in "hostname[:port]" format. - // This value is set by the image registry operator which controls the internal registry - // hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY - // environment variable but this setting overrides the environment variable. - // +optional - InternalRegistryHostname string `json:"internalRegistryHostname,omitempty"` - - // externalRegistryHostnames provides the hostnames for the default external image - // registry. The external hostname should be set only when the image registry - // is exposed externally. The first value is used in 'publicDockerImageRepository' - // field in ImageStreams. The value must be in "hostname[:port]" format. - // +optional - ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type ImageList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Image `json:"items"` -} - -// RegistryLocation contains a location of the registry specified by the registry domain -// name. The domain name might include wildcards, like '*' or '??'. -type RegistryLocation struct { - // domainName specifies a domain name for the registry - // In case the registry use non-standard (80 or 443) port, the port should be included - // in the domain name as well. - DomainName string `json:"domainName"` - // insecure indicates whether the registry is secure (https) or insecure (http) - // By default (if not specified) the registry is assumed as secure. - // +optional - Insecure bool `json:"insecure,omitempty"` -} - -// RegistrySources holds cluster-wide information about how to handle the registries config. -type RegistrySources struct { - // insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. - // +optional - InsecureRegistries []string `json:"insecureRegistries,omitempty"` - // blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. - // - // Only one of BlockedRegistries or AllowedRegistries may be set. - // +optional - BlockedRegistries []string `json:"blockedRegistries,omitempty"` - // allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. - // - // Only one of BlockedRegistries or AllowedRegistries may be set. - // +optional - AllowedRegistries []string `json:"allowedRegistries,omitempty"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go deleted file mode 100644 index 8ca323df027..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ /dev/null @@ -1,296 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` -type Infrastructure struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +kubebuilder:validation:Required - // +required - Spec InfrastructureSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status InfrastructureStatus `json:"status"` -} - -// InfrastructureSpec contains settings that apply to the cluster infrastructure. -type InfrastructureSpec struct { - // cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. - // This configuration file is used to configure the Kubernetes cloud provider integration - // when using the built-in cloud provider integration or the external cloud controller manager. - // The namespace for this config map is openshift-config. - // +optional - CloudConfig ConfigMapFileReference `json:"cloudConfig"` -} - -// InfrastructureStatus describes the infrastructure the cluster is leveraging. -type InfrastructureStatus struct { - // infrastructureName uniquely identifies a cluster with a human friendly name. - // Once set it should not be changed. Must be of max length 27 and must have only - // alphanumeric or hyphen characters. - InfrastructureName string `json:"infrastructureName"` - - // platform is the underlying infrastructure provider for the cluster. - // - // Deprecated: Use platformStatus.type instead. - Platform PlatformType `json:"platform,omitempty"` - - // platformStatus holds status information specific to the underlying - // infrastructure provider. - // +optional - PlatformStatus *PlatformStatus `json:"platformStatus,omitempty"` - - // etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering - // etcd servers and clients. - // For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - EtcdDiscoveryDomain string `json:"etcdDiscoveryDomain"` - - // apiServerURL is a valid URI with scheme(http/https), address and - // port. apiServerURL can be used by components like the web console - // to tell users where to find the Kubernetes API. - APIServerURL string `json:"apiServerURL"` - - // apiServerInternalURL is a valid URI with scheme(http/https), - // address and port. apiServerInternalURL can be used by components - // like kubelets, to contact the Kubernetes API server using the - // infrastructure provider rather than Kubernetes networking. - APIServerInternalURL string `json:"apiServerInternalURI"` -} - -// PlatformType is a specific supported infrastructure provider. -type PlatformType string - -const ( - // AWSPlatformType represents Amazon Web Services infrastructure. - AWSPlatformType PlatformType = "AWS" - - // AzurePlatformType represents Microsoft Azure infrastructure. - AzurePlatformType PlatformType = "Azure" - - // BareMetalPlatformType represents managed bare metal infrastructure. - BareMetalPlatformType PlatformType = "BareMetal" - - // GCPPlatformType represents Google Cloud Platform infrastructure. - GCPPlatformType PlatformType = "GCP" - - // LibvirtPlatformType represents libvirt infrastructure. - LibvirtPlatformType PlatformType = "Libvirt" - - // OpenStackPlatformType represents OpenStack infrastructure. - OpenStackPlatformType PlatformType = "OpenStack" - - // NonePlatformType means there is no infrastructure provider. - NonePlatformType PlatformType = "None" - - // VSpherePlatformType represents VMWare vSphere infrastructure. - VSpherePlatformType PlatformType = "VSphere" - - // OvirtPlatformType represents oVirt/RHV infrastructure. - OvirtPlatformType PlatformType = "oVirt" - - // IBMCloudPlatformType represents IBM Cloud infrastructure. - IBMCloudPlatformType PlatformType = "IBMCloud" -) - -// IBMCloudProviderType is a specific supported IBM Cloud provider cluster type -type IBMCloudProviderType string - -const ( - // Classic means that the IBM Cloud cluster is using classic infrastructure - IBMCloudProviderTypeClassic IBMCloudProviderType = "Classic" - - // VPC means that the IBM Cloud cluster is using VPC infrastructure - IBMCloudProviderTypeVPC IBMCloudProviderType = "VPC" -) - -// PlatformStatus holds the current status specific to the underlying infrastructure provider -// of the current cluster. Since these are used at status-level for the underlying cluster, it -// is supposed that only one of the status structs is set. -type PlatformStatus struct { - // type is the underlying infrastructure provider for the cluster. This - // value controls whether infrastructure automation such as service load - // balancers, dynamic volume provisioning, machine creation and deletion, and - // other integrations are enabled. If None, no infrastructure automation is - // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - // "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support - // all platforms, and must handle unrecognized platforms as None if they do - // not support that platform. - Type PlatformType `json:"type"` - - // AWS contains settings specific to the Amazon Web Services infrastructure provider. - // +optional - AWS *AWSPlatformStatus `json:"aws,omitempty"` - - // Azure contains settings specific to the Azure infrastructure provider. - // +optional - Azure *AzurePlatformStatus `json:"azure,omitempty"` - - // GCP contains settings specific to the Google Cloud Platform infrastructure provider. - // +optional - GCP *GCPPlatformStatus `json:"gcp,omitempty"` - - // BareMetal contains settings specific to the BareMetal platform. - // +optional - BareMetal *BareMetalPlatformStatus `json:"baremetal,omitempty"` - - // OpenStack contains settings specific to the OpenStack infrastructure provider. - // +optional - OpenStack *OpenStackPlatformStatus `json:"openstack,omitempty"` - - // Ovirt contains settings specific to the oVirt infrastructure provider. - // +optional - Ovirt *OvirtPlatformStatus `json:"ovirt,omitempty"` - - // VSphere contains settings specific to the VSphere infrastructure provider. - // +optional - VSphere *VSpherePlatformStatus `json:"vsphere,omitempty"` - - // IBMCloud contains settings specific to the IBMCloud infrastructure provider. - // +optional - IBMCloud *IBMCloudPlatformStatus `json:"ibmcloud,omitempty"` -} - -// AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider. -type AWSPlatformStatus struct { - // region holds the default AWS region for new AWS resources created by the cluster. - Region string `json:"region"` -} - -// AzurePlatformStatus holds the current status of the Azure infrastructure provider. -type AzurePlatformStatus struct { - // resourceGroupName is the Resource Group for new Azure resources created for the cluster. - ResourceGroupName string `json:"resourceGroupName"` - - // networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. - // If empty, the value is same as ResourceGroupName. - // +optional - NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"` -} - -// GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. -type GCPPlatformStatus struct { - // resourceGroupName is the Project ID for new GCP resources created for the cluster. - ProjectID string `json:"projectID"` - - // region holds the region for new GCP resources created for the cluster. - Region string `json:"region"` -} - -// BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. -// For more information about the network architecture used with the BareMetal platform type, see: -// https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md -type BareMetalPlatformStatus struct { - // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used - // by components inside the cluster, like kubelets using the infrastructure rather - // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - // points to. It is the IP for a self-hosted load balancer in front of the API servers. - APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` - - // ingressIP is an external IP which routes to the default ingress controller. - // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. - IngressIP string `json:"ingressIP,omitempty"` - - // nodeDNSIP is the IP address for the internal DNS used by the - // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` - // provides name resolution for the nodes themselves. There is no DNS-as-a-service for - // BareMetal deployments. In order to minimize necessary changes to the - // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames - // to the nodes in the cluster. - NodeDNSIP string `json:"nodeDNSIP,omitempty"` -} - -// OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider. -type OpenStackPlatformStatus struct { - // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used - // by components inside the cluster, like kubelets using the infrastructure rather - // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - // points to. It is the IP for a self-hosted load balancer in front of the API servers. - APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` - - // cloudName is the name of the desired OpenStack cloud in the - // client configuration file (`clouds.yaml`). - CloudName string `json:"cloudName,omitempty"` - - // ingressIP is an external IP which routes to the default ingress controller. - // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. - IngressIP string `json:"ingressIP,omitempty"` - - // nodeDNSIP is the IP address for the internal DNS used by the - // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` - // provides name resolution for the nodes themselves. There is no DNS-as-a-service for - // OpenStack deployments. In order to minimize necessary changes to the - // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames - // to the nodes in the cluster. - NodeDNSIP string `json:"nodeDNSIP,omitempty"` -} - -// OvirtPlatformStatus holds the current status of the oVirt infrastructure provider. -type OvirtPlatformStatus struct { - // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used - // by components inside the cluster, like kubelets using the infrastructure rather - // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - // points to. It is the IP for a self-hosted load balancer in front of the API servers. - APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` - - // ingressIP is an external IP which routes to the default ingress controller. - // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. - IngressIP string `json:"ingressIP,omitempty"` - - // nodeDNSIP is the IP address for the internal DNS used by the - // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` - // provides name resolution for the nodes themselves. There is no DNS-as-a-service for - // oVirt deployments. In order to minimize necessary changes to the - // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames - // to the nodes in the cluster. - NodeDNSIP string `json:"nodeDNSIP,omitempty"` -} - -// VSpherePlatformStatus holds the current status of the vSphere infrastructure provider. -type VSpherePlatformStatus struct { - // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used - // by components inside the cluster, like kubelets using the infrastructure rather - // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - // points to. It is the IP for a self-hosted load balancer in front of the API servers. - APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` - - // ingressIP is an external IP which routes to the default ingress controller. - // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. - IngressIP string `json:"ingressIP,omitempty"` - - // nodeDNSIP is the IP address for the internal DNS used by the - // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` - // provides name resolution for the nodes themselves. There is no DNS-as-a-service for - // vSphere deployments. In order to minimize necessary changes to the - // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames - // to the nodes in the cluster. - NodeDNSIP string `json:"nodeDNSIP,omitempty"` -} - -//IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider. -type IBMCloudPlatformStatus struct { - // Location is where the cluster has been deployed - Location string `json:"location,omitempty"` - - // ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. - ResourceGroupName string `json:"resourceGroupName,omitempty"` - - // ProviderType indicates the type of cluster that was created - ProviderType IBMCloudProviderType `json:"providerType,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// InfrastructureList is -type InfrastructureList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Infrastructure `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_ingress.go b/vendor/github.com/openshift/api/config/v1/types_ingress.go deleted file mode 100644 index 0216919ad8e..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_ingress.go +++ /dev/null @@ -1,46 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Ingress holds cluster-wide information about ingress, including the default ingress domain -// used for routes. The canonical name is `cluster`. -type Ingress struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +kubebuilder:validation:Required - // +required - Spec IngressSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status IngressStatus `json:"status"` -} - -type IngressSpec struct { - // domain is used to generate a default host name for a route when the - // route's host name is empty. The generated host name will follow this - // pattern: "..". - // - // It is also used as the default wildcard domain suffix for ingress. The - // default ingresscontroller domain will follow this pattern: "*.". - // - // Once set, changing domain is not currently supported. - Domain string `json:"domain"` -} - -type IngressStatus struct { -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type IngressList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Ingress `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go deleted file mode 100644 index a09c5fe8ed3..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ /dev/null @@ -1,122 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. -// Please view network.spec for an explanation on what applies when configuring this resource. -type Network struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration. - // As a general rule, this SHOULD NOT be read directly. Instead, you should - // consume the NetworkStatus, as it indicates the currently deployed configuration. - // Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. - // +kubebuilder:validation:Required - // +required - Spec NetworkSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status NetworkStatus `json:"status"` -} - -// NetworkSpec is the desired network configuration. -// As a general rule, this SHOULD NOT be read directly. Instead, you should -// consume the NetworkStatus, as it indicates the currently deployed configuration. -// Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. -type NetworkSpec struct { - // IP address pool to use for pod IPs. - // This field is immutable after installation. - ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"` - - // IP address pool for services. - // Currently, we only support a single entry here. - // This field is immutable after installation. - ServiceNetwork []string `json:"serviceNetwork"` - - // NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). - // This should match a value that the cluster-network-operator understands, - // or else no networking will be installed. - // Currently supported values are: - // - OpenShiftSDN - // This field is immutable after installation. - NetworkType string `json:"networkType"` - - // externalIP defines configuration for controllers that - // affect Service.ExternalIP. If nil, then ExternalIP is - // not allowed to be set. - // +optional - ExternalIP *ExternalIPConfig `json:"externalIP,omitempty"` -} - -// NetworkStatus is the current network configuration. -type NetworkStatus struct { - // IP address pool to use for pod IPs. - ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork,omitempty"` - - // IP address pool for services. - // Currently, we only support a single entry here. - ServiceNetwork []string `json:"serviceNetwork,omitempty"` - - // NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). - NetworkType string `json:"networkType,omitempty"` - - // ClusterNetworkMTU is the MTU for inter-pod networking. - ClusterNetworkMTU int `json:"clusterNetworkMTU,omitempty"` -} - -// ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs -// are allocated. -type ClusterNetworkEntry struct { - // The complete block for pod IPs. - CIDR string `json:"cidr"` - - // The size (prefix) of block to allocate to each node. - // +kubebuilder:validation:Minimum=0 - HostPrefix uint32 `json:"hostPrefix"` -} - -// ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field -// of a Service resource. -type ExternalIPConfig struct { - // policy is a set of restrictions applied to the ExternalIP field. - // If nil or empty, then ExternalIP is not allowed to be set. - // +optional - Policy *ExternalIPPolicy `json:"policy,omitempty"` - - // autoAssignCIDRs is a list of CIDRs from which to automatically assign - // Service.ExternalIP. These are assigned when the service is of type - // LoadBalancer. In general, this is only useful for bare-metal clusters. - // In Openshift 3.x, this was misleadingly called "IngressIPs". - // Automatically assigned External IPs are not affected by any - // ExternalIPPolicy rules. - // Currently, only one entry may be provided. - // +optional - AutoAssignCIDRs []string `json:"autoAssignCIDRs,omitempty"` -} - -// ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP -// field in a Service. If the zero struct is supplied, then none are permitted. -// The policy controller always allows automatically assigned external IPs. -type ExternalIPPolicy struct { - // allowedCIDRs is the list of allowed CIDRs. - AllowedCIDRs []string `json:"allowedCIDRs,omitempty"` - - // rejectedCIDRs is the list of disallowed CIDRs. These take precedence - // over allowedCIDRs. - // +optional - RejectedCIDRs []string `json:"rejectedCIDRs,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type NetworkList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Network `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_oauth.go b/vendor/github.com/openshift/api/config/v1/types_oauth.go deleted file mode 100644 index 15bc5b1c1a4..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_oauth.go +++ /dev/null @@ -1,557 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// OAuth Server and Identity Provider Config - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. -// It is used to configure the integrated OAuth server. -// This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. -type OAuth struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata"` - - // +kubebuilder:validation:Required - // +required - Spec OAuthSpec `json:"spec"` - // +optional - Status OAuthStatus `json:"status"` -} - -// OAuthSpec contains desired cluster auth configuration -type OAuthSpec struct { - // identityProviders is an ordered list of ways for a user to identify themselves. - // When this list is empty, no identities are provisioned for users. - // +optional - IdentityProviders []IdentityProvider `json:"identityProviders,omitempty"` - - // tokenConfig contains options for authorization and access tokens - TokenConfig TokenConfig `json:"tokenConfig"` - - // templates allow you to customize pages like the login page. - // +optional - Templates OAuthTemplates `json:"templates"` -} - -// OAuthStatus shows current known state of OAuth server in the cluster -type OAuthStatus struct { - // TODO Fill in with status of identityProviders and templates (and maybe tokenConfig) -} - -// TokenConfig holds the necessary configuration options for authorization and access tokens -type TokenConfig struct { - // accessTokenMaxAgeSeconds defines the maximum age of access tokens - AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds"` - - // accessTokenInactivityTimeoutSeconds defines the default token - // inactivity timeout for tokens granted by any client. - // The value represents the maximum amount of time that can occur between - // consecutive uses of the token. Tokens become invalid if they are not - // used within this temporal window. The user will need to acquire a new - // token to regain access once a token times out. - // Valid values are integer values: - // x < 0 Tokens time out is enabled but tokens never timeout unless configured per client (e.g. `-1`) - // x = 0 Tokens time out is disabled (default) - // x > 0 Tokens time out if there is no activity for x seconds - // The current minimum allowed value for X is 300 (5 minutes) - // +optional - AccessTokenInactivityTimeoutSeconds int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty"` -} - -const ( - // LoginTemplateKey is the key of the login template in a secret - LoginTemplateKey = "login.html" - - // ProviderSelectionTemplateKey is the key for the provider selection template in a secret - ProviderSelectionTemplateKey = "providers.html" - - // ErrorsTemplateKey is the key for the errors template in a secret - ErrorsTemplateKey = "errors.html" - - // BindPasswordKey is the key for the LDAP bind password in a secret - BindPasswordKey = "bindPassword" - - // ClientSecretKey is the key for the oauth client secret data in a secret - ClientSecretKey = "clientSecret" - - // HTPasswdDataKey is the key for the htpasswd file data in a secret - HTPasswdDataKey = "htpasswd" -) - -// OAuthTemplates allow for customization of pages like the login page -type OAuthTemplates struct { - // login is the name of a secret that specifies a go template to use to render the login page. - // The key "login.html" is used to locate the template data. - // If specified and the secret or expected key is not found, the default login page is used. - // If the specified template is not valid, the default login page is used. - // If unspecified, the default login page is used. - // The namespace for this secret is openshift-config. - // +optional - Login SecretNameReference `json:"login"` - - // providerSelection is the name of a secret that specifies a go template to use to render - // the provider selection page. - // The key "providers.html" is used to locate the template data. - // If specified and the secret or expected key is not found, the default provider selection page is used. - // If the specified template is not valid, the default provider selection page is used. - // If unspecified, the default provider selection page is used. - // The namespace for this secret is openshift-config. - // +optional - ProviderSelection SecretNameReference `json:"providerSelection"` - - // error is the name of a secret that specifies a go template to use to render error pages - // during the authentication or grant flow. - // The key "errors.html" is used to locate the template data. - // If specified and the secret or expected key is not found, the default error page is used. - // If the specified template is not valid, the default error page is used. - // If unspecified, the default error page is used. - // The namespace for this secret is openshift-config. - // +optional - Error SecretNameReference `json:"error"` -} - -// IdentityProvider provides identities for users authenticating using credentials -type IdentityProvider struct { - // name is used to qualify the identities returned by this provider. - // - It MUST be unique and not shared by any other identity provider used - // - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" - // Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName - Name string `json:"name"` - - // mappingMethod determines how identities from this provider are mapped to users - // Defaults to "claim" - // +optional - MappingMethod MappingMethodType `json:"mappingMethod,omitempty"` - - IdentityProviderConfig `json:",inline"` -} - -// MappingMethodType specifies how new identities should be mapped to users when they log in -type MappingMethodType string - -const ( - // MappingMethodClaim provisions a user with the identity’s preferred user name. Fails if a user - // with that user name is already mapped to another identity. - // Default. - MappingMethodClaim MappingMethodType = "claim" - - // MappingMethodLookup looks up existing users already mapped to an identity but does not - // automatically provision users or identities. Requires identities and users be set up - // manually or using an external process. - MappingMethodLookup MappingMethodType = "lookup" - - // MappingMethodAdd provisions a user with the identity’s preferred user name. If a user with - // that user name already exists, the identity is mapped to the existing user, adding to any - // existing identity mappings for the user. - MappingMethodAdd MappingMethodType = "add" -) - -type IdentityProviderType string - -const ( - // IdentityProviderTypeBasicAuth provides identities for users authenticating with HTTP Basic Auth - IdentityProviderTypeBasicAuth IdentityProviderType = "BasicAuth" - - // IdentityProviderTypeGitHub provides identities for users authenticating using GitHub credentials - IdentityProviderTypeGitHub IdentityProviderType = "GitHub" - - // IdentityProviderTypeGitLab provides identities for users authenticating using GitLab credentials - IdentityProviderTypeGitLab IdentityProviderType = "GitLab" - - // IdentityProviderTypeGoogle provides identities for users authenticating using Google credentials - IdentityProviderTypeGoogle IdentityProviderType = "Google" - - // IdentityProviderTypeHTPasswd provides identities from an HTPasswd file - IdentityProviderTypeHTPasswd IdentityProviderType = "HTPasswd" - - // IdentityProviderTypeKeystone provides identitities for users authenticating using keystone password credentials - IdentityProviderTypeKeystone IdentityProviderType = "Keystone" - - // IdentityProviderTypeLDAP provides identities for users authenticating using LDAP credentials - IdentityProviderTypeLDAP IdentityProviderType = "LDAP" - - // IdentityProviderTypeOpenID provides identities for users authenticating using OpenID credentials - IdentityProviderTypeOpenID IdentityProviderType = "OpenID" - - // IdentityProviderTypeRequestHeader provides identities for users authenticating using request header credentials - IdentityProviderTypeRequestHeader IdentityProviderType = "RequestHeader" -) - -// IdentityProviderConfig contains configuration for using a specific identity provider -type IdentityProviderConfig struct { - // type identifies the identity provider type for this entry. - Type IdentityProviderType `json:"type"` - - // Provider-specific configuration - // The json tag MUST match the `Type` specified above, case-insensitively - // e.g. For `Type: "LDAP"`, the `ldap` configuration should be provided - - // basicAuth contains configuration options for the BasicAuth IdP - // +optional - BasicAuth *BasicAuthIdentityProvider `json:"basicAuth,omitempty"` - - // github enables user authentication using GitHub credentials - // +optional - GitHub *GitHubIdentityProvider `json:"github,omitempty"` - - // gitlab enables user authentication using GitLab credentials - // +optional - GitLab *GitLabIdentityProvider `json:"gitlab,omitempty"` - - // google enables user authentication using Google credentials - // +optional - Google *GoogleIdentityProvider `json:"google,omitempty"` - - // htpasswd enables user authentication using an HTPasswd file to validate credentials - // +optional - HTPasswd *HTPasswdIdentityProvider `json:"htpasswd,omitempty"` - - // keystone enables user authentication using keystone password credentials - // +optional - Keystone *KeystoneIdentityProvider `json:"keystone,omitempty"` - - // ldap enables user authentication using LDAP credentials - // +optional - LDAP *LDAPIdentityProvider `json:"ldap,omitempty"` - - // openID enables user authentication using OpenID credentials - // +optional - OpenID *OpenIDIdentityProvider `json:"openID,omitempty"` - - // requestHeader enables user authentication using request header credentials - // +optional - RequestHeader *RequestHeaderIdentityProvider `json:"requestHeader,omitempty"` -} - -// BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials -type BasicAuthIdentityProvider struct { - // OAuthRemoteConnectionInfo contains information about how to connect to the external basic auth server - OAuthRemoteConnectionInfo `json:",inline"` -} - -// OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection -type OAuthRemoteConnectionInfo struct { - // url is the remote URL to connect to - URL string `json:"url"` - - // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - // It is used as a trust anchor to validate the TLS certificate presented by the remote server. - // The key "ca.crt" is used to locate the data. - // If specified and the config map or expected key is not found, the identity provider is not honored. - // If the specified ca data is not valid, the identity provider is not honored. - // If empty, the default system roots are used. - // The namespace for this config map is openshift-config. - // +optional - CA ConfigMapNameReference `json:"ca"` - - // tlsClientCert is an optional reference to a secret by name that contains the - // PEM-encoded TLS client certificate to present when connecting to the server. - // The key "tls.crt" is used to locate the data. - // If specified and the secret or expected key is not found, the identity provider is not honored. - // If the specified certificate data is not valid, the identity provider is not honored. - // The namespace for this secret is openshift-config. - // +optional - TLSClientCert SecretNameReference `json:"tlsClientCert"` - - // tlsClientKey is an optional reference to a secret by name that contains the - // PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - // The key "tls.key" is used to locate the data. - // If specified and the secret or expected key is not found, the identity provider is not honored. - // If the specified certificate data is not valid, the identity provider is not honored. - // The namespace for this secret is openshift-config. - // +optional - TLSClientKey SecretNameReference `json:"tlsClientKey"` -} - -// HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials -type HTPasswdIdentityProvider struct { - // fileData is a required reference to a secret by name containing the data to use as the htpasswd file. - // The key "htpasswd" is used to locate the data. - // If the secret or expected key is not found, the identity provider is not honored. - // If the specified htpasswd data is not valid, the identity provider is not honored. - // The namespace for this secret is openshift-config. - FileData SecretNameReference `json:"fileData"` -} - -// LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials -type LDAPIdentityProvider struct { - // url is an RFC 2255 URL which specifies the LDAP search parameters to use. - // The syntax of the URL is: - // ldap://host:port/basedn?attribute?scope?filter - URL string `json:"url"` - - // bindDN is an optional DN to bind with during the search phase. - // +optional - BindDN string `json:"bindDN"` - - // bindPassword is an optional reference to a secret by name - // containing a password to bind with during the search phase. - // The key "bindPassword" is used to locate the data. - // If specified and the secret or expected key is not found, the identity provider is not honored. - // The namespace for this secret is openshift-config. - // +optional - BindPassword SecretNameReference `json:"bindPassword"` - - // insecure, if true, indicates the connection should not use TLS - // WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always - // attempt to connect using TLS, even when `insecure` is set to `true` - // When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to - // a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830. - Insecure bool `json:"insecure"` - - // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - // It is used as a trust anchor to validate the TLS certificate presented by the remote server. - // The key "ca.crt" is used to locate the data. - // If specified and the config map or expected key is not found, the identity provider is not honored. - // If the specified ca data is not valid, the identity provider is not honored. - // If empty, the default system roots are used. - // The namespace for this config map is openshift-config. - // +optional - CA ConfigMapNameReference `json:"ca"` - - // attributes maps LDAP attributes to identities - Attributes LDAPAttributeMapping `json:"attributes"` -} - -// LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields -type LDAPAttributeMapping struct { - // id is the list of attributes whose values should be used as the user ID. Required. - // First non-empty attribute is used. At least one attribute is required. If none of the listed - // attribute have a value, authentication fails. - // LDAP standard identity attribute is "dn" - ID []string `json:"id"` - - // preferredUsername is the list of attributes whose values should be used as the preferred username. - // LDAP standard login attribute is "uid" - // +optional - PreferredUsername []string `json:"preferredUsername,omitempty"` - - // name is the list of attributes whose values should be used as the display name. Optional. - // If unspecified, no display name is set for the identity - // LDAP standard display name attribute is "cn" - // +optional - Name []string `json:"name,omitempty"` - - // email is the list of attributes whose values should be used as the email address. Optional. - // If unspecified, no email is set for the identity - // +optional - Email []string `json:"email,omitempty"` -} - -// KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials -type KeystoneIdentityProvider struct { - // OAuthRemoteConnectionInfo contains information about how to connect to the keystone server - OAuthRemoteConnectionInfo `json:",inline"` - - // domainName is required for keystone v3 - DomainName string `json:"domainName"` - - // TODO if we ever add support for 3.11 to 4.0 upgrades, add this configuration - // useUsernameIdentity indicates that users should be authenticated by username, not keystone ID - // DEPRECATED - only use this option for legacy systems to ensure backwards compatibility - // +optional - // UseUsernameIdentity bool `json:"useUsernameIdentity"` -} - -// RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials -type RequestHeaderIdentityProvider struct { - // loginURL is a URL to redirect unauthenticated /authorize requests to - // Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here - // ${url} is replaced with the current URL, escaped to be safe in a query parameter - // https://www.example.com/sso-login?then=${url} - // ${query} is replaced with the current query string - // https://www.example.com/auth-proxy/oauth/authorize?${query} - // Required when login is set to true. - LoginURL string `json:"loginURL"` - - // challengeURL is a URL to redirect unauthenticated /authorize requests to - // Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be - // redirected here. - // ${url} is replaced with the current URL, escaped to be safe in a query parameter - // https://www.example.com/sso-login?then=${url} - // ${query} is replaced with the current query string - // https://www.example.com/auth-proxy/oauth/authorize?${query} - // Required when challenge is set to true. - ChallengeURL string `json:"challengeURL"` - - // ca is a required reference to a config map by name containing the PEM-encoded CA bundle. - // It is used as a trust anchor to validate the TLS certificate presented by the remote server. - // Specifically, it allows verification of incoming requests to prevent header spoofing. - // The key "ca.crt" is used to locate the data. - // If the config map or expected key is not found, the identity provider is not honored. - // If the specified ca data is not valid, the identity provider is not honored. - // The namespace for this config map is openshift-config. - ClientCA ConfigMapNameReference `json:"ca"` - - // clientCommonNames is an optional list of common names to require a match from. If empty, any - // client certificate validated against the clientCA bundle is considered authoritative. - // +optional - ClientCommonNames []string `json:"clientCommonNames,omitempty"` - - // headers is the set of headers to check for identity information - Headers []string `json:"headers"` - - // preferredUsernameHeaders is the set of headers to check for the preferred username - PreferredUsernameHeaders []string `json:"preferredUsernameHeaders"` - - // nameHeaders is the set of headers to check for the display name - NameHeaders []string `json:"nameHeaders"` - - // emailHeaders is the set of headers to check for the email address - EmailHeaders []string `json:"emailHeaders"` -} - -// GitHubIdentityProvider provides identities for users authenticating using GitHub credentials -type GitHubIdentityProvider struct { - // clientID is the oauth client ID - ClientID string `json:"clientID"` - - // clientSecret is a required reference to the secret by name containing the oauth client secret. - // The key "clientSecret" is used to locate the data. - // If the secret or expected key is not found, the identity provider is not honored. - // The namespace for this secret is openshift-config. - ClientSecret SecretNameReference `json:"clientSecret"` - - // organizations optionally restricts which organizations are allowed to log in - // +optional - Organizations []string `json:"organizations,omitempty"` - - // teams optionally restricts which teams are allowed to log in. Format is /. - // +optional - Teams []string `json:"teams,omitempty"` - - // hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of - // GitHub Enterprise. - // It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. - // +optional - Hostname string `json:"hostname"` - - // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - // It is used as a trust anchor to validate the TLS certificate presented by the remote server. - // The key "ca.crt" is used to locate the data. - // If specified and the config map or expected key is not found, the identity provider is not honored. - // If the specified ca data is not valid, the identity provider is not honored. - // If empty, the default system roots are used. - // This can only be configured when hostname is set to a non-empty value. - // The namespace for this config map is openshift-config. - // +optional - CA ConfigMapNameReference `json:"ca"` -} - -// GitLabIdentityProvider provides identities for users authenticating using GitLab credentials -type GitLabIdentityProvider struct { - // clientID is the oauth client ID - ClientID string `json:"clientID"` - - // clientSecret is a required reference to the secret by name containing the oauth client secret. - // The key "clientSecret" is used to locate the data. - // If the secret or expected key is not found, the identity provider is not honored. - // The namespace for this secret is openshift-config. - ClientSecret SecretNameReference `json:"clientSecret"` - - // url is the oauth server base URL - URL string `json:"url"` - - // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - // It is used as a trust anchor to validate the TLS certificate presented by the remote server. - // The key "ca.crt" is used to locate the data. - // If specified and the config map or expected key is not found, the identity provider is not honored. - // If the specified ca data is not valid, the identity provider is not honored. - // If empty, the default system roots are used. - // The namespace for this config map is openshift-config. - // +optional - CA ConfigMapNameReference `json:"ca"` -} - -// GoogleIdentityProvider provides identities for users authenticating using Google credentials -type GoogleIdentityProvider struct { - // clientID is the oauth client ID - ClientID string `json:"clientID"` - - // clientSecret is a required reference to the secret by name containing the oauth client secret. - // The key "clientSecret" is used to locate the data. - // If the secret or expected key is not found, the identity provider is not honored. - // The namespace for this secret is openshift-config. - ClientSecret SecretNameReference `json:"clientSecret"` - - // hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to - // +optional - HostedDomain string `json:"hostedDomain"` -} - -// OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials -type OpenIDIdentityProvider struct { - // clientID is the oauth client ID - ClientID string `json:"clientID"` - - // clientSecret is a required reference to the secret by name containing the oauth client secret. - // The key "clientSecret" is used to locate the data. - // If the secret or expected key is not found, the identity provider is not honored. - // The namespace for this secret is openshift-config. - ClientSecret SecretNameReference `json:"clientSecret"` - - // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - // It is used as a trust anchor to validate the TLS certificate presented by the remote server. - // The key "ca.crt" is used to locate the data. - // If specified and the config map or expected key is not found, the identity provider is not honored. - // If the specified ca data is not valid, the identity provider is not honored. - // If empty, the default system roots are used. - // The namespace for this config map is openshift-config. - // +optional - CA ConfigMapNameReference `json:"ca"` - - // extraScopes are any scopes to request in addition to the standard "openid" scope. - // +optional - ExtraScopes []string `json:"extraScopes,omitempty"` - - // extraAuthorizeParameters are any custom parameters to add to the authorize request. - // +optional - ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters,omitempty"` - - // issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. - // It must use the https scheme with no query or fragment component. - Issuer string `json:"issuer"` - - // claims mappings - Claims OpenIDClaims `json:"claims"` -} - -// UserIDClaim is the claim used to provide a stable identifier for OIDC identities. -// Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability -// "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can -// rely upon as a stable identifier for the End-User, since the sub Claim MUST be locally unique -// and never reassigned within the Issuer for a particular End-User, as described in Section 2. -// Therefore, the only guaranteed unique identifier for a given End-User is the combination of the -// iss Claim and the sub Claim." -const UserIDClaim = "sub" - -// OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider -type OpenIDClaims struct { - // preferredUsername is the list of claims whose values should be used as the preferred username. - // If unspecified, the preferred username is determined from the value of the sub claim - // +optional - PreferredUsername []string `json:"preferredUsername,omitempty"` - - // name is the list of claims whose values should be used as the display name. Optional. - // If unspecified, no display name is set for the identity - // +optional - Name []string `json:"name,omitempty"` - - // email is the list of claims whose values should be used as the email address. Optional. - // If unspecified, no email is set for the identity - // +optional - Email []string `json:"email,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type OAuthList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []OAuth `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go deleted file mode 100644 index 1b2b7f82e9e..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go +++ /dev/null @@ -1,79 +0,0 @@ -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// OperatorHubSpec defines the desired state of OperatorHub -type OperatorHubSpec struct { - // disableAllDefaultSources allows you to disable all the default hub - // sources. If this is true, a specific entry in sources can be used to - // enable a default source. If this is false, a specific entry in - // sources can be used to disable or enable a default source. - // +optional - DisableAllDefaultSources bool `json:"disableAllDefaultSources,omitempty"` - // sources is the list of default hub sources and their configuration. - // If the list is empty, it implies that the default hub sources are - // enabled on the cluster unless disableAllDefaultSources is true. - // If disableAllDefaultSources is true and sources is not empty, - // the configuration present in sources will take precedence. The list of - // default hub sources and their current state will always be reflected in - // the status block. - // +optional - Sources []HubSource `json:"sources,omitempty"` -} - -// OperatorHubStatus defines the observed state of OperatorHub. The current -// state of the default hub sources will always be reflected here. -type OperatorHubStatus struct { - // sources encapsulates the result of applying the configuration for each - // hub source - Sources []HubSourceStatus `json:"sources,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// OperatorHub is the Schema for the operatorhubs API. It can be used to change -// the state of the default hub sources for OperatorHub on the cluster from -// enabled to disabled and vice versa. -// +kubebuilder:subresource:status -// +genclient -// +genclient:nonNamespaced -type OperatorHub struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata"` - - Spec OperatorHubSpec `json:"spec"` - Status OperatorHubStatus `json:"status"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// OperatorHubList contains a list of OperatorHub -type OperatorHubList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - Items []OperatorHub `json:"items"` -} - -// HubSource is used to specify the hub source and its configuration -type HubSource struct { - // name is the name of one of the default hub sources - // +kubebuilder:validation:MaxLength=253 - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:Required - Name string `json:"name"` - // disabled is used to disable a default hub source on cluster - // +kubebuilder:Required - Disabled bool `json:"disabled"` -} - -// HubSourceStatus is used to reflect the current state of applying the -// configuration to a default source -type HubSourceStatus struct { - HubSource `json:",omitempty"` - // status indicates success or failure in applying the configuration - Status string `json:"status,omitempty"` - // message provides more information regarding failures - Message string `json:"message,omitempty"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_project.go b/vendor/github.com/openshift/api/config/v1/types_project.go deleted file mode 100644 index 244ce3ef8fd..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_project.go +++ /dev/null @@ -1,54 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Project holds cluster-wide information about Project. The canonical name is `cluster` -type Project struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +kubebuilder:validation:Required - // +required - Spec ProjectSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status ProjectStatus `json:"status"` -} - -// TemplateReference references a template in a specific namespace. -// The namespace must be specified at the point of use. -type TemplateReference struct { - // name is the metadata.name of the referenced project request template - Name string `json:"name"` -} - -// ProjectSpec holds the project creation configuration. -type ProjectSpec struct { - // projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint - // +optional - ProjectRequestMessage string `json:"projectRequestMessage"` - - // projectRequestTemplate is the template to use for creating projects in response to projectrequest. - // This must point to a template in 'openshift-config' namespace. It is optional. - // If it is not specified, a default template is used. - // - // +optional - ProjectRequestTemplate TemplateReference `json:"projectRequestTemplate"` -} - -type ProjectStatus struct { -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type ProjectList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Project `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_proxy.go b/vendor/github.com/openshift/api/config/v1/types_proxy.go deleted file mode 100644 index 211e501e08c..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_proxy.go +++ /dev/null @@ -1,94 +0,0 @@ -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` -type Proxy struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // Spec holds user-settable values for the proxy configuration - // +kubebuilder:validation:Required - // +required - Spec ProxySpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status ProxyStatus `json:"status"` -} - -// ProxySpec contains cluster proxy creation configuration. -type ProxySpec struct { - // httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. - // +optional - HTTPProxy string `json:"httpProxy,omitempty"` - - // httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. - // +optional - HTTPSProxy string `json:"httpsProxy,omitempty"` - - // noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. - // Empty means unset and will not result in an env var. - // +optional - NoProxy string `json:"noProxy,omitempty"` - - // readinessEndpoints is a list of endpoints used to verify readiness of the proxy. - // +optional - ReadinessEndpoints []string `json:"readinessEndpoints,omitempty"` - - // trustedCA is a reference to a ConfigMap containing a CA certificate bundle. - // The trustedCA field should only be consumed by a proxy validator. The - // validator is responsible for reading the certificate bundle from the required - // key "ca-bundle.crt", merging it with the system default trust bundle, - // and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" - // in the "openshift-config-managed" namespace. Clients that expect to make - // proxy connections must use the trusted-ca-bundle for all HTTPS requests to - // the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as - // well. - // - // The namespace for the ConfigMap referenced by trustedCA is - // "openshift-config". Here is an example ConfigMap (in yaml): - // - // apiVersion: v1 - // kind: ConfigMap - // metadata: - // name: user-ca-bundle - // namespace: openshift-config - // data: - // ca-bundle.crt: | - // -----BEGIN CERTIFICATE----- - // Custom CA certificate bundle. - // -----END CERTIFICATE----- - // - // +optional - TrustedCA ConfigMapNameReference `json:"trustedCA,omitempty"` -} - -// ProxyStatus shows current known state of the cluster proxy. -type ProxyStatus struct { - // httpProxy is the URL of the proxy for HTTP requests. - // +optional - HTTPProxy string `json:"httpProxy,omitempty"` - - // httpsProxy is the URL of the proxy for HTTPS requests. - // +optional - HTTPSProxy string `json:"httpsProxy,omitempty"` - - // noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. - // +optional - NoProxy string `json:"noProxy,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type ProxyList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Proxy `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_scheduling.go b/vendor/github.com/openshift/api/config/v1/types_scheduling.go deleted file mode 100644 index d5bf0c36275..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go +++ /dev/null @@ -1,74 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Scheduler holds cluster-wide config information to run the Kubernetes Scheduler -// and influence its placement decisions. The canonical name for this config is `cluster`. -type Scheduler struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +kubebuilder:validation:Required - // +required - Spec SchedulerSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - // +optional - Status SchedulerStatus `json:"status"` -} - -type SchedulerSpec struct { - // policy is a reference to a ConfigMap containing scheduler policy which has - // user specified predicates and priorities. If this ConfigMap is not available - // scheduler will default to use DefaultAlgorithmProvider. - // The namespace for this configmap is openshift-config. - // +optional - Policy ConfigMapNameReference `json:"policy"` - // defaultNodeSelector helps set the cluster-wide default node selector to - // restrict pod placement to specific nodes. This is applied to the pods - // created in all namespaces without a specified nodeSelector value. - // For example, - // defaultNodeSelector: "type=user-node,region=east" would set nodeSelector - // field in pod spec to "type=user-node,region=east" to all pods created - // in all namespaces. Namespaces having project-wide node selectors won't be - // impacted even if this field is set. This adds an annotation section to - // the namespace. - // For example, if a new namespace is created with - // node-selector='type=user-node,region=east', - // the annotation openshift.io/node-selector: type=user-node,region=east - // gets added to the project. When the openshift.io/node-selector annotation - // is set on the project the value is used in preference to the value we are setting - // for defaultNodeSelector field. - // For instance, - // openshift.io/node-selector: "type=user-node,region=west" means - // that the default of "type=user-node,region=east" set in defaultNodeSelector - // would not be applied. - // +optional - DefaultNodeSelector string `json:"defaultNodeSelector,omitempty"` - // MastersSchedulable allows masters nodes to be schedulable. When this flag is - // turned on, all the master nodes in the cluster will be made schedulable, - // so that workload pods can run on them. The default value for this field is false, - // meaning none of the master nodes are schedulable. - // Important Note: Once the workload pods start running on the master nodes, - // extreme care must be taken to ensure that cluster-critical control plane components - // are not impacted. - // Please turn on this field after doing due diligence. - // +optional - MastersSchedulable bool `json:"mastersSchedulable"` -} - -type SchedulerStatus struct { -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type SchedulerList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - - Items []Scheduler `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go deleted file mode 100644 index 9dbacb99668..00000000000 --- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go +++ /dev/null @@ -1,262 +0,0 @@ -package v1 - -// TLSSecurityProfile defines the schema for a TLS security profile. This object -// is used by operators to apply TLS security settings to operands. -// +union -type TLSSecurityProfile struct { - // type is one of Old, Intermediate, Modern or Custom. Custom provides - // the ability to specify individual TLS security profile parameters. - // Old, Intermediate and Modern are TLS security profiles based on: - // - // https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - // - // The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers - // are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be - // reduced. - // - // Note that the Modern profile is currently not supported because it is not - // yet well adopted by common software libraries. - // - // +unionDiscriminator - // +optional - Type TLSProfileType `json:"type"` - // old is a TLS security profile based on: - // - // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - // - // and looks like this (yaml): - // - // ciphers: - // - TLS_AES_128_GCM_SHA256 - // - TLS_AES_256_GCM_SHA384 - // - TLS_CHACHA20_POLY1305_SHA256 - // - ECDHE-ECDSA-AES128-GCM-SHA256 - // - ECDHE-RSA-AES128-GCM-SHA256 - // - ECDHE-ECDSA-AES256-GCM-SHA384 - // - ECDHE-RSA-AES256-GCM-SHA384 - // - ECDHE-ECDSA-CHACHA20-POLY1305 - // - ECDHE-RSA-CHACHA20-POLY1305 - // - DHE-RSA-AES128-GCM-SHA256 - // - DHE-RSA-AES256-GCM-SHA384 - // - DHE-RSA-CHACHA20-POLY1305 - // - ECDHE-ECDSA-AES128-SHA256 - // - ECDHE-RSA-AES128-SHA256 - // - ECDHE-ECDSA-AES128-SHA - // - ECDHE-RSA-AES128-SHA - // - ECDHE-ECDSA-AES256-SHA384 - // - ECDHE-RSA-AES256-SHA384 - // - ECDHE-ECDSA-AES256-SHA - // - ECDHE-RSA-AES256-SHA - // - DHE-RSA-AES128-SHA256 - // - DHE-RSA-AES256-SHA256 - // - AES128-GCM-SHA256 - // - AES256-GCM-SHA384 - // - AES128-SHA256 - // - AES256-SHA256 - // - AES128-SHA - // - AES256-SHA - // - DES-CBC3-SHA - // minTLSVersion: TLSv1.0 - // - // +optional - // +nullable - Old *OldTLSProfile `json:"old,omitempty"` - // intermediate is a TLS security profile based on: - // - // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - // - // and looks like this (yaml): - // - // ciphers: - // - TLS_AES_128_GCM_SHA256 - // - TLS_AES_256_GCM_SHA384 - // - TLS_CHACHA20_POLY1305_SHA256 - // - ECDHE-ECDSA-AES128-GCM-SHA256 - // - ECDHE-RSA-AES128-GCM-SHA256 - // - ECDHE-ECDSA-AES256-GCM-SHA384 - // - ECDHE-RSA-AES256-GCM-SHA384 - // - ECDHE-ECDSA-CHACHA20-POLY1305 - // - ECDHE-RSA-CHACHA20-POLY1305 - // - DHE-RSA-AES128-GCM-SHA256 - // - DHE-RSA-AES256-GCM-SHA384 - // minTLSVersion: TLSv1.2 - // - // +optional - // +nullable - Intermediate *IntermediateTLSProfile `json:"intermediate,omitempty"` - // modern is a TLS security profile based on: - // - // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - // - // and looks like this (yaml): - // - // ciphers: - // - TLS_AES_128_GCM_SHA256 - // - TLS_AES_256_GCM_SHA384 - // - TLS_CHACHA20_POLY1305_SHA256 - // minTLSVersion: TLSv1.3 - // - // NOTE: Currently unsupported. - // - // +optional - // +nullable - Modern *ModernTLSProfile `json:"modern,omitempty"` - // custom is a user-defined TLS security profile. Be extremely careful using a custom - // profile as invalid configurations can be catastrophic. An example custom profile - // looks like this: - // - // ciphers: - // - ECDHE-ECDSA-CHACHA20-POLY1305 - // - ECDHE-RSA-CHACHA20-POLY1305 - // - ECDHE-RSA-AES128-GCM-SHA256 - // - ECDHE-ECDSA-AES128-GCM-SHA256 - // minTLSVersion: TLSv1.1 - // - // +optional - // +nullable - Custom *CustomTLSProfile `json:"custom,omitempty"` -} - -// OldTLSProfile is a TLS security profile based on: -// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility -type OldTLSProfile struct{} - -// IntermediateTLSProfile is a TLS security profile based on: -// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 -type IntermediateTLSProfile struct{} - -// ModernTLSProfile is a TLS security profile based on: -// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility -type ModernTLSProfile struct{} - -// CustomTLSProfile is a user-defined TLS security profile. Be extremely careful -// using a custom TLS profile as invalid configurations can be catastrophic. -type CustomTLSProfile struct { - TLSProfileSpec `json:",inline"` -} - -// TLSProfileType defines a TLS security profile type. -// +kubebuilder:validation:Enum=Old;Intermediate;Modern;Custom -type TLSProfileType string - -const ( - // Old is a TLS security profile based on: - // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - TLSProfileOldType TLSProfileType = "Old" - // Intermediate is a TLS security profile based on: - // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 - TLSProfileIntermediateType TLSProfileType = "Intermediate" - // Modern is a TLS security profile based on: - // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - TLSProfileModernType TLSProfileType = "Modern" - // Custom is a TLS security profile that allows for user-defined parameters. - TLSProfileCustomType TLSProfileType = "Custom" -) - -// TLSProfileSpec is the desired behavior of a TLSSecurityProfile. -type TLSProfileSpec struct { - // ciphers is used to specify the cipher algorithms that are negotiated - // during the TLS handshake. Operators may remove entries their operands - // do not support. For example, to use DES-CBC3-SHA (yaml): - // - // ciphers: - // - DES-CBC3-SHA - // - Ciphers []string `json:"ciphers"` - // minTLSVersion is used to specify the minimal version of the TLS protocol - // that is negotiated during the TLS handshake. For example, to use TLS - // versions 1.1, 1.2 and 1.3 (yaml): - // - // minTLSVersion: TLSv1.1 - // - // NOTE: currently the highest minTLSVersion allowed is VersionTLS12 - // - MinTLSVersion TLSProtocolVersion `json:"minTLSVersion"` -} - -// TLSProtocolVersion is a way to specify the protocol version used for TLS connections. -// Protocol versions are based on the following most common TLS configurations: -// -// https://ssl-config.mozilla.org/ -// -// Note that SSLv3.0 is not a supported protocol version due to well known -// vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE -// +kubebuilder:validation:Enum=VersionTLS10;VersionTLS11;VersionTLS12;VersionTLS13 -type TLSProtocolVersion string - -const ( - // VersionTLSv10 is version 1.0 of the TLS security protocol. - VersionTLS10 TLSProtocolVersion = "VersionTLS10" - // VersionTLSv11 is version 1.1 of the TLS security protocol. - VersionTLS11 TLSProtocolVersion = "VersionTLS11" - // VersionTLSv12 is version 1.2 of the TLS security protocol. - VersionTLS12 TLSProtocolVersion = "VersionTLS12" - // VersionTLSv13 is version 1.3 of the TLS security protocol. - VersionTLS13 TLSProtocolVersion = "VersionTLS13" -) - -// TLSProfiles Contains a map of TLSProfileType names to TLSProfileSpec. -// -// NOTE: The caller needs to make sure to check that these constants are valid for their binary. Not all -// entries map to values for all binaries. In the case of ties, the kube-apiserver wins. Do not fail, -// just be sure to whitelist only and everything will be ok. -var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ - TLSProfileOldType: { - Ciphers: []string{ - "TLS_AES_128_GCM_SHA256", - "TLS_AES_256_GCM_SHA384", - "TLS_CHACHA20_POLY1305_SHA256", - "ECDHE-ECDSA-AES128-GCM-SHA256", - "ECDHE-RSA-AES128-GCM-SHA256", - "ECDHE-ECDSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES256-GCM-SHA384", - "ECDHE-ECDSA-CHACHA20-POLY1305", - "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - "DHE-RSA-CHACHA20-POLY1305", - "ECDHE-ECDSA-AES128-SHA256", - "ECDHE-RSA-AES128-SHA256", - "ECDHE-ECDSA-AES128-SHA", - "ECDHE-RSA-AES128-SHA", - "ECDHE-ECDSA-AES256-SHA384", - "ECDHE-RSA-AES256-SHA384", - "ECDHE-ECDSA-AES256-SHA", - "ECDHE-RSA-AES256-SHA", - "DHE-RSA-AES128-SHA256", - "DHE-RSA-AES256-SHA256", - "AES128-GCM-SHA256", - "AES256-GCM-SHA384", - "AES128-SHA256", - "AES256-SHA256", - "AES128-SHA", - "AES256-SHA", - "DES-CBC3-SHA", - }, - MinTLSVersion: VersionTLS10, - }, - TLSProfileIntermediateType: { - Ciphers: []string{ - "TLS_AES_128_GCM_SHA256", - "TLS_AES_256_GCM_SHA384", - "TLS_CHACHA20_POLY1305_SHA256", - "ECDHE-ECDSA-AES128-GCM-SHA256", - "ECDHE-RSA-AES128-GCM-SHA256", - "ECDHE-ECDSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES256-GCM-SHA384", - "ECDHE-ECDSA-CHACHA20-POLY1305", - "ECDHE-RSA-CHACHA20-POLY1305", - "DHE-RSA-AES128-GCM-SHA256", - "DHE-RSA-AES256-GCM-SHA384", - }, - MinTLSVersion: VersionTLS12, - }, - TLSProfileModernType: { - Ciphers: []string{ - "TLS_AES_128_GCM_SHA256", - "TLS_AES_256_GCM_SHA384", - "TLS_CHACHA20_POLY1305_SHA256", - }, - MinTLSVersion: VersionTLS13, - }, -} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go deleted file mode 100644 index 4b666fe2df6..00000000000 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,3407 +0,0 @@ -// +build !ignore_autogenerated - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -import ( - corev1 "k8s.io/api/core/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *APIServer) DeepCopyInto(out *APIServer) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServer. -func (in *APIServer) DeepCopy() *APIServer { - if in == nil { - return nil - } - out := new(APIServer) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *APIServer) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *APIServerEncryption) DeepCopyInto(out *APIServerEncryption) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerEncryption. -func (in *APIServerEncryption) DeepCopy() *APIServerEncryption { - if in == nil { - return nil - } - out := new(APIServerEncryption) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *APIServerList) DeepCopyInto(out *APIServerList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]APIServer, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerList. -func (in *APIServerList) DeepCopy() *APIServerList { - if in == nil { - return nil - } - out := new(APIServerList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *APIServerList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *APIServerNamedServingCert) DeepCopyInto(out *APIServerNamedServingCert) { - *out = *in - if in.Names != nil { - in, out := &in.Names, &out.Names - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.ServingCertificate = in.ServingCertificate - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerNamedServingCert. -func (in *APIServerNamedServingCert) DeepCopy() *APIServerNamedServingCert { - if in == nil { - return nil - } - out := new(APIServerNamedServingCert) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *APIServerServingCerts) DeepCopyInto(out *APIServerServingCerts) { - *out = *in - if in.NamedCertificates != nil { - in, out := &in.NamedCertificates, &out.NamedCertificates - *out = make([]APIServerNamedServingCert, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerServingCerts. -func (in *APIServerServingCerts) DeepCopy() *APIServerServingCerts { - if in == nil { - return nil - } - out := new(APIServerServingCerts) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *APIServerSpec) DeepCopyInto(out *APIServerSpec) { - *out = *in - in.ServingCerts.DeepCopyInto(&out.ServingCerts) - out.ClientCA = in.ClientCA - if in.AdditionalCORSAllowedOrigins != nil { - in, out := &in.AdditionalCORSAllowedOrigins, &out.AdditionalCORSAllowedOrigins - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.Encryption = in.Encryption - if in.TLSSecurityProfile != nil { - in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile - *out = new(TLSSecurityProfile) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerSpec. -func (in *APIServerSpec) DeepCopy() *APIServerSpec { - if in == nil { - return nil - } - out := new(APIServerSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *APIServerStatus) DeepCopyInto(out *APIServerStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerStatus. -func (in *APIServerStatus) DeepCopy() *APIServerStatus { - if in == nil { - return nil - } - out := new(APIServerStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AWSPlatformStatus) DeepCopyInto(out *AWSPlatformStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSPlatformStatus. -func (in *AWSPlatformStatus) DeepCopy() *AWSPlatformStatus { - if in == nil { - return nil - } - out := new(AWSPlatformStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionConfig) DeepCopyInto(out *AdmissionConfig) { - *out = *in - if in.PluginConfig != nil { - in, out := &in.PluginConfig, &out.PluginConfig - *out = make(map[string]AdmissionPluginConfig, len(*in)) - for key, val := range *in { - (*out)[key] = *val.DeepCopy() - } - } - if in.EnabledAdmissionPlugins != nil { - in, out := &in.EnabledAdmissionPlugins, &out.EnabledAdmissionPlugins - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.DisabledAdmissionPlugins != nil { - in, out := &in.DisabledAdmissionPlugins, &out.DisabledAdmissionPlugins - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionConfig. -func (in *AdmissionConfig) DeepCopy() *AdmissionConfig { - if in == nil { - return nil - } - out := new(AdmissionConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionPluginConfig) DeepCopyInto(out *AdmissionPluginConfig) { - *out = *in - in.Configuration.DeepCopyInto(&out.Configuration) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionPluginConfig. -func (in *AdmissionPluginConfig) DeepCopy() *AdmissionPluginConfig { - if in == nil { - return nil - } - out := new(AdmissionPluginConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AuditConfig) DeepCopyInto(out *AuditConfig) { - *out = *in - in.PolicyConfiguration.DeepCopyInto(&out.PolicyConfiguration) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditConfig. -func (in *AuditConfig) DeepCopy() *AuditConfig { - if in == nil { - return nil - } - out := new(AuditConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Authentication) DeepCopyInto(out *Authentication) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authentication. -func (in *Authentication) DeepCopy() *Authentication { - if in == nil { - return nil - } - out := new(Authentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Authentication) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AuthenticationList) DeepCopyInto(out *AuthenticationList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Authentication, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationList. -func (in *AuthenticationList) DeepCopy() *AuthenticationList { - if in == nil { - return nil - } - out := new(AuthenticationList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AuthenticationList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec) { - *out = *in - out.OAuthMetadata = in.OAuthMetadata - if in.WebhookTokenAuthenticators != nil { - in, out := &in.WebhookTokenAuthenticators, &out.WebhookTokenAuthenticators - *out = make([]WebhookTokenAuthenticator, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationSpec. -func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec { - if in == nil { - return nil - } - out := new(AuthenticationSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AuthenticationStatus) DeepCopyInto(out *AuthenticationStatus) { - *out = *in - out.IntegratedOAuthMetadata = in.IntegratedOAuthMetadata - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationStatus. -func (in *AuthenticationStatus) DeepCopy() *AuthenticationStatus { - if in == nil { - return nil - } - out := new(AuthenticationStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AzurePlatformStatus) DeepCopyInto(out *AzurePlatformStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePlatformStatus. -func (in *AzurePlatformStatus) DeepCopy() *AzurePlatformStatus { - if in == nil { - return nil - } - out := new(AzurePlatformStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BareMetalPlatformStatus) DeepCopyInto(out *BareMetalPlatformStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BareMetalPlatformStatus. -func (in *BareMetalPlatformStatus) DeepCopy() *BareMetalPlatformStatus { - if in == nil { - return nil - } - out := new(BareMetalPlatformStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BasicAuthIdentityProvider) DeepCopyInto(out *BasicAuthIdentityProvider) { - *out = *in - out.OAuthRemoteConnectionInfo = in.OAuthRemoteConnectionInfo - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuthIdentityProvider. -func (in *BasicAuthIdentityProvider) DeepCopy() *BasicAuthIdentityProvider { - if in == nil { - return nil - } - out := new(BasicAuthIdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Build) DeepCopyInto(out *Build) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Build. -func (in *Build) DeepCopy() *Build { - if in == nil { - return nil - } - out := new(Build) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Build) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BuildDefaults) DeepCopyInto(out *BuildDefaults) { - *out = *in - if in.DefaultProxy != nil { - in, out := &in.DefaultProxy, &out.DefaultProxy - *out = new(ProxySpec) - (*in).DeepCopyInto(*out) - } - if in.GitProxy != nil { - in, out := &in.GitProxy, &out.GitProxy - *out = new(ProxySpec) - (*in).DeepCopyInto(*out) - } - if in.Env != nil { - in, out := &in.Env, &out.Env - *out = make([]corev1.EnvVar, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.ImageLabels != nil { - in, out := &in.ImageLabels, &out.ImageLabels - *out = make([]ImageLabel, len(*in)) - copy(*out, *in) - } - in.Resources.DeepCopyInto(&out.Resources) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildDefaults. -func (in *BuildDefaults) DeepCopy() *BuildDefaults { - if in == nil { - return nil - } - out := new(BuildDefaults) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BuildList) DeepCopyInto(out *BuildList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Build, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildList. -func (in *BuildList) DeepCopy() *BuildList { - if in == nil { - return nil - } - out := new(BuildList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *BuildList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BuildOverrides) DeepCopyInto(out *BuildOverrides) { - *out = *in - if in.ImageLabels != nil { - in, out := &in.ImageLabels, &out.ImageLabels - *out = make([]ImageLabel, len(*in)) - copy(*out, *in) - } - if in.NodeSelector != nil { - in, out := &in.NodeSelector, &out.NodeSelector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]corev1.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildOverrides. -func (in *BuildOverrides) DeepCopy() *BuildOverrides { - if in == nil { - return nil - } - out := new(BuildOverrides) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BuildSpec) DeepCopyInto(out *BuildSpec) { - *out = *in - out.AdditionalTrustedCA = in.AdditionalTrustedCA - in.BuildDefaults.DeepCopyInto(&out.BuildDefaults) - in.BuildOverrides.DeepCopyInto(&out.BuildOverrides) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildSpec. -func (in *BuildSpec) DeepCopy() *BuildSpec { - if in == nil { - return nil - } - out := new(BuildSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertInfo) DeepCopyInto(out *CertInfo) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertInfo. -func (in *CertInfo) DeepCopy() *CertInfo { - if in == nil { - return nil - } - out := new(CertInfo) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClientConnectionOverrides) DeepCopyInto(out *ClientConnectionOverrides) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnectionOverrides. -func (in *ClientConnectionOverrides) DeepCopy() *ClientConnectionOverrides { - if in == nil { - return nil - } - out := new(ClientConnectionOverrides) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterNetworkEntry) DeepCopyInto(out *ClusterNetworkEntry) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkEntry. -func (in *ClusterNetworkEntry) DeepCopy() *ClusterNetworkEntry { - if in == nil { - return nil - } - out := new(ClusterNetworkEntry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterOperator) DeepCopyInto(out *ClusterOperator) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperator. -func (in *ClusterOperator) DeepCopy() *ClusterOperator { - if in == nil { - return nil - } - out := new(ClusterOperator) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterOperator) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterOperatorList) DeepCopyInto(out *ClusterOperatorList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterOperator, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperatorList. -func (in *ClusterOperatorList) DeepCopy() *ClusterOperatorList { - if in == nil { - return nil - } - out := new(ClusterOperatorList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterOperatorList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterOperatorSpec) DeepCopyInto(out *ClusterOperatorSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperatorSpec. -func (in *ClusterOperatorSpec) DeepCopy() *ClusterOperatorSpec { - if in == nil { - return nil - } - out := new(ClusterOperatorSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterOperatorStatus) DeepCopyInto(out *ClusterOperatorStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]ClusterOperatorStatusCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Versions != nil { - in, out := &in.Versions, &out.Versions - *out = make([]OperandVersion, len(*in)) - copy(*out, *in) - } - if in.RelatedObjects != nil { - in, out := &in.RelatedObjects, &out.RelatedObjects - *out = make([]ObjectReference, len(*in)) - copy(*out, *in) - } - in.Extension.DeepCopyInto(&out.Extension) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperatorStatus. -func (in *ClusterOperatorStatus) DeepCopy() *ClusterOperatorStatus { - if in == nil { - return nil - } - out := new(ClusterOperatorStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterOperatorStatusCondition) DeepCopyInto(out *ClusterOperatorStatusCondition) { - *out = *in - in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperatorStatusCondition. -func (in *ClusterOperatorStatusCondition) DeepCopy() *ClusterOperatorStatusCondition { - if in == nil { - return nil - } - out := new(ClusterOperatorStatusCondition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterVersion) DeepCopyInto(out *ClusterVersion) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersion. -func (in *ClusterVersion) DeepCopy() *ClusterVersion { - if in == nil { - return nil - } - out := new(ClusterVersion) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterVersion) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterVersionList) DeepCopyInto(out *ClusterVersionList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterVersion, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionList. -func (in *ClusterVersionList) DeepCopy() *ClusterVersionList { - if in == nil { - return nil - } - out := new(ClusterVersionList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterVersionList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterVersionSpec) DeepCopyInto(out *ClusterVersionSpec) { - *out = *in - if in.DesiredUpdate != nil { - in, out := &in.DesiredUpdate, &out.DesiredUpdate - *out = new(Update) - **out = **in - } - if in.Overrides != nil { - in, out := &in.Overrides, &out.Overrides - *out = make([]ComponentOverride, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionSpec. -func (in *ClusterVersionSpec) DeepCopy() *ClusterVersionSpec { - if in == nil { - return nil - } - out := new(ClusterVersionSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterVersionStatus) DeepCopyInto(out *ClusterVersionStatus) { - *out = *in - out.Desired = in.Desired - if in.History != nil { - in, out := &in.History, &out.History - *out = make([]UpdateHistory, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]ClusterOperatorStatusCondition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.AvailableUpdates != nil { - in, out := &in.AvailableUpdates, &out.AvailableUpdates - *out = make([]Update, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionStatus. -func (in *ClusterVersionStatus) DeepCopy() *ClusterVersionStatus { - if in == nil { - return nil - } - out := new(ClusterVersionStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ComponentOverride) DeepCopyInto(out *ComponentOverride) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentOverride. -func (in *ComponentOverride) DeepCopy() *ComponentOverride { - if in == nil { - return nil - } - out := new(ComponentOverride) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapFileReference) DeepCopyInto(out *ConfigMapFileReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapFileReference. -func (in *ConfigMapFileReference) DeepCopy() *ConfigMapFileReference { - if in == nil { - return nil - } - out := new(ConfigMapFileReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConfigMapNameReference) DeepCopyInto(out *ConfigMapNameReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapNameReference. -func (in *ConfigMapNameReference) DeepCopy() *ConfigMapNameReference { - if in == nil { - return nil - } - out := new(ConfigMapNameReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Console) DeepCopyInto(out *Console) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Console. -func (in *Console) DeepCopy() *Console { - if in == nil { - return nil - } - out := new(Console) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Console) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConsoleAuthentication) DeepCopyInto(out *ConsoleAuthentication) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleAuthentication. -func (in *ConsoleAuthentication) DeepCopy() *ConsoleAuthentication { - if in == nil { - return nil - } - out := new(ConsoleAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConsoleList) DeepCopyInto(out *ConsoleList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Console, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleList. -func (in *ConsoleList) DeepCopy() *ConsoleList { - if in == nil { - return nil - } - out := new(ConsoleList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ConsoleList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConsoleSpec) DeepCopyInto(out *ConsoleSpec) { - *out = *in - out.Authentication = in.Authentication - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleSpec. -func (in *ConsoleSpec) DeepCopy() *ConsoleSpec { - if in == nil { - return nil - } - out := new(ConsoleSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ConsoleStatus) DeepCopyInto(out *ConsoleStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleStatus. -func (in *ConsoleStatus) DeepCopy() *ConsoleStatus { - if in == nil { - return nil - } - out := new(ConsoleStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CustomFeatureGates) DeepCopyInto(out *CustomFeatureGates) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Disabled != nil { - in, out := &in.Disabled, &out.Disabled - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomFeatureGates. -func (in *CustomFeatureGates) DeepCopy() *CustomFeatureGates { - if in == nil { - return nil - } - out := new(CustomFeatureGates) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CustomTLSProfile) DeepCopyInto(out *CustomTLSProfile) { - *out = *in - in.TLSProfileSpec.DeepCopyInto(&out.TLSProfileSpec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomTLSProfile. -func (in *CustomTLSProfile) DeepCopy() *CustomTLSProfile { - if in == nil { - return nil - } - out := new(CustomTLSProfile) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DNS) DeepCopyInto(out *DNS) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNS. -func (in *DNS) DeepCopy() *DNS { - if in == nil { - return nil - } - out := new(DNS) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DNS) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DNSList) DeepCopyInto(out *DNSList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]DNS, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSList. -func (in *DNSList) DeepCopy() *DNSList { - if in == nil { - return nil - } - out := new(DNSList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DNSList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DNSSpec) DeepCopyInto(out *DNSSpec) { - *out = *in - if in.PublicZone != nil { - in, out := &in.PublicZone, &out.PublicZone - *out = new(DNSZone) - (*in).DeepCopyInto(*out) - } - if in.PrivateZone != nil { - in, out := &in.PrivateZone, &out.PrivateZone - *out = new(DNSZone) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSSpec. -func (in *DNSSpec) DeepCopy() *DNSSpec { - if in == nil { - return nil - } - out := new(DNSSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DNSStatus) DeepCopyInto(out *DNSStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSStatus. -func (in *DNSStatus) DeepCopy() *DNSStatus { - if in == nil { - return nil - } - out := new(DNSStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DNSZone) DeepCopyInto(out *DNSZone) { - *out = *in - if in.Tags != nil { - in, out := &in.Tags, &out.Tags - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSZone. -func (in *DNSZone) DeepCopy() *DNSZone { - if in == nil { - return nil - } - out := new(DNSZone) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DelegatedAuthentication) DeepCopyInto(out *DelegatedAuthentication) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DelegatedAuthentication. -func (in *DelegatedAuthentication) DeepCopy() *DelegatedAuthentication { - if in == nil { - return nil - } - out := new(DelegatedAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DelegatedAuthorization) DeepCopyInto(out *DelegatedAuthorization) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DelegatedAuthorization. -func (in *DelegatedAuthorization) DeepCopy() *DelegatedAuthorization { - if in == nil { - return nil - } - out := new(DelegatedAuthorization) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EtcdConnectionInfo) DeepCopyInto(out *EtcdConnectionInfo) { - *out = *in - if in.URLs != nil { - in, out := &in.URLs, &out.URLs - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.CertInfo = in.CertInfo - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdConnectionInfo. -func (in *EtcdConnectionInfo) DeepCopy() *EtcdConnectionInfo { - if in == nil { - return nil - } - out := new(EtcdConnectionInfo) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *EtcdStorageConfig) DeepCopyInto(out *EtcdStorageConfig) { - *out = *in - in.EtcdConnectionInfo.DeepCopyInto(&out.EtcdConnectionInfo) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdStorageConfig. -func (in *EtcdStorageConfig) DeepCopy() *EtcdStorageConfig { - if in == nil { - return nil - } - out := new(EtcdStorageConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExternalIPConfig) DeepCopyInto(out *ExternalIPConfig) { - *out = *in - if in.Policy != nil { - in, out := &in.Policy, &out.Policy - *out = new(ExternalIPPolicy) - (*in).DeepCopyInto(*out) - } - if in.AutoAssignCIDRs != nil { - in, out := &in.AutoAssignCIDRs, &out.AutoAssignCIDRs - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPConfig. -func (in *ExternalIPConfig) DeepCopy() *ExternalIPConfig { - if in == nil { - return nil - } - out := new(ExternalIPConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExternalIPPolicy) DeepCopyInto(out *ExternalIPPolicy) { - *out = *in - if in.AllowedCIDRs != nil { - in, out := &in.AllowedCIDRs, &out.AllowedCIDRs - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.RejectedCIDRs != nil { - in, out := &in.RejectedCIDRs, &out.RejectedCIDRs - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPPolicy. -func (in *ExternalIPPolicy) DeepCopy() *ExternalIPPolicy { - if in == nil { - return nil - } - out := new(ExternalIPPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGate) DeepCopyInto(out *FeatureGate) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGate. -func (in *FeatureGate) DeepCopy() *FeatureGate { - if in == nil { - return nil - } - out := new(FeatureGate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *FeatureGate) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGateEnabledDisabled) DeepCopyInto(out *FeatureGateEnabledDisabled) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Disabled != nil { - in, out := &in.Disabled, &out.Disabled - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateEnabledDisabled. -func (in *FeatureGateEnabledDisabled) DeepCopy() *FeatureGateEnabledDisabled { - if in == nil { - return nil - } - out := new(FeatureGateEnabledDisabled) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGateList) DeepCopyInto(out *FeatureGateList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]FeatureGate, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateList. -func (in *FeatureGateList) DeepCopy() *FeatureGateList { - if in == nil { - return nil - } - out := new(FeatureGateList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *FeatureGateList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGateSelection) DeepCopyInto(out *FeatureGateSelection) { - *out = *in - if in.CustomNoUpgrade != nil { - in, out := &in.CustomNoUpgrade, &out.CustomNoUpgrade - *out = new(CustomFeatureGates) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateSelection. -func (in *FeatureGateSelection) DeepCopy() *FeatureGateSelection { - if in == nil { - return nil - } - out := new(FeatureGateSelection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGateSpec) DeepCopyInto(out *FeatureGateSpec) { - *out = *in - in.FeatureGateSelection.DeepCopyInto(&out.FeatureGateSelection) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateSpec. -func (in *FeatureGateSpec) DeepCopy() *FeatureGateSpec { - if in == nil { - return nil - } - out := new(FeatureGateSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGateStatus) DeepCopyInto(out *FeatureGateStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateStatus. -func (in *FeatureGateStatus) DeepCopy() *FeatureGateStatus { - if in == nil { - return nil - } - out := new(FeatureGateStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPPlatformStatus. -func (in *GCPPlatformStatus) DeepCopy() *GCPPlatformStatus { - if in == nil { - return nil - } - out := new(GCPPlatformStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { - *out = *in - in.ServingInfo.DeepCopyInto(&out.ServingInfo) - if in.CORSAllowedOrigins != nil { - in, out := &in.CORSAllowedOrigins, &out.CORSAllowedOrigins - *out = make([]string, len(*in)) - copy(*out, *in) - } - in.AuditConfig.DeepCopyInto(&out.AuditConfig) - in.StorageConfig.DeepCopyInto(&out.StorageConfig) - in.AdmissionConfig.DeepCopyInto(&out.AdmissionConfig) - out.KubeClientConfig = in.KubeClientConfig - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericAPIServerConfig. -func (in *GenericAPIServerConfig) DeepCopy() *GenericAPIServerConfig { - if in == nil { - return nil - } - out := new(GenericAPIServerConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GenericControllerConfig) DeepCopyInto(out *GenericControllerConfig) { - *out = *in - in.ServingInfo.DeepCopyInto(&out.ServingInfo) - out.LeaderElection = in.LeaderElection - out.Authentication = in.Authentication - out.Authorization = in.Authorization - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericControllerConfig. -func (in *GenericControllerConfig) DeepCopy() *GenericControllerConfig { - if in == nil { - return nil - } - out := new(GenericControllerConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GitHubIdentityProvider) DeepCopyInto(out *GitHubIdentityProvider) { - *out = *in - out.ClientSecret = in.ClientSecret - if in.Organizations != nil { - in, out := &in.Organizations, &out.Organizations - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Teams != nil { - in, out := &in.Teams, &out.Teams - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.CA = in.CA - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubIdentityProvider. -func (in *GitHubIdentityProvider) DeepCopy() *GitHubIdentityProvider { - if in == nil { - return nil - } - out := new(GitHubIdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GitLabIdentityProvider) DeepCopyInto(out *GitLabIdentityProvider) { - *out = *in - out.ClientSecret = in.ClientSecret - out.CA = in.CA - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitLabIdentityProvider. -func (in *GitLabIdentityProvider) DeepCopy() *GitLabIdentityProvider { - if in == nil { - return nil - } - out := new(GitLabIdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GoogleIdentityProvider) DeepCopyInto(out *GoogleIdentityProvider) { - *out = *in - out.ClientSecret = in.ClientSecret - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GoogleIdentityProvider. -func (in *GoogleIdentityProvider) DeepCopy() *GoogleIdentityProvider { - if in == nil { - return nil - } - out := new(GoogleIdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTPasswdIdentityProvider) DeepCopyInto(out *HTPasswdIdentityProvider) { - *out = *in - out.FileData = in.FileData - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTPasswdIdentityProvider. -func (in *HTPasswdIdentityProvider) DeepCopy() *HTPasswdIdentityProvider { - if in == nil { - return nil - } - out := new(HTPasswdIdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HTTPServingInfo) DeepCopyInto(out *HTTPServingInfo) { - *out = *in - in.ServingInfo.DeepCopyInto(&out.ServingInfo) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPServingInfo. -func (in *HTTPServingInfo) DeepCopy() *HTTPServingInfo { - if in == nil { - return nil - } - out := new(HTTPServingInfo) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HubSource) DeepCopyInto(out *HubSource) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HubSource. -func (in *HubSource) DeepCopy() *HubSource { - if in == nil { - return nil - } - out := new(HubSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HubSourceStatus) DeepCopyInto(out *HubSourceStatus) { - *out = *in - out.HubSource = in.HubSource - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HubSourceStatus. -func (in *HubSourceStatus) DeepCopy() *HubSourceStatus { - if in == nil { - return nil - } - out := new(HubSourceStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IBMCloudPlatformStatus) DeepCopyInto(out *IBMCloudPlatformStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudPlatformStatus. -func (in *IBMCloudPlatformStatus) DeepCopy() *IBMCloudPlatformStatus { - if in == nil { - return nil - } - out := new(IBMCloudPlatformStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IdentityProvider) DeepCopyInto(out *IdentityProvider) { - *out = *in - in.IdentityProviderConfig.DeepCopyInto(&out.IdentityProviderConfig) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProvider. -func (in *IdentityProvider) DeepCopy() *IdentityProvider { - if in == nil { - return nil - } - out := new(IdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IdentityProviderConfig) DeepCopyInto(out *IdentityProviderConfig) { - *out = *in - if in.BasicAuth != nil { - in, out := &in.BasicAuth, &out.BasicAuth - *out = new(BasicAuthIdentityProvider) - **out = **in - } - if in.GitHub != nil { - in, out := &in.GitHub, &out.GitHub - *out = new(GitHubIdentityProvider) - (*in).DeepCopyInto(*out) - } - if in.GitLab != nil { - in, out := &in.GitLab, &out.GitLab - *out = new(GitLabIdentityProvider) - **out = **in - } - if in.Google != nil { - in, out := &in.Google, &out.Google - *out = new(GoogleIdentityProvider) - **out = **in - } - if in.HTPasswd != nil { - in, out := &in.HTPasswd, &out.HTPasswd - *out = new(HTPasswdIdentityProvider) - **out = **in - } - if in.Keystone != nil { - in, out := &in.Keystone, &out.Keystone - *out = new(KeystoneIdentityProvider) - **out = **in - } - if in.LDAP != nil { - in, out := &in.LDAP, &out.LDAP - *out = new(LDAPIdentityProvider) - (*in).DeepCopyInto(*out) - } - if in.OpenID != nil { - in, out := &in.OpenID, &out.OpenID - *out = new(OpenIDIdentityProvider) - (*in).DeepCopyInto(*out) - } - if in.RequestHeader != nil { - in, out := &in.RequestHeader, &out.RequestHeader - *out = new(RequestHeaderIdentityProvider) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProviderConfig. -func (in *IdentityProviderConfig) DeepCopy() *IdentityProviderConfig { - if in == nil { - return nil - } - out := new(IdentityProviderConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Image) DeepCopyInto(out *Image) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Image. -func (in *Image) DeepCopy() *Image { - if in == nil { - return nil - } - out := new(Image) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Image) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageLabel) DeepCopyInto(out *ImageLabel) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageLabel. -func (in *ImageLabel) DeepCopy() *ImageLabel { - if in == nil { - return nil - } - out := new(ImageLabel) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageList) DeepCopyInto(out *ImageList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Image, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageList. -func (in *ImageList) DeepCopy() *ImageList { - if in == nil { - return nil - } - out := new(ImageList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ImageList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageSpec) DeepCopyInto(out *ImageSpec) { - *out = *in - if in.AllowedRegistriesForImport != nil { - in, out := &in.AllowedRegistriesForImport, &out.AllowedRegistriesForImport - *out = make([]RegistryLocation, len(*in)) - copy(*out, *in) - } - if in.ExternalRegistryHostnames != nil { - in, out := &in.ExternalRegistryHostnames, &out.ExternalRegistryHostnames - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.AdditionalTrustedCA = in.AdditionalTrustedCA - in.RegistrySources.DeepCopyInto(&out.RegistrySources) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec. -func (in *ImageSpec) DeepCopy() *ImageSpec { - if in == nil { - return nil - } - out := new(ImageSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageStatus) DeepCopyInto(out *ImageStatus) { - *out = *in - if in.ExternalRegistryHostnames != nil { - in, out := &in.ExternalRegistryHostnames, &out.ExternalRegistryHostnames - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageStatus. -func (in *ImageStatus) DeepCopy() *ImageStatus { - if in == nil { - return nil - } - out := new(ImageStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Infrastructure) DeepCopyInto(out *Infrastructure) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Infrastructure. -func (in *Infrastructure) DeepCopy() *Infrastructure { - if in == nil { - return nil - } - out := new(Infrastructure) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Infrastructure) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureList) DeepCopyInto(out *InfrastructureList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Infrastructure, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureList. -func (in *InfrastructureList) DeepCopy() *InfrastructureList { - if in == nil { - return nil - } - out := new(InfrastructureList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InfrastructureList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureSpec) DeepCopyInto(out *InfrastructureSpec) { - *out = *in - out.CloudConfig = in.CloudConfig - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureSpec. -func (in *InfrastructureSpec) DeepCopy() *InfrastructureSpec { - if in == nil { - return nil - } - out := new(InfrastructureSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InfrastructureStatus) DeepCopyInto(out *InfrastructureStatus) { - *out = *in - if in.PlatformStatus != nil { - in, out := &in.PlatformStatus, &out.PlatformStatus - *out = new(PlatformStatus) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureStatus. -func (in *InfrastructureStatus) DeepCopy() *InfrastructureStatus { - if in == nil { - return nil - } - out := new(InfrastructureStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Ingress) DeepCopyInto(out *Ingress) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress. -func (in *Ingress) DeepCopy() *Ingress { - if in == nil { - return nil - } - out := new(Ingress) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Ingress) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressList) DeepCopyInto(out *IngressList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Ingress, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressList. -func (in *IngressList) DeepCopy() *IngressList { - if in == nil { - return nil - } - out := new(IngressList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *IngressList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressSpec) DeepCopyInto(out *IngressSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec. -func (in *IngressSpec) DeepCopy() *IngressSpec { - if in == nil { - return nil - } - out := new(IngressSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngressStatus) DeepCopyInto(out *IngressStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressStatus. -func (in *IngressStatus) DeepCopy() *IngressStatus { - if in == nil { - return nil - } - out := new(IngressStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IntermediateTLSProfile) DeepCopyInto(out *IntermediateTLSProfile) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntermediateTLSProfile. -func (in *IntermediateTLSProfile) DeepCopy() *IntermediateTLSProfile { - if in == nil { - return nil - } - out := new(IntermediateTLSProfile) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KeystoneIdentityProvider) DeepCopyInto(out *KeystoneIdentityProvider) { - *out = *in - out.OAuthRemoteConnectionInfo = in.OAuthRemoteConnectionInfo - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeystoneIdentityProvider. -func (in *KeystoneIdentityProvider) DeepCopy() *KeystoneIdentityProvider { - if in == nil { - return nil - } - out := new(KeystoneIdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeClientConfig) DeepCopyInto(out *KubeClientConfig) { - *out = *in - out.ConnectionOverrides = in.ConnectionOverrides - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeClientConfig. -func (in *KubeClientConfig) DeepCopy() *KubeClientConfig { - if in == nil { - return nil - } - out := new(KubeClientConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LDAPAttributeMapping) DeepCopyInto(out *LDAPAttributeMapping) { - *out = *in - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.PreferredUsername != nil { - in, out := &in.PreferredUsername, &out.PreferredUsername - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Email != nil { - in, out := &in.Email, &out.Email - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAttributeMapping. -func (in *LDAPAttributeMapping) DeepCopy() *LDAPAttributeMapping { - if in == nil { - return nil - } - out := new(LDAPAttributeMapping) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) { - *out = *in - out.BindPassword = in.BindPassword - out.CA = in.CA - in.Attributes.DeepCopyInto(&out.Attributes) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider. -func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider { - if in == nil { - return nil - } - out := new(LDAPIdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LeaderElection) DeepCopyInto(out *LeaderElection) { - *out = *in - out.LeaseDuration = in.LeaseDuration - out.RenewDeadline = in.RenewDeadline - out.RetryPeriod = in.RetryPeriod - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElection. -func (in *LeaderElection) DeepCopy() *LeaderElection { - if in == nil { - return nil - } - out := new(LeaderElection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ModernTLSProfile) DeepCopyInto(out *ModernTLSProfile) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModernTLSProfile. -func (in *ModernTLSProfile) DeepCopy() *ModernTLSProfile { - if in == nil { - return nil - } - out := new(ModernTLSProfile) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NamedCertificate) DeepCopyInto(out *NamedCertificate) { - *out = *in - if in.Names != nil { - in, out := &in.Names, &out.Names - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.CertInfo = in.CertInfo - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedCertificate. -func (in *NamedCertificate) DeepCopy() *NamedCertificate { - if in == nil { - return nil - } - out := new(NamedCertificate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Network) DeepCopyInto(out *Network) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Network. -func (in *Network) DeepCopy() *Network { - if in == nil { - return nil - } - out := new(Network) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Network) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkList) DeepCopyInto(out *NetworkList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Network, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkList. -func (in *NetworkList) DeepCopy() *NetworkList { - if in == nil { - return nil - } - out := new(NetworkList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { - *out = *in - if in.ClusterNetwork != nil { - in, out := &in.ClusterNetwork, &out.ClusterNetwork - *out = make([]ClusterNetworkEntry, len(*in)) - copy(*out, *in) - } - if in.ServiceNetwork != nil { - in, out := &in.ServiceNetwork, &out.ServiceNetwork - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ExternalIP != nil { - in, out := &in.ExternalIP, &out.ExternalIP - *out = new(ExternalIPConfig) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkSpec. -func (in *NetworkSpec) DeepCopy() *NetworkSpec { - if in == nil { - return nil - } - out := new(NetworkSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { - *out = *in - if in.ClusterNetwork != nil { - in, out := &in.ClusterNetwork, &out.ClusterNetwork - *out = make([]ClusterNetworkEntry, len(*in)) - copy(*out, *in) - } - if in.ServiceNetwork != nil { - in, out := &in.ServiceNetwork, &out.ServiceNetwork - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkStatus. -func (in *NetworkStatus) DeepCopy() *NetworkStatus { - if in == nil { - return nil - } - out := new(NetworkStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OAuth) DeepCopyInto(out *OAuth) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth. -func (in *OAuth) DeepCopy() *OAuth { - if in == nil { - return nil - } - out := new(OAuth) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OAuth) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OAuthList) DeepCopyInto(out *OAuthList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]OAuth, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthList. -func (in *OAuthList) DeepCopy() *OAuthList { - if in == nil { - return nil - } - out := new(OAuthList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OAuthList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OAuthRemoteConnectionInfo) DeepCopyInto(out *OAuthRemoteConnectionInfo) { - *out = *in - out.CA = in.CA - out.TLSClientCert = in.TLSClientCert - out.TLSClientKey = in.TLSClientKey - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthRemoteConnectionInfo. -func (in *OAuthRemoteConnectionInfo) DeepCopy() *OAuthRemoteConnectionInfo { - if in == nil { - return nil - } - out := new(OAuthRemoteConnectionInfo) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OAuthSpec) DeepCopyInto(out *OAuthSpec) { - *out = *in - if in.IdentityProviders != nil { - in, out := &in.IdentityProviders, &out.IdentityProviders - *out = make([]IdentityProvider, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - out.TokenConfig = in.TokenConfig - out.Templates = in.Templates - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthSpec. -func (in *OAuthSpec) DeepCopy() *OAuthSpec { - if in == nil { - return nil - } - out := new(OAuthSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OAuthStatus) DeepCopyInto(out *OAuthStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthStatus. -func (in *OAuthStatus) DeepCopy() *OAuthStatus { - if in == nil { - return nil - } - out := new(OAuthStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OAuthTemplates) DeepCopyInto(out *OAuthTemplates) { - *out = *in - out.Login = in.Login - out.ProviderSelection = in.ProviderSelection - out.Error = in.Error - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthTemplates. -func (in *OAuthTemplates) DeepCopy() *OAuthTemplates { - if in == nil { - return nil - } - out := new(OAuthTemplates) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. -func (in *ObjectReference) DeepCopy() *ObjectReference { - if in == nil { - return nil - } - out := new(ObjectReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OldTLSProfile) DeepCopyInto(out *OldTLSProfile) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OldTLSProfile. -func (in *OldTLSProfile) DeepCopy() *OldTLSProfile { - if in == nil { - return nil - } - out := new(OldTLSProfile) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OpenIDClaims) DeepCopyInto(out *OpenIDClaims) { - *out = *in - if in.PreferredUsername != nil { - in, out := &in.PreferredUsername, &out.PreferredUsername - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Email != nil { - in, out := &in.Email, &out.Email - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenIDClaims. -func (in *OpenIDClaims) DeepCopy() *OpenIDClaims { - if in == nil { - return nil - } - out := new(OpenIDClaims) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OpenIDIdentityProvider) DeepCopyInto(out *OpenIDIdentityProvider) { - *out = *in - out.ClientSecret = in.ClientSecret - out.CA = in.CA - if in.ExtraScopes != nil { - in, out := &in.ExtraScopes, &out.ExtraScopes - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ExtraAuthorizeParameters != nil { - in, out := &in.ExtraAuthorizeParameters, &out.ExtraAuthorizeParameters - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - in.Claims.DeepCopyInto(&out.Claims) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenIDIdentityProvider. -func (in *OpenIDIdentityProvider) DeepCopy() *OpenIDIdentityProvider { - if in == nil { - return nil - } - out := new(OpenIDIdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OpenStackPlatformStatus) DeepCopyInto(out *OpenStackPlatformStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackPlatformStatus. -func (in *OpenStackPlatformStatus) DeepCopy() *OpenStackPlatformStatus { - if in == nil { - return nil - } - out := new(OpenStackPlatformStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OperandVersion) DeepCopyInto(out *OperandVersion) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperandVersion. -func (in *OperandVersion) DeepCopy() *OperandVersion { - if in == nil { - return nil - } - out := new(OperandVersion) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OperatorHub) DeepCopyInto(out *OperatorHub) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHub. -func (in *OperatorHub) DeepCopy() *OperatorHub { - if in == nil { - return nil - } - out := new(OperatorHub) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OperatorHub) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OperatorHubList) DeepCopyInto(out *OperatorHubList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]OperatorHub, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubList. -func (in *OperatorHubList) DeepCopy() *OperatorHubList { - if in == nil { - return nil - } - out := new(OperatorHubList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OperatorHubList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OperatorHubSpec) DeepCopyInto(out *OperatorHubSpec) { - *out = *in - if in.Sources != nil { - in, out := &in.Sources, &out.Sources - *out = make([]HubSource, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubSpec. -func (in *OperatorHubSpec) DeepCopy() *OperatorHubSpec { - if in == nil { - return nil - } - out := new(OperatorHubSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OperatorHubStatus) DeepCopyInto(out *OperatorHubStatus) { - *out = *in - if in.Sources != nil { - in, out := &in.Sources, &out.Sources - *out = make([]HubSourceStatus, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubStatus. -func (in *OperatorHubStatus) DeepCopy() *OperatorHubStatus { - if in == nil { - return nil - } - out := new(OperatorHubStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OvirtPlatformStatus) DeepCopyInto(out *OvirtPlatformStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OvirtPlatformStatus. -func (in *OvirtPlatformStatus) DeepCopy() *OvirtPlatformStatus { - if in == nil { - return nil - } - out := new(OvirtPlatformStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { - *out = *in - if in.AWS != nil { - in, out := &in.AWS, &out.AWS - *out = new(AWSPlatformStatus) - **out = **in - } - if in.Azure != nil { - in, out := &in.Azure, &out.Azure - *out = new(AzurePlatformStatus) - **out = **in - } - if in.GCP != nil { - in, out := &in.GCP, &out.GCP - *out = new(GCPPlatformStatus) - **out = **in - } - if in.BareMetal != nil { - in, out := &in.BareMetal, &out.BareMetal - *out = new(BareMetalPlatformStatus) - **out = **in - } - if in.OpenStack != nil { - in, out := &in.OpenStack, &out.OpenStack - *out = new(OpenStackPlatformStatus) - **out = **in - } - if in.Ovirt != nil { - in, out := &in.Ovirt, &out.Ovirt - *out = new(OvirtPlatformStatus) - **out = **in - } - if in.VSphere != nil { - in, out := &in.VSphere, &out.VSphere - *out = new(VSpherePlatformStatus) - **out = **in - } - if in.IBMCloud != nil { - in, out := &in.IBMCloud, &out.IBMCloud - *out = new(IBMCloudPlatformStatus) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformStatus. -func (in *PlatformStatus) DeepCopy() *PlatformStatus { - if in == nil { - return nil - } - out := new(PlatformStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Project) DeepCopyInto(out *Project) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Project. -func (in *Project) DeepCopy() *Project { - if in == nil { - return nil - } - out := new(Project) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Project) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectList) DeepCopyInto(out *ProjectList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Project, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectList. -func (in *ProjectList) DeepCopy() *ProjectList { - if in == nil { - return nil - } - out := new(ProjectList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ProjectList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectSpec) DeepCopyInto(out *ProjectSpec) { - *out = *in - out.ProjectRequestTemplate = in.ProjectRequestTemplate - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSpec. -func (in *ProjectSpec) DeepCopy() *ProjectSpec { - if in == nil { - return nil - } - out := new(ProjectSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProjectStatus) DeepCopyInto(out *ProjectStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectStatus. -func (in *ProjectStatus) DeepCopy() *ProjectStatus { - if in == nil { - return nil - } - out := new(ProjectStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Proxy) DeepCopyInto(out *Proxy) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Proxy. -func (in *Proxy) DeepCopy() *Proxy { - if in == nil { - return nil - } - out := new(Proxy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Proxy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProxyList) DeepCopyInto(out *ProxyList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Proxy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyList. -func (in *ProxyList) DeepCopy() *ProxyList { - if in == nil { - return nil - } - out := new(ProxyList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ProxyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProxySpec) DeepCopyInto(out *ProxySpec) { - *out = *in - if in.ReadinessEndpoints != nil { - in, out := &in.ReadinessEndpoints, &out.ReadinessEndpoints - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.TrustedCA = in.TrustedCA - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxySpec. -func (in *ProxySpec) DeepCopy() *ProxySpec { - if in == nil { - return nil - } - out := new(ProxySpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProxyStatus) DeepCopyInto(out *ProxyStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyStatus. -func (in *ProxyStatus) DeepCopy() *ProxyStatus { - if in == nil { - return nil - } - out := new(ProxyStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistryLocation) DeepCopyInto(out *RegistryLocation) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryLocation. -func (in *RegistryLocation) DeepCopy() *RegistryLocation { - if in == nil { - return nil - } - out := new(RegistryLocation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RegistrySources) DeepCopyInto(out *RegistrySources) { - *out = *in - if in.InsecureRegistries != nil { - in, out := &in.InsecureRegistries, &out.InsecureRegistries - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.BlockedRegistries != nil { - in, out := &in.BlockedRegistries, &out.BlockedRegistries - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.AllowedRegistries != nil { - in, out := &in.AllowedRegistries, &out.AllowedRegistries - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrySources. -func (in *RegistrySources) DeepCopy() *RegistrySources { - if in == nil { - return nil - } - out := new(RegistrySources) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RemoteConnectionInfo) DeepCopyInto(out *RemoteConnectionInfo) { - *out = *in - out.CertInfo = in.CertInfo - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteConnectionInfo. -func (in *RemoteConnectionInfo) DeepCopy() *RemoteConnectionInfo { - if in == nil { - return nil - } - out := new(RemoteConnectionInfo) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *RequestHeaderIdentityProvider) DeepCopyInto(out *RequestHeaderIdentityProvider) { - *out = *in - out.ClientCA = in.ClientCA - if in.ClientCommonNames != nil { - in, out := &in.ClientCommonNames, &out.ClientCommonNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Headers != nil { - in, out := &in.Headers, &out.Headers - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.PreferredUsernameHeaders != nil { - in, out := &in.PreferredUsernameHeaders, &out.PreferredUsernameHeaders - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.NameHeaders != nil { - in, out := &in.NameHeaders, &out.NameHeaders - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.EmailHeaders != nil { - in, out := &in.EmailHeaders, &out.EmailHeaders - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderIdentityProvider. -func (in *RequestHeaderIdentityProvider) DeepCopy() *RequestHeaderIdentityProvider { - if in == nil { - return nil - } - out := new(RequestHeaderIdentityProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Scheduler) DeepCopyInto(out *Scheduler) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Scheduler. -func (in *Scheduler) DeepCopy() *Scheduler { - if in == nil { - return nil - } - out := new(Scheduler) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Scheduler) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SchedulerList) DeepCopyInto(out *SchedulerList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Scheduler, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SchedulerList. -func (in *SchedulerList) DeepCopy() *SchedulerList { - if in == nil { - return nil - } - out := new(SchedulerList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *SchedulerList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SchedulerSpec) DeepCopyInto(out *SchedulerSpec) { - *out = *in - out.Policy = in.Policy - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SchedulerSpec. -func (in *SchedulerSpec) DeepCopy() *SchedulerSpec { - if in == nil { - return nil - } - out := new(SchedulerSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SchedulerStatus) DeepCopyInto(out *SchedulerStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SchedulerStatus. -func (in *SchedulerStatus) DeepCopy() *SchedulerStatus { - if in == nil { - return nil - } - out := new(SchedulerStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretNameReference) DeepCopyInto(out *SecretNameReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretNameReference. -func (in *SecretNameReference) DeepCopy() *SecretNameReference { - if in == nil { - return nil - } - out := new(SecretNameReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ServingInfo) DeepCopyInto(out *ServingInfo) { - *out = *in - out.CertInfo = in.CertInfo - if in.NamedCertificates != nil { - in, out := &in.NamedCertificates, &out.NamedCertificates - *out = make([]NamedCertificate, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.CipherSuites != nil { - in, out := &in.CipherSuites, &out.CipherSuites - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServingInfo. -func (in *ServingInfo) DeepCopy() *ServingInfo { - if in == nil { - return nil - } - out := new(ServingInfo) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StringSource) DeepCopyInto(out *StringSource) { - *out = *in - out.StringSourceSpec = in.StringSourceSpec - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringSource. -func (in *StringSource) DeepCopy() *StringSource { - if in == nil { - return nil - } - out := new(StringSource) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StringSourceSpec) DeepCopyInto(out *StringSourceSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringSourceSpec. -func (in *StringSourceSpec) DeepCopy() *StringSourceSpec { - if in == nil { - return nil - } - out := new(StringSourceSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) { - *out = *in - if in.Ciphers != nil { - in, out := &in.Ciphers, &out.Ciphers - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSProfileSpec. -func (in *TLSProfileSpec) DeepCopy() *TLSProfileSpec { - if in == nil { - return nil - } - out := new(TLSProfileSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSSecurityProfile) DeepCopyInto(out *TLSSecurityProfile) { - *out = *in - if in.Old != nil { - in, out := &in.Old, &out.Old - *out = new(OldTLSProfile) - **out = **in - } - if in.Intermediate != nil { - in, out := &in.Intermediate, &out.Intermediate - *out = new(IntermediateTLSProfile) - **out = **in - } - if in.Modern != nil { - in, out := &in.Modern, &out.Modern - *out = new(ModernTLSProfile) - **out = **in - } - if in.Custom != nil { - in, out := &in.Custom, &out.Custom - *out = new(CustomTLSProfile) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSecurityProfile. -func (in *TLSSecurityProfile) DeepCopy() *TLSSecurityProfile { - if in == nil { - return nil - } - out := new(TLSSecurityProfile) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TemplateReference) DeepCopyInto(out *TemplateReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateReference. -func (in *TemplateReference) DeepCopy() *TemplateReference { - if in == nil { - return nil - } - out := new(TemplateReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TokenConfig) DeepCopyInto(out *TokenConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenConfig. -func (in *TokenConfig) DeepCopy() *TokenConfig { - if in == nil { - return nil - } - out := new(TokenConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Update) DeepCopyInto(out *Update) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Update. -func (in *Update) DeepCopy() *Update { - if in == nil { - return nil - } - out := new(Update) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpdateHistory) DeepCopyInto(out *UpdateHistory) { - *out = *in - in.StartedTime.DeepCopyInto(&out.StartedTime) - if in.CompletionTime != nil { - in, out := &in.CompletionTime, &out.CompletionTime - *out = (*in).DeepCopy() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpdateHistory. -func (in *UpdateHistory) DeepCopy() *UpdateHistory { - if in == nil { - return nil - } - out := new(UpdateHistory) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VSpherePlatformStatus) DeepCopyInto(out *VSpherePlatformStatus) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformStatus. -func (in *VSpherePlatformStatus) DeepCopy() *VSpherePlatformStatus { - if in == nil { - return nil - } - out := new(VSpherePlatformStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator) { - *out = *in - out.KubeConfig = in.KubeConfig - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookTokenAuthenticator. -func (in *WebhookTokenAuthenticator) DeepCopy() *WebhookTokenAuthenticator { - if in == nil { - return nil - } - out := new(WebhookTokenAuthenticator) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go deleted file mode 100644 index 7a46ba48905..00000000000 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ /dev/null @@ -1,1317 +0,0 @@ -package v1 - -// This file contains a collection of methods that can be used from go-restful to -// generate Swagger API documentation for its models. Please read this PR for more -// information on the implementation: https://github.com/emicklei/go-restful/pull/215 -// -// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if -// they are on one line! For multiple line or blocks that you want to ignore use ---. -// Any context after a --- is ignored. -// -// Those methods can be generated by using hack/update-swagger-docs.sh - -// AUTO-GENERATED FUNCTIONS START HERE -var map_AdmissionConfig = map[string]string{ - "enabledPlugins": "enabledPlugins is a list of admission plugins that must be on in addition to the default list. Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon and can result in performance penalties and unexpected behavior.", - "disabledPlugins": "disabledPlugins is a list of admission plugins that must be off. Putting something in this list is almost always a mistake and likely to result in cluster instability.", -} - -func (AdmissionConfig) SwaggerDoc() map[string]string { - return map_AdmissionConfig -} - -var map_AdmissionPluginConfig = map[string]string{ - "": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", - "location": "Location is the path to a configuration file that contains the plugin's configuration", - "configuration": "Configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", -} - -func (AdmissionPluginConfig) SwaggerDoc() map[string]string { - return map_AdmissionPluginConfig -} - -var map_AuditConfig = map[string]string{ - "": "AuditConfig holds configuration for the audit capabilities", - "enabled": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", - "auditFilePath": "All requests coming to the apiserver will be logged to this file.", - "maximumFileRetentionDays": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", - "maximumRetainedFiles": "Maximum number of old log files to retain.", - "maximumFileSizeMegabytes": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", - "policyFile": "PolicyFile is a path to the file that defines the audit policy configuration.", - "policyConfiguration": "PolicyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", - "logFormat": "Format of saved audits (legacy or json).", - "webHookKubeConfig": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", - "webHookMode": "Strategy for sending audit events (block or batch).", -} - -func (AuditConfig) SwaggerDoc() map[string]string { - return map_AuditConfig -} - -var map_CertInfo = map[string]string{ - "": "CertInfo relates a certificate with a private key", - "certFile": "CertFile is a file containing a PEM-encoded certificate", - "keyFile": "KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", -} - -func (CertInfo) SwaggerDoc() map[string]string { - return map_CertInfo -} - -var map_ClientConnectionOverrides = map[string]string{ - "acceptContentTypes": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", - "contentType": "contentType is the content type used when sending data to the server from this client.", - "qps": "qps controls the number of queries per second allowed for this connection.", - "burst": "burst allows extra queries to accumulate when a client is exceeding its rate.", -} - -func (ClientConnectionOverrides) SwaggerDoc() map[string]string { - return map_ClientConnectionOverrides -} - -var map_ConfigMapFileReference = map[string]string{ - "": "ConfigMapFileReference references a config map in a specific namespace. The namespace must be specified at the point of use.", - "key": "Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", -} - -func (ConfigMapFileReference) SwaggerDoc() map[string]string { - return map_ConfigMapFileReference -} - -var map_ConfigMapNameReference = map[string]string{ - "": "ConfigMapNameReference references a config map in a specific namespace. The namespace must be specified at the point of use.", - "name": "name is the metadata.name of the referenced config map", -} - -func (ConfigMapNameReference) SwaggerDoc() map[string]string { - return map_ConfigMapNameReference -} - -var map_DelegatedAuthentication = map[string]string{ - "": "DelegatedAuthentication allows authentication to be disabled.", - "disabled": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", -} - -func (DelegatedAuthentication) SwaggerDoc() map[string]string { - return map_DelegatedAuthentication -} - -var map_DelegatedAuthorization = map[string]string{ - "": "DelegatedAuthorization allows authorization to be disabled.", - "disabled": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", -} - -func (DelegatedAuthorization) SwaggerDoc() map[string]string { - return map_DelegatedAuthorization -} - -var map_EtcdConnectionInfo = map[string]string{ - "": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", - "urls": "URLs are the URLs for etcd", - "ca": "CA is a file containing trusted roots for the etcd server certificates", -} - -func (EtcdConnectionInfo) SwaggerDoc() map[string]string { - return map_EtcdConnectionInfo -} - -var map_EtcdStorageConfig = map[string]string{ - "storagePrefix": "StoragePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located.", -} - -func (EtcdStorageConfig) SwaggerDoc() map[string]string { - return map_EtcdStorageConfig -} - -var map_GenericAPIServerConfig = map[string]string{ - "": "GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd", - "servingInfo": "servingInfo describes how to start serving", - "corsAllowedOrigins": "corsAllowedOrigins", - "auditConfig": "auditConfig describes how to configure audit information", - "storageConfig": "storageConfig contains information about how to use", - "admission": "admissionConfig holds information about how to configure admission.", -} - -func (GenericAPIServerConfig) SwaggerDoc() map[string]string { - return map_GenericAPIServerConfig -} - -var map_GenericControllerConfig = map[string]string{ - "": "GenericControllerConfig provides information to configure a controller", - "servingInfo": "ServingInfo is the HTTP serving information for the controller's endpoints", - "leaderElection": "leaderElection provides information to elect a leader. Only override this if you have a specific need", - "authentication": "authentication allows configuration of authentication for the endpoints", - "authorization": "authorization allows configuration of authentication for the endpoints", -} - -func (GenericControllerConfig) SwaggerDoc() map[string]string { - return map_GenericControllerConfig -} - -var map_HTTPServingInfo = map[string]string{ - "": "HTTPServingInfo holds configuration for serving HTTP", - "maxRequestsInFlight": "MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", - "requestTimeoutSeconds": "RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", -} - -func (HTTPServingInfo) SwaggerDoc() map[string]string { - return map_HTTPServingInfo -} - -var map_KubeClientConfig = map[string]string{ - "kubeConfig": "kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config", - "connectionOverrides": "connectionOverrides specifies client overrides for system components to loop back to this master.", -} - -func (KubeClientConfig) SwaggerDoc() map[string]string { - return map_KubeClientConfig -} - -var map_LeaderElection = map[string]string{ - "": "LeaderElection provides information to elect a leader", - "disable": "disable allows leader election to be suspended while allowing a fully defaulted \"normal\" startup case.", - "namespace": "namespace indicates which namespace the resource is in", - "name": "name indicates what name to use for the resource", - "leaseDuration": "leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled.", - "renewDeadline": "renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.", - "retryPeriod": "retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.", -} - -func (LeaderElection) SwaggerDoc() map[string]string { - return map_LeaderElection -} - -var map_NamedCertificate = map[string]string{ - "": "NamedCertificate specifies a certificate/key, and the names it should be served for", - "names": "Names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", -} - -func (NamedCertificate) SwaggerDoc() map[string]string { - return map_NamedCertificate -} - -var map_RemoteConnectionInfo = map[string]string{ - "": "RemoteConnectionInfo holds information necessary for establishing a remote connection", - "url": "URL is the remote URL to connect to", - "ca": "CA is the CA for verifying TLS connections", -} - -func (RemoteConnectionInfo) SwaggerDoc() map[string]string { - return map_RemoteConnectionInfo -} - -var map_SecretNameReference = map[string]string{ - "": "SecretNameReference references a secret in a specific namespace. The namespace must be specified at the point of use.", - "name": "name is the metadata.name of the referenced secret", -} - -func (SecretNameReference) SwaggerDoc() map[string]string { - return map_SecretNameReference -} - -var map_ServingInfo = map[string]string{ - "": "ServingInfo holds information about serving web pages", - "bindAddress": "BindAddress is the ip:port to serve on", - "bindNetwork": "BindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", - "clientCA": "ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", - "namedCertificates": "NamedCertificates is a list of certificates to use to secure requests to specific hostnames", - "minTLSVersion": "MinTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", - "cipherSuites": "CipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", -} - -func (ServingInfo) SwaggerDoc() map[string]string { - return map_ServingInfo -} - -var map_StringSource = map[string]string{ - "": "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", -} - -func (StringSource) SwaggerDoc() map[string]string { - return map_StringSource -} - -var map_StringSourceSpec = map[string]string{ - "": "StringSourceSpec specifies a string value, or external location", - "value": "Value specifies the cleartext value, or an encrypted value if keyFile is specified.", - "env": "Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", - "file": "File references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", - "keyFile": "KeyFile references a file containing the key to use to decrypt the value.", -} - -func (StringSourceSpec) SwaggerDoc() map[string]string { - return map_StringSourceSpec -} - -var map_APIServer = map[string]string{ - "": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.", -} - -func (APIServer) SwaggerDoc() map[string]string { - return map_APIServer -} - -var map_APIServerEncryption = map[string]string{ - "type": "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices.\n\nWhen encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is:\n\n 1. secrets\n 2. configmaps\n 3. routes.route.openshift.io\n 4. oauthaccesstokens.oauth.openshift.io\n 5. oauthauthorizetokens.oauth.openshift.io", -} - -func (APIServerEncryption) SwaggerDoc() map[string]string { - return map_APIServerEncryption -} - -var map_APIServerNamedServingCert = map[string]string{ - "": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", - "names": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", - "servingCertificate": "servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data[\"tls.key\"] - TLS private key. - Secret.Data[\"tls.crt\"] - TLS certificate.", -} - -func (APIServerNamedServingCert) SwaggerDoc() map[string]string { - return map_APIServerNamedServingCert -} - -var map_APIServerServingCerts = map[string]string{ - "namedCertificates": "namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.", -} - -func (APIServerServingCerts) SwaggerDoc() map[string]string { - return map_APIServerServingCerts -} - -var map_APIServerSpec = map[string]string{ - "servingCerts": "servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.", - "clientCA": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", - "additionalCORSAllowedOrigins": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", - "encryption": "encryption allows the configuration of encryption of resources at the datastore layer.", - "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nIf unset, a default (which may change between releases) is chosen. Note that only Old and Intermediate profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.", -} - -func (APIServerSpec) SwaggerDoc() map[string]string { - return map_APIServerSpec -} - -var map_Authentication = map[string]string{ - "": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (Authentication) SwaggerDoc() map[string]string { - return map_Authentication -} - -var map_AuthenticationSpec = map[string]string{ - "type": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", - "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", - "webhookTokenAuthenticators": "webhookTokenAuthenticators configures remote token reviewers. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. The namespace for these secrets is openshift-config.", - "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is auth.openshift.io.", -} - -func (AuthenticationSpec) SwaggerDoc() map[string]string { - return map_AuthenticationSpec -} - -var map_AuthenticationStatus = map[string]string{ - "integratedOAuthMetadata": "integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key \"oauthMetadata\" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.", -} - -func (AuthenticationStatus) SwaggerDoc() map[string]string { - return map_AuthenticationStatus -} - -var map_WebhookTokenAuthenticator = map[string]string{ - "": "webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator", - "kubeConfig": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", -} - -func (WebhookTokenAuthenticator) SwaggerDoc() map[string]string { - return map_WebhookTokenAuthenticator -} - -var map_Build = map[string]string{ - "": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"", - "spec": "Spec holds user-settable values for the build controller configuration", -} - -func (Build) SwaggerDoc() map[string]string { - return map_Build -} - -var map_BuildDefaults = map[string]string{ - "defaultProxy": "DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download.\n\nValues can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy.", - "gitProxy": "GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone.\n\nValues that are not set here will be inherited from DefaultProxy.", - "env": "Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", - "imageLabels": "ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", - "resources": "Resources defines resource requirements to execute the build.", -} - -func (BuildDefaults) SwaggerDoc() map[string]string { - return map_BuildDefaults -} - -var map_BuildOverrides = map[string]string{ - "imageLabels": "ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", - "nodeSelector": "NodeSelector is a selector which must be true for the build pod to fit on a node", - "tolerations": "Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", -} - -func (BuildOverrides) SwaggerDoc() map[string]string { - return map_BuildOverrides -} - -var map_BuildSpec = map[string]string{ - "additionalTrustedCA": "AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config.\n\nDEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead.", - "buildDefaults": "BuildDefaults controls the default information for Builds", - "buildOverrides": "BuildOverrides controls override settings for builds", -} - -func (BuildSpec) SwaggerDoc() map[string]string { - return map_BuildSpec -} - -var map_ImageLabel = map[string]string{ - "name": "Name defines the name of the label. It must have non-zero length.", - "value": "Value defines the literal value of the label.", -} - -func (ImageLabel) SwaggerDoc() map[string]string { - return map_ImageLabel -} - -var map_ClusterOperator = map[string]string{ - "": "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster.", - "spec": "spec holds configuration that could apply to any operator.", - "status": "status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.", -} - -func (ClusterOperator) SwaggerDoc() map[string]string { - return map_ClusterOperator -} - -var map_ClusterOperatorList = map[string]string{ - "": "ClusterOperatorList is a list of OperatorStatus resources.", -} - -func (ClusterOperatorList) SwaggerDoc() map[string]string { - return map_ClusterOperatorList -} - -var map_ClusterOperatorSpec = map[string]string{ - "": "ClusterOperatorSpec is empty for now, but you could imagine holding information like \"pause\".", -} - -func (ClusterOperatorSpec) SwaggerDoc() map[string]string { - return map_ClusterOperatorSpec -} - -var map_ClusterOperatorStatus = map[string]string{ - "": "ClusterOperatorStatus provides information about the status of the operator.", - "conditions": "conditions describes the state of the operator's managed and monitored components.", - "versions": "versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name \"operator\". An operator reports a new \"operator\" version when it has rolled out the new version to all of its operands.", - "relatedObjects": "relatedObjects is a list of objects that are \"interesting\" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces", - "extension": "extension contains any additional status information specific to the operator which owns this status object.", -} - -func (ClusterOperatorStatus) SwaggerDoc() map[string]string { - return map_ClusterOperatorStatus -} - -var map_ClusterOperatorStatusCondition = map[string]string{ - "": "ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.", - "type": "type specifies the aspect reported by this condition.", - "status": "status of the condition, one of True, False, Unknown.", - "lastTransitionTime": "lastTransitionTime is the time of the last update to the current status property.", - "reason": "reason is the CamelCase reason for the condition's current status.", - "message": "message provides additional information about the current condition. This is only to be consumed by humans.", -} - -func (ClusterOperatorStatusCondition) SwaggerDoc() map[string]string { - return map_ClusterOperatorStatusCondition -} - -var map_ObjectReference = map[string]string{ - "": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "group": "group of the referent.", - "resource": "resource of the referent.", - "namespace": "namespace of the referent.", - "name": "name of the referent.", -} - -func (ObjectReference) SwaggerDoc() map[string]string { - return map_ObjectReference -} - -var map_OperandVersion = map[string]string{ - "name": "name is the name of the particular operand this version is for. It usually matches container images, not operators.", - "version": "version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0", -} - -func (OperandVersion) SwaggerDoc() map[string]string { - return map_OperandVersion -} - -var map_ClusterVersion = map[string]string{ - "": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.", - "spec": "spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.", - "status": "status contains information about the available updates and any in-progress updates.", -} - -func (ClusterVersion) SwaggerDoc() map[string]string { - return map_ClusterVersion -} - -var map_ClusterVersionList = map[string]string{ - "": "ClusterVersionList is a list of ClusterVersion resources.", -} - -func (ClusterVersionList) SwaggerDoc() map[string]string { - return map_ClusterVersionList -} - -var map_ClusterVersionSpec = map[string]string{ - "": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", - "clusterID": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", - "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. You may specify the version field without setting image if an update exists with that version in the availableUpdates or history.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", - "upstream": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", - "channel": "channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.", - "overrides": "overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.", -} - -func (ClusterVersionSpec) SwaggerDoc() map[string]string { - return map_ClusterVersionSpec -} - -var map_ClusterVersionStatus = map[string]string{ - "": "ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing.", - "desired": "desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.", - "history": "history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.", - "observedGeneration": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.", - "versionHash": "versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.", - "conditions": "conditions provides information about the cluster version. The condition \"Available\" is set to true if the desiredUpdate has been reached. The condition \"Progressing\" is set to true if an update is being applied. The condition \"Degraded\" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.", - "availableUpdates": "availableUpdates contains the list of updates that are appropriate for this cluster. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", -} - -func (ClusterVersionStatus) SwaggerDoc() map[string]string { - return map_ClusterVersionStatus -} - -var map_ComponentOverride = map[string]string{ - "": "ComponentOverride allows overriding cluster version operator's behavior for a component.", - "kind": "kind indentifies which object to override.", - "group": "group identifies the API group that the kind is in.", - "namespace": "namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.", - "name": "name is the component's name.", - "unmanaged": "unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false", -} - -func (ComponentOverride) SwaggerDoc() map[string]string { - return map_ComponentOverride -} - -var map_Update = map[string]string{ - "": "Update represents a release of the ClusterVersionOperator, referenced by the Image member.", - "version": "version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified.", - "image": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", - "force": "force allows an administrator to update to an image that has failed verification, does not appear in the availableUpdates list, or otherwise would be blocked by normal protections on update. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.\n\nThis flag does not override other forms of consistency checking that are required before a new update is deployed.", -} - -func (Update) SwaggerDoc() map[string]string { - return map_Update -} - -var map_UpdateHistory = map[string]string{ - "": "UpdateHistory is a single attempted update to the cluster.", - "state": "state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).", - "startedTime": "startedTime is the time at which the update was started.", - "completionTime": "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", - "version": "version is a semantic versioning identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", - "image": "image is a container image location that contains the update. This value is always populated.", - "verified": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted.", -} - -func (UpdateHistory) SwaggerDoc() map[string]string { - return map_UpdateHistory -} - -var map_Console = map[string]string{ - "": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (Console) SwaggerDoc() map[string]string { - return map_Console -} - -var map_ConsoleAuthentication = map[string]string{ - "": "ConsoleAuthentication defines a list of optional configuration for console authentication.", - "logoutRedirect": "An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user's token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.", -} - -func (ConsoleAuthentication) SwaggerDoc() map[string]string { - return map_ConsoleAuthentication -} - -var map_ConsoleSpec = map[string]string{ - "": "ConsoleSpec is the specification of the desired behavior of the Console.", -} - -func (ConsoleSpec) SwaggerDoc() map[string]string { - return map_ConsoleSpec -} - -var map_ConsoleStatus = map[string]string{ - "": "ConsoleStatus defines the observed status of the Console.", - "consoleURL": "The URL for the console. This will be derived from the host for the route that is created for the console.", -} - -func (ConsoleStatus) SwaggerDoc() map[string]string { - return map_ConsoleStatus -} - -var map_DNS = map[string]string{ - "": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (DNS) SwaggerDoc() map[string]string { - return map_DNS -} - -var map_DNSSpec = map[string]string{ - "baseDomain": "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", - "publicZone": "publicZone is the location where all the DNS records that are publicly accessible to the internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", - "privateZone": "privateZone is the location where all the DNS records that are only available internally to the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", -} - -func (DNSSpec) SwaggerDoc() map[string]string { - return map_DNSSpec -} - -var map_DNSZone = map[string]string{ - "": "DNSZone is used to define a DNS hosted zone. A zone can be identified by an ID or tags.", - "id": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", - "tags": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", -} - -func (DNSZone) SwaggerDoc() map[string]string { - return map_DNSZone -} - -var map_CustomFeatureGates = map[string]string{ - "enabled": "enabled is a list of all feature gates that you want to force on", - "disabled": "disabled is a list of all feature gates that you want to force off", -} - -func (CustomFeatureGates) SwaggerDoc() map[string]string { - return map_CustomFeatureGates -} - -var map_FeatureGate = map[string]string{ - "": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (FeatureGate) SwaggerDoc() map[string]string { - return map_FeatureGate -} - -var map_FeatureGateSelection = map[string]string{ - "featureSet": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", - "customNoUpgrade": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", -} - -func (FeatureGateSelection) SwaggerDoc() map[string]string { - return map_FeatureGateSelection -} - -var map_Image = map[string]string{ - "": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (Image) SwaggerDoc() map[string]string { - return map_Image -} - -var map_ImageSpec = map[string]string{ - "allowedRegistriesForImport": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", - "externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", - "additionalTrustedCA": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.", - "registrySources": "registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.", -} - -func (ImageSpec) SwaggerDoc() map[string]string { - return map_ImageSpec -} - -var map_ImageStatus = map[string]string{ - "internalRegistryHostname": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. This value is set by the image registry operator which controls the internal registry hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this setting overrides the environment variable.", - "externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", -} - -func (ImageStatus) SwaggerDoc() map[string]string { - return map_ImageStatus -} - -var map_RegistryLocation = map[string]string{ - "": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", - "domainName": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", - "insecure": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", -} - -func (RegistryLocation) SwaggerDoc() map[string]string { - return map_RegistryLocation -} - -var map_RegistrySources = map[string]string{ - "": "RegistrySources holds cluster-wide information about how to handle the registries config.", - "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", - "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", - "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", -} - -func (RegistrySources) SwaggerDoc() map[string]string { - return map_RegistrySources -} - -var map_AWSPlatformStatus = map[string]string{ - "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", - "region": "region holds the default AWS region for new AWS resources created by the cluster.", -} - -func (AWSPlatformStatus) SwaggerDoc() map[string]string { - return map_AWSPlatformStatus -} - -var map_AzurePlatformStatus = map[string]string{ - "": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", - "resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", - "networkResourceGroupName": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", -} - -func (AzurePlatformStatus) SwaggerDoc() map[string]string { - return map_AzurePlatformStatus -} - -var map_BareMetalPlatformStatus = map[string]string{ - "": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", - "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", - "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", -} - -func (BareMetalPlatformStatus) SwaggerDoc() map[string]string { - return map_BareMetalPlatformStatus -} - -var map_GCPPlatformStatus = map[string]string{ - "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", - "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", - "region": "region holds the region for new GCP resources created for the cluster.", -} - -func (GCPPlatformStatus) SwaggerDoc() map[string]string { - return map_GCPPlatformStatus -} - -var map_IBMCloudPlatformStatus = map[string]string{ - "": "IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider.", - "location": "Location is where the cluster has been deployed", - "resourceGroupName": "ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", - "providerType": "ProviderType indicates the type of cluster that was created", -} - -func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { - return map_IBMCloudPlatformStatus -} - -var map_Infrastructure = map[string]string{ - "": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (Infrastructure) SwaggerDoc() map[string]string { - return map_Infrastructure -} - -var map_InfrastructureList = map[string]string{ - "": "InfrastructureList is", -} - -func (InfrastructureList) SwaggerDoc() map[string]string { - return map_InfrastructureList -} - -var map_InfrastructureSpec = map[string]string{ - "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", - "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.", -} - -func (InfrastructureSpec) SwaggerDoc() map[string]string { - return map_InfrastructureSpec -} - -var map_InfrastructureStatus = map[string]string{ - "": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", - "infrastructureName": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", - "platform": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", - "platformStatus": "platformStatus holds status information specific to the underlying infrastructure provider.", - "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery", - "apiServerURL": "apiServerURL is a valid URI with scheme(http/https), address and port. apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", - "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme(http/https), address and port. apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", -} - -func (InfrastructureStatus) SwaggerDoc() map[string]string { - return map_InfrastructureStatus -} - -var map_OpenStackPlatformStatus = map[string]string{ - "": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", - "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", - "cloudName": "cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).", - "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", -} - -func (OpenStackPlatformStatus) SwaggerDoc() map[string]string { - return map_OpenStackPlatformStatus -} - -var map_OvirtPlatformStatus = map[string]string{ - "": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", - "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", - "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for oVirt deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", -} - -func (OvirtPlatformStatus) SwaggerDoc() map[string]string { - return map_OvirtPlatformStatus -} - -var map_PlatformStatus = map[string]string{ - "": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", - "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", - "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", - "azure": "Azure contains settings specific to the Azure infrastructure provider.", - "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", - "baremetal": "BareMetal contains settings specific to the BareMetal platform.", - "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", - "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", - "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", - "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", -} - -func (PlatformStatus) SwaggerDoc() map[string]string { - return map_PlatformStatus -} - -var map_VSpherePlatformStatus = map[string]string{ - "": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", - "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", - "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", -} - -func (VSpherePlatformStatus) SwaggerDoc() map[string]string { - return map_VSpherePlatformStatus -} - -var map_Ingress = map[string]string{ - "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (Ingress) SwaggerDoc() map[string]string { - return map_Ingress -} - -var map_IngressSpec = map[string]string{ - "domain": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", -} - -func (IngressSpec) SwaggerDoc() map[string]string { - return map_IngressSpec -} - -var map_ClusterNetworkEntry = map[string]string{ - "": "ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.", - "cidr": "The complete block for pod IPs.", - "hostPrefix": "The size (prefix) of block to allocate to each node.", -} - -func (ClusterNetworkEntry) SwaggerDoc() map[string]string { - return map_ClusterNetworkEntry -} - -var map_ExternalIPConfig = map[string]string{ - "": "ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field of a Service resource.", - "policy": "policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.", - "autoAssignCIDRs": "autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called \"IngressIPs\". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.", -} - -func (ExternalIPConfig) SwaggerDoc() map[string]string { - return map_ExternalIPConfig -} - -var map_ExternalIPPolicy = map[string]string{ - "": "ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP field in a Service. If the zero struct is supplied, then none are permitted. The policy controller always allows automatically assigned external IPs.", - "allowedCIDRs": "allowedCIDRs is the list of allowed CIDRs.", - "rejectedCIDRs": "rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.", -} - -func (ExternalIPPolicy) SwaggerDoc() map[string]string { - return map_ExternalIPPolicy -} - -var map_Network = map[string]string{ - "": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.", - "spec": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (Network) SwaggerDoc() map[string]string { - return map_Network -} - -var map_NetworkSpec = map[string]string{ - "": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", - "clusterNetwork": "IP address pool to use for pod IPs. This field is immutable after installation.", - "serviceNetwork": "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.", - "networkType": "NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.", - "externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", -} - -func (NetworkSpec) SwaggerDoc() map[string]string { - return map_NetworkSpec -} - -var map_NetworkStatus = map[string]string{ - "": "NetworkStatus is the current network configuration.", - "clusterNetwork": "IP address pool to use for pod IPs.", - "serviceNetwork": "IP address pool for services. Currently, we only support a single entry here.", - "networkType": "NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).", - "clusterNetworkMTU": "ClusterNetworkMTU is the MTU for inter-pod networking.", -} - -func (NetworkStatus) SwaggerDoc() map[string]string { - return map_NetworkStatus -} - -var map_BasicAuthIdentityProvider = map[string]string{ - "": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials", -} - -func (BasicAuthIdentityProvider) SwaggerDoc() map[string]string { - return map_BasicAuthIdentityProvider -} - -var map_GitHubIdentityProvider = map[string]string{ - "": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials", - "clientID": "clientID is the oauth client ID", - "clientSecret": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "organizations": "organizations optionally restricts which organizations are allowed to log in", - "teams": "teams optionally restricts which teams are allowed to log in. Format is /.", - "hostname": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.", - "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.", -} - -func (GitHubIdentityProvider) SwaggerDoc() map[string]string { - return map_GitHubIdentityProvider -} - -var map_GitLabIdentityProvider = map[string]string{ - "": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials", - "clientID": "clientID is the oauth client ID", - "clientSecret": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "url": "url is the oauth server base URL", - "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", -} - -func (GitLabIdentityProvider) SwaggerDoc() map[string]string { - return map_GitLabIdentityProvider -} - -var map_GoogleIdentityProvider = map[string]string{ - "": "GoogleIdentityProvider provides identities for users authenticating using Google credentials", - "clientID": "clientID is the oauth client ID", - "clientSecret": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "hostedDomain": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", -} - -func (GoogleIdentityProvider) SwaggerDoc() map[string]string { - return map_GoogleIdentityProvider -} - -var map_HTPasswdIdentityProvider = map[string]string{ - "": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials", - "fileData": "fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key \"htpasswd\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", -} - -func (HTPasswdIdentityProvider) SwaggerDoc() map[string]string { - return map_HTPasswdIdentityProvider -} - -var map_IdentityProvider = map[string]string{ - "": "IdentityProvider provides identities for users authenticating using credentials", - "name": "name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal \".\" or \"..\" or contain \"/\" or \"%\" or \":\"\n Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName", - "mappingMethod": "mappingMethod determines how identities from this provider are mapped to users Defaults to \"claim\"", -} - -func (IdentityProvider) SwaggerDoc() map[string]string { - return map_IdentityProvider -} - -var map_IdentityProviderConfig = map[string]string{ - "": "IdentityProviderConfig contains configuration for using a specific identity provider", - "type": "type identifies the identity provider type for this entry.", - "basicAuth": "basicAuth contains configuration options for the BasicAuth IdP", - "github": "github enables user authentication using GitHub credentials", - "gitlab": "gitlab enables user authentication using GitLab credentials", - "google": "google enables user authentication using Google credentials", - "htpasswd": "htpasswd enables user authentication using an HTPasswd file to validate credentials", - "keystone": "keystone enables user authentication using keystone password credentials", - "ldap": "ldap enables user authentication using LDAP credentials", - "openID": "openID enables user authentication using OpenID credentials", - "requestHeader": "requestHeader enables user authentication using request header credentials", -} - -func (IdentityProviderConfig) SwaggerDoc() map[string]string { - return map_IdentityProviderConfig -} - -var map_KeystoneIdentityProvider = map[string]string{ - "": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials", - "domainName": "domainName is required for keystone v3", -} - -func (KeystoneIdentityProvider) SwaggerDoc() map[string]string { - return map_KeystoneIdentityProvider -} - -var map_LDAPAttributeMapping = map[string]string{ - "": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", - "id": "id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is \"dn\"", - "preferredUsername": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", - "name": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", - "email": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", -} - -func (LDAPAttributeMapping) SwaggerDoc() map[string]string { - return map_LDAPAttributeMapping -} - -var map_LDAPIdentityProvider = map[string]string{ - "": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials", - "url": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter", - "bindDN": "bindDN is an optional DN to bind with during the search phase.", - "bindPassword": "bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key \"bindPassword\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "insecure": "insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme \"ldaps://\" as \"ldaps://\" URLs always\n attempt to connect using TLS, even when `insecure` is set to `true`\nWhen `true`, \"ldap://\" URLS connect insecurely. When `false`, \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.", - "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "attributes": "attributes maps LDAP attributes to identities", -} - -func (LDAPIdentityProvider) SwaggerDoc() map[string]string { - return map_LDAPIdentityProvider -} - -var map_OAuth = map[string]string{ - "": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.", -} - -func (OAuth) SwaggerDoc() map[string]string { - return map_OAuth -} - -var map_OAuthRemoteConnectionInfo = map[string]string{ - "": "OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection", - "url": "url is the remote URL to connect to", - "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "tlsClientCert": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "tlsClientKey": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", -} - -func (OAuthRemoteConnectionInfo) SwaggerDoc() map[string]string { - return map_OAuthRemoteConnectionInfo -} - -var map_OAuthSpec = map[string]string{ - "": "OAuthSpec contains desired cluster auth configuration", - "identityProviders": "identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.", - "tokenConfig": "tokenConfig contains options for authorization and access tokens", - "templates": "templates allow you to customize pages like the login page.", -} - -func (OAuthSpec) SwaggerDoc() map[string]string { - return map_OAuthSpec -} - -var map_OAuthStatus = map[string]string{ - "": "OAuthStatus shows current known state of OAuth server in the cluster", -} - -func (OAuthStatus) SwaggerDoc() map[string]string { - return map_OAuthStatus -} - -var map_OAuthTemplates = map[string]string{ - "": "OAuthTemplates allow for customization of pages like the login page", - "login": "login is the name of a secret that specifies a go template to use to render the login page. The key \"login.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.", - "providerSelection": "providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key \"providers.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.", - "error": "error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key \"errors.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.", -} - -func (OAuthTemplates) SwaggerDoc() map[string]string { - return map_OAuthTemplates -} - -var map_OpenIDClaims = map[string]string{ - "": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", - "preferredUsername": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim", - "name": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", - "email": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", -} - -func (OpenIDClaims) SwaggerDoc() map[string]string { - return map_OpenIDClaims -} - -var map_OpenIDIdentityProvider = map[string]string{ - "": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials", - "clientID": "clientID is the oauth client ID", - "clientSecret": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "extraScopes": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", - "extraAuthorizeParameters": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", - "issuer": "issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component.", - "claims": "claims mappings", -} - -func (OpenIDIdentityProvider) SwaggerDoc() map[string]string { - return map_OpenIDIdentityProvider -} - -var map_RequestHeaderIdentityProvider = map[string]string{ - "": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials", - "loginURL": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when login is set to true.", - "challengeURL": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when challenge is set to true.", - "ca": "ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key \"ca.crt\" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.", - "clientCommonNames": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", - "headers": "headers is the set of headers to check for identity information", - "preferredUsernameHeaders": "preferredUsernameHeaders is the set of headers to check for the preferred username", - "nameHeaders": "nameHeaders is the set of headers to check for the display name", - "emailHeaders": "emailHeaders is the set of headers to check for the email address", -} - -func (RequestHeaderIdentityProvider) SwaggerDoc() map[string]string { - return map_RequestHeaderIdentityProvider -} - -var map_TokenConfig = map[string]string{ - "": "TokenConfig holds the necessary configuration options for authorization and access tokens", - "accessTokenMaxAgeSeconds": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", - "accessTokenInactivityTimeoutSeconds": "accessTokenInactivityTimeoutSeconds defines the default token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Valid values are integer values:\n x < 0 Tokens time out is enabled but tokens never timeout unless configured per client (e.g. `-1`)\n x = 0 Tokens time out is disabled (default)\n x > 0 Tokens time out if there is no activity for x seconds\nThe current minimum allowed value for X is 300 (5 minutes)", -} - -func (TokenConfig) SwaggerDoc() map[string]string { - return map_TokenConfig -} - -var map_HubSource = map[string]string{ - "": "HubSource is used to specify the hub source and its configuration", - "name": "name is the name of one of the default hub sources", - "disabled": "disabled is used to disable a default hub source on cluster", -} - -func (HubSource) SwaggerDoc() map[string]string { - return map_HubSource -} - -var map_HubSourceStatus = map[string]string{ - "": "HubSourceStatus is used to reflect the current state of applying the configuration to a default source", - "status": "status indicates success or failure in applying the configuration", - "message": "message provides more information regarding failures", -} - -func (HubSourceStatus) SwaggerDoc() map[string]string { - return map_HubSourceStatus -} - -var map_OperatorHub = map[string]string{ - "": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.", -} - -func (OperatorHub) SwaggerDoc() map[string]string { - return map_OperatorHub -} - -var map_OperatorHubList = map[string]string{ - "": "OperatorHubList contains a list of OperatorHub", -} - -func (OperatorHubList) SwaggerDoc() map[string]string { - return map_OperatorHubList -} - -var map_OperatorHubSpec = map[string]string{ - "": "OperatorHubSpec defines the desired state of OperatorHub", - "disableAllDefaultSources": "disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source.", - "sources": "sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block.", -} - -func (OperatorHubSpec) SwaggerDoc() map[string]string { - return map_OperatorHubSpec -} - -var map_OperatorHubStatus = map[string]string{ - "": "OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here.", - "sources": "sources encapsulates the result of applying the configuration for each hub source", -} - -func (OperatorHubStatus) SwaggerDoc() map[string]string { - return map_OperatorHubStatus -} - -var map_Project = map[string]string{ - "": "Project holds cluster-wide information about Project. The canonical name is `cluster`", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (Project) SwaggerDoc() map[string]string { - return map_Project -} - -var map_ProjectSpec = map[string]string{ - "": "ProjectSpec holds the project creation configuration.", - "projectRequestMessage": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", - "projectRequestTemplate": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.", -} - -func (ProjectSpec) SwaggerDoc() map[string]string { - return map_ProjectSpec -} - -var map_TemplateReference = map[string]string{ - "": "TemplateReference references a template in a specific namespace. The namespace must be specified at the point of use.", - "name": "name is the metadata.name of the referenced project request template", -} - -func (TemplateReference) SwaggerDoc() map[string]string { - return map_TemplateReference -} - -var map_Proxy = map[string]string{ - "": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`", - "spec": "Spec holds user-settable values for the proxy configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (Proxy) SwaggerDoc() map[string]string { - return map_Proxy -} - -var map_ProxySpec = map[string]string{ - "": "ProxySpec contains cluster proxy creation configuration.", - "httpProxy": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", - "httpsProxy": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", - "noProxy": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in an env var.", - "readinessEndpoints": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", - "trustedCA": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well.\n\nThe namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1 kind: ConfigMap metadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |", -} - -func (ProxySpec) SwaggerDoc() map[string]string { - return map_ProxySpec -} - -var map_ProxyStatus = map[string]string{ - "": "ProxyStatus shows current known state of the cluster proxy.", - "httpProxy": "httpProxy is the URL of the proxy for HTTP requests.", - "httpsProxy": "httpsProxy is the URL of the proxy for HTTPS requests.", - "noProxy": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.", -} - -func (ProxyStatus) SwaggerDoc() map[string]string { - return map_ProxyStatus -} - -var map_Scheduler = map[string]string{ - "": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.", - "spec": "spec holds user settable values for configuration", - "status": "status holds observed values from the cluster. They may not be overridden.", -} - -func (Scheduler) SwaggerDoc() map[string]string { - return map_Scheduler -} - -var map_SchedulerSpec = map[string]string{ - "policy": "policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", - "defaultNodeSelector": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces without a specified nodeSelector value. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", - "mastersSchedulable": "MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", -} - -func (SchedulerSpec) SwaggerDoc() map[string]string { - return map_SchedulerSpec -} - -var map_CustomTLSProfile = map[string]string{ - "": "CustomTLSProfile is a user-defined TLS security profile. Be extremely careful using a custom TLS profile as invalid configurations can be catastrophic.", -} - -func (CustomTLSProfile) SwaggerDoc() map[string]string { - return map_CustomTLSProfile -} - -var map_IntermediateTLSProfile = map[string]string{ - "": "IntermediateTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29", -} - -func (IntermediateTLSProfile) SwaggerDoc() map[string]string { - return map_IntermediateTLSProfile -} - -var map_ModernTLSProfile = map[string]string{ - "": "ModernTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility", -} - -func (ModernTLSProfile) SwaggerDoc() map[string]string { - return map_ModernTLSProfile -} - -var map_OldTLSProfile = map[string]string{ - "": "OldTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility", -} - -func (OldTLSProfile) SwaggerDoc() map[string]string { - return map_OldTLSProfile -} - -var map_TLSProfileSpec = map[string]string{ - "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", - "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: TLSv1.1\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", -} - -func (TLSProfileSpec) SwaggerDoc() map[string]string { - return map_TLSProfileSpec -} - -var map_TLSSecurityProfile = map[string]string{ - "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", - "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n\nNote that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", - "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n minTLSVersion: TLSv1.0", - "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n minTLSVersion: TLSv1.2", - "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n minTLSVersion: TLSv1.3\n\nNOTE: Currently unsupported.", - "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n minTLSVersion: TLSv1.1", -} - -func (TLSSecurityProfile) SwaggerDoc() map[string]string { - return map_TLSSecurityProfile -} - -// AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/seccomp/containers-golang/.gitignore b/vendor/github.com/seccomp/containers-golang/.gitignore index 2cad96a1655..e433eef8887 100644 --- a/vendor/github.com/seccomp/containers-golang/.gitignore +++ b/vendor/github.com/seccomp/containers-golang/.gitignore @@ -1,2 +1,2 @@ -default.json -fixtures +*.orig +generate diff --git a/vendor/github.com/seccomp/containers-golang/LICENSE b/vendor/github.com/seccomp/containers-golang/LICENSE new file mode 100644 index 00000000000..bd465fcf0a6 --- /dev/null +++ b/vendor/github.com/seccomp/containers-golang/LICENSE @@ -0,0 +1,190 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2018-2019 github.com/seccomp authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/seccomp/containers-golang/Makefile b/vendor/github.com/seccomp/containers-golang/Makefile index 88569e87b27..2d91917f956 100644 --- a/vendor/github.com/seccomp/containers-golang/Makefile +++ b/vendor/github.com/seccomp/containers-golang/Makefile @@ -1,3 +1,5 @@ +export GO111MODULE=off + TAGS ?= seccomp BUILDFLAGS := -tags "$(AUTOTAGS) $(TAGS)" GO := go @@ -5,14 +7,26 @@ PACKAGE := github.com/seccomp/containers-golang sources := $(wildcard *.go) -default.json: $(sources) +.PHONY: seccomp.json +seccomp.json: $(sources) $(GO) build -compiler gc $(BUILDFLAGS) ./cmd/generate.go $(GO) build -compiler gc ./cmd/generate.go $(GO) run ${BUILDFLAGS} cmd/generate.go -all: default.json +all: seccomp.json .PHONY: test-unit test-unit: - $(GO) test $(BUILDFLAGS) $(shell $(GO) list ./... | grep -v ^$(PACKAGE)/vendor) - $(GO) test $(shell $(GO) list ./... | grep -v ^$(PACKAGE)/vendor) + $(GO) test -v $(BUILDFLAGS) $(shell $(GO) list ./... | grep -v ^$(PACKAGE)/vendor) + $(GO) test -v $(shell $(GO) list ./... | grep -v ^$(PACKAGE)/vendor) + +.PHONY: vendor +vendor: + export GO111MODULE=on \ + $(GO) mod tidy && \ + $(GO) mod vendor && \ + $(GO) mod verify + +.PHONY: clean +clean: + rm -f generate diff --git a/vendor/github.com/seccomp/containers-golang/README.md b/vendor/github.com/seccomp/containers-golang/README.md index 1012baec3a6..a442384322d 100644 --- a/vendor/github.com/seccomp/containers-golang/README.md +++ b/vendor/github.com/seccomp/containers-golang/README.md @@ -1,9 +1,13 @@ +# containers-golang + +[![CircleCI](https://circleci.com/gh/seccomp/containers-golang.svg?style=shield)](https://circleci.com/gh/seccomp/containers-golang) + `containers-golang` is a set of Go libraries used by container runtimes to generate and load seccomp mappings into the kernel. seccomp (short for secure computing mode) is a BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers. ## Building - make - Generates default.json file, which containes the whitelisted syscalls that can be used by container runtime engines like [CRI-O][cri-o], [Buildah][buildah], [Podman][podman] and [Docker][docker], and container runtimes like OCI [Runc][runc] to controll the syscalls available to containers. + make - Generates seccomp.json file, which contains the whitelisted syscalls that can be used by container runtime engines like [CRI-O][cri-o], [Buildah][buildah], [Podman][podman] and [Docker][docker], and container runtimes like OCI [Runc][runc] to controll the syscalls available to containers. ### Supported build tags @@ -13,13 +17,9 @@ seccomp (short for secure computing mode) is a BPF based syscall filter language When developing this library, please use `make` (or `make … BUILDTAGS=…`) to take advantage of the tests and validation. -## License - -ASL 2.0 - ## Contact -- IRC: #[CRI-O](irc://irc.freenode.net:6667/#cri-o) on freenode.net +- IRC: #[containers](irc://irc.freenode.net:6667/#containers) on freenode.net [cri-o]: https://github.com/kubernetes-incubator/cri-o/pulls [buildah]: https://github.com/projectatomic/buildah diff --git a/vendor/github.com/seccomp/containers-golang/go.mod b/vendor/github.com/seccomp/containers-golang/go.mod new file mode 100644 index 00000000000..2b56d46fd9c --- /dev/null +++ b/vendor/github.com/seccomp/containers-golang/go.mod @@ -0,0 +1,16 @@ +module github.com/seccomp/containers-golang + +go 1.13 + +require ( + github.com/blang/semver v3.5.1+incompatible // indirect + github.com/hashicorp/go-multierror v1.0.0 // indirect + github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 + github.com/opencontainers/runtime-tools v0.9.0 + github.com/opencontainers/selinux v1.3.0 // indirect + github.com/seccomp/libseccomp-golang v0.9.1 + github.com/sirupsen/logrus v1.4.2 // indirect + github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 // indirect + github.com/xeipuuv/gojsonschema v1.2.0 // indirect + golang.org/x/sys v0.0.0-20190921190940-14da1ac737cc +) diff --git a/vendor/github.com/seccomp/containers-golang/go.sum b/vendor/github.com/seccomp/containers-golang/go.sum new file mode 100644 index 00000000000..ba00acd0946 --- /dev/null +++ b/vendor/github.com/seccomp/containers-golang/go.sum @@ -0,0 +1,48 @@ +github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= +github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 h1:Dliu5QO+4JYWu/yMshaMU7G3JN2POGpwjJN7gjy10Go= +github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.1 h1:wY4pOY8fBdSIvs9+IDHC55thBuEulhzfSgKeC1yFvzQ= +github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.2-0.20191007145322-19e92ca81777 h1:7CkKaORyxoXsM8z56r+M0wf3uCpVGVqx4CWq7oJ/4DY= +github.com/opencontainers/runtime-spec v1.0.2-0.20191007145322-19e92ca81777/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 h1:9mv9SC7GWmRWE0J/+oD8w3GsN2KYGKtg6uwLN7hfP5E= +github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-tools v0.9.0 h1:FYgwVsKRI/H9hU32MJ/4MLOzXWodKK5zsQavY8NPMkU= +github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= +github.com/opencontainers/selinux v1.2.2 h1:Kx9J6eDG5/24A6DtUquGSpJQ+m2MUTahn4FtGEe8bFg= +github.com/opencontainers/selinux v1.2.2/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= +github.com/opencontainers/selinux v1.3.0 h1:xsI95WzPZu5exzA6JzkLSfdr/DilzOhCJOqGe5TgR0g= +github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/seccomp/libseccomp-golang v0.9.1 h1:NJjM5DNFOs0s3kYE1WUOr6G8V97sdt46rlXTMfXGWBo= +github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= +github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8= +github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xeipuuv/gojsonschema v1.1.0 h1:ngVtJC9TY/lg0AA/1k48FYhBrhRoFlEmWzsehpNAaZg= +github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= +github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0 h1:HyfiK1WMnHj5FXFXatD+Qs1A/xC2Run6RzeW1SyHxpc= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190921190940-14da1ac737cc h1:EinpED/Eb9JUgDi6pkoFjw+tz69c3lHUZr2+Va84S0w= +golang.org/x/sys v0.0.0-20190921190940-14da1ac737cc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/github.com/seccomp/containers-golang/seccomp.json b/vendor/github.com/seccomp/containers-golang/seccomp.json index fe9eda56a99..06b39024a79 100644 --- a/vendor/github.com/seccomp/containers-golang/seccomp.json +++ b/vendor/github.com/seccomp/containers-golang/seccomp.json @@ -52,6 +52,8 @@ "syscalls": [ { "names": [ + "_llseek", + "_newselect", "accept", "accept4", "access", @@ -118,6 +120,8 @@ "ftruncate64", "futex", "futimesat", + "get_robust_list", + "get_thread_area", "getcpu", "getcwd", "getdents", @@ -143,12 +147,10 @@ "getresuid", "getresuid32", "getrlimit", - "get_robust_list", "getrusage", "getsid", "getsockname", "getsockopt", - "get_thread_area", "gettid", "gettimeofday", "getuid", @@ -159,13 +161,13 @@ "inotify_init1", "inotify_rm_watch", "io_cancel", - "ioctl", "io_destroy", "io_getevents", - "ioprio_get", - "ioprio_set", "io_setup", "io_submit", + "ioctl", + "ioprio_get", + "ioprio_set", "ipc", "kill", "lchown", @@ -176,7 +178,6 @@ "listen", "listxattr", "llistxattr", - "_llseek", "lremovexattr", "lseek", "lsetxattr", @@ -194,6 +195,7 @@ "mlockall", "mmap", "mmap2", + "mount", "mprotect", "mq_getsetattr", "mq_notify", @@ -210,9 +212,9 @@ "munlock", "munlockall", "munmap", + "name_to_handle_at", "nanosleep", "newfstatat", - "_newselect", "open", "openat", "pause", @@ -234,6 +236,7 @@ "readlink", "readlinkat", "readv", + "reboot", "recv", "recvfrom", "recvmmsg", @@ -253,11 +256,11 @@ "rt_sigsuspend", "rt_sigtimedwait", "rt_tgsigqueueinfo", + "sched_get_priority_max", + "sched_get_priority_min", "sched_getaffinity", "sched_getattr", "sched_getparam", - "sched_get_priority_max", - "sched_get_priority_min", "sched_getscheduler", "sched_rr_get_interval", "sched_setaffinity", @@ -277,6 +280,9 @@ "sendmmsg", "sendmsg", "sendto", + "set_robust_list", + "set_thread_area", + "set_tid_address", "setfsgid", "setfsgid32", "setfsuid", @@ -297,11 +303,8 @@ "setreuid", "setreuid32", "setrlimit", - "set_robust_list", "setsid", "setsockopt", - "set_thread_area", - "set_tid_address", "setuid", "setuid32", "setxattr", @@ -314,7 +317,6 @@ "signalfd", "signalfd4", "sigreturn", - "socket", "socketcall", "socketpair", "splice", @@ -335,21 +337,24 @@ "time", "timer_create", "timer_delete", - "timerfd_create", - "timerfd_gettime", - "timerfd_settime", "timer_getoverrun", "timer_gettime", "timer_settime", + "timerfd_create", + "timerfd_gettime", + "timerfd_settime", "times", "tkill", "truncate", "truncate64", "ugetrlimit", "umask", + "umount", + "umount2", "uname", "unlink", "unlinkat", + "unshare", "utime", "utimensat", "utimes", @@ -359,12 +364,7 @@ "waitid", "waitpid", "write", - "writev", - "mount", - "umount2", - "reboot", - "name_to_handle_at", - "unshare" + "writev" ], "action": "SCMP_ACT_ALLOW", "args": [], @@ -768,6 +768,111 @@ ] }, "excludes": {} + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ERRNO", + "args": [ + { + "index": 0, + "value": 16, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + }, + { + "index": 2, + "value": 9, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + }, + "errnoRet": 22 + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 2, + "value": 9, + "valueTwo": 0, + "op": "SCMP_CMP_NE" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + } + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 16, + "valueTwo": 0, + "op": "SCMP_CMP_NE" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + } + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 2, + "value": 9, + "valueTwo": 0, + "op": "SCMP_CMP_NE" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + } + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ALLOW", + "args": null, + "comment": "", + "includes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + }, + "excludes": {} } ] -} +} \ No newline at end of file diff --git a/vendor/github.com/seccomp/containers-golang/seccomp_default_linux.go b/vendor/github.com/seccomp/containers-golang/seccomp_default_linux.go index fde3cff756f..2e3e337ac49 100644 --- a/vendor/github.com/seccomp/containers-golang/seccomp_default_linux.go +++ b/vendor/github.com/seccomp/containers-golang/seccomp_default_linux.go @@ -1,8 +1,14 @@ // +build seccomp +// SPDX-License-Identifier: Apache-2.0 + +// Copyright 2013-2018 Docker, Inc. + package seccomp // import "github.com/seccomp/containers-golang" import ( + "syscall" + "golang.org/x/sys/unix" ) @@ -41,9 +47,13 @@ func arches() []Architecture { // DefaultProfile defines the whitelist for the default seccomp profile. func DefaultProfile() *Seccomp { + einval := uint(syscall.EINVAL) + syscalls := []*Syscall{ { Names: []string{ + "_llseek", + "_newselect", "accept", "accept4", "access", @@ -110,6 +120,8 @@ func DefaultProfile() *Seccomp { "ftruncate64", "futex", "futimesat", + "get_robust_list", + "get_thread_area", "getcpu", "getcwd", "getdents", @@ -135,12 +147,10 @@ func DefaultProfile() *Seccomp { "getresuid", "getresuid32", "getrlimit", - "get_robust_list", "getrusage", "getsid", "getsockname", "getsockopt", - "get_thread_area", "gettid", "gettimeofday", "getuid", @@ -151,13 +161,13 @@ func DefaultProfile() *Seccomp { "inotify_init1", "inotify_rm_watch", "io_cancel", - "ioctl", "io_destroy", "io_getevents", - "ioprio_get", - "ioprio_set", "io_setup", "io_submit", + "ioctl", + "ioprio_get", + "ioprio_set", "ipc", "kill", "lchown", @@ -168,7 +178,6 @@ func DefaultProfile() *Seccomp { "listen", "listxattr", "llistxattr", - "_llseek", "lremovexattr", "lseek", "lsetxattr", @@ -206,7 +215,6 @@ func DefaultProfile() *Seccomp { "name_to_handle_at", "nanosleep", "newfstatat", - "_newselect", "open", "openat", "pause", @@ -248,11 +256,11 @@ func DefaultProfile() *Seccomp { "rt_sigsuspend", "rt_sigtimedwait", "rt_tgsigqueueinfo", + "sched_get_priority_max", + "sched_get_priority_min", "sched_getaffinity", "sched_getattr", "sched_getparam", - "sched_get_priority_max", - "sched_get_priority_min", "sched_getscheduler", "sched_rr_get_interval", "sched_setaffinity", @@ -272,6 +280,9 @@ func DefaultProfile() *Seccomp { "sendmmsg", "sendmsg", "sendto", + "set_robust_list", + "set_thread_area", + "set_tid_address", "setfsgid", "setfsgid32", "setfsuid", @@ -292,11 +303,8 @@ func DefaultProfile() *Seccomp { "setreuid", "setreuid32", "setrlimit", - "set_robust_list", "setsid", "setsockopt", - "set_thread_area", - "set_tid_address", "setuid", "setuid32", "setxattr", @@ -309,7 +317,6 @@ func DefaultProfile() *Seccomp { "signalfd", "signalfd4", "sigreturn", - "socket", "socketcall", "socketpair", "splice", @@ -330,12 +337,12 @@ func DefaultProfile() *Seccomp { "time", "timer_create", "timer_delete", - "timerfd_create", - "timerfd_gettime", - "timerfd_settime", "timer_getoverrun", "timer_gettime", "timer_settime", + "timerfd_create", + "timerfd_gettime", + "timerfd_settime", "times", "tkill", "truncate", @@ -343,9 +350,11 @@ func DefaultProfile() *Seccomp { "ugetrlimit", "umask", "umount", + "umount2", "uname", "unlink", "unlinkat", + "unshare", "utime", "utimensat", "utimes", @@ -646,6 +655,85 @@ func DefaultProfile() *Seccomp { Caps: []string{"CAP_SYS_TTY_CONFIG"}, }, }, + { + Names: []string{ + "socket", + }, + Action: ActErrno, + ErrnoRet: &einval, + Args: []*Arg{ + { + Index: 0, + Value: syscall.AF_NETLINK, + Op: OpEqualTo, + }, + { + Index: 2, + Value: syscall.NETLINK_AUDIT, + Op: OpEqualTo, + }, + }, + Excludes: Filter{ + Caps: []string{"CAP_AUDIT_WRITE"}, + }, + }, + { + Names: []string{ + "socket", + }, + Action: ActAllow, + Args: []*Arg{ + { + Index: 2, + Value: syscall.NETLINK_AUDIT, + Op: OpNotEqual, + }, + }, + Excludes: Filter{ + Caps: []string{"CAP_AUDIT_WRITE"}, + }, + }, + { + Names: []string{ + "socket", + }, + Action: ActAllow, + Args: []*Arg{ + { + Index: 0, + Value: syscall.AF_NETLINK, + Op: OpNotEqual, + }, + }, + Excludes: Filter{ + Caps: []string{"CAP_AUDIT_WRITE"}, + }, + }, + { + Names: []string{ + "socket", + }, + Action: ActAllow, + Args: []*Arg{ + { + Index: 2, + Value: syscall.NETLINK_AUDIT, + Op: OpNotEqual, + }, + }, + Excludes: Filter{ + Caps: []string{"CAP_AUDIT_WRITE"}, + }, + }, + { + Names: []string{ + "socket", + }, + Action: ActAllow, + Includes: Filter{ + Caps: []string{"CAP_AUDIT_WRITE"}, + }, + }, } return &Seccomp{ diff --git a/vendor/github.com/seccomp/containers-golang/seccomp_linux.go b/vendor/github.com/seccomp/containers-golang/seccomp_linux.go index 9a495e3e205..44dcd90b882 100644 --- a/vendor/github.com/seccomp/containers-golang/seccomp_linux.go +++ b/vendor/github.com/seccomp/containers-golang/seccomp_linux.go @@ -1,5 +1,9 @@ // +build seccomp +// SPDX-License-Identifier: Apache-2.0 + +// Copyright 2013-2018 Docker, Inc. + package seccomp // import "github.com/seccomp/containers-golang" import ( @@ -9,6 +13,7 @@ import ( "github.com/opencontainers/runtime-spec/specs-go" libseccomp "github.com/seccomp/libseccomp-golang" + "golang.org/x/sys/unix" ) //go:generate go run -tags 'seccomp' generate.go @@ -22,11 +27,25 @@ func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error) { func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error) { var config Seccomp if err := json.Unmarshal([]byte(body), &config); err != nil { - return nil, fmt.Errorf("Decoding seccomp profile failed: %v", err) + return nil, fmt.Errorf("decoding seccomp profile failed: %v", err) } return setupSeccomp(&config, rs) } +// LoadProfileFromBytes takes a byte slice and decodes the seccomp profile. +func LoadProfileFromBytes(body []byte, rs *specs.Spec) (*specs.LinuxSeccomp, error) { + config := &Seccomp{} + if err := json.Unmarshal(body, config); err != nil { + return nil, fmt.Errorf("decoding seccomp profile failed: %v", err) + } + return setupSeccomp(config, rs) +} + +// LoadProfileFromConfig takes a Seccomp struct and a spec to retrieve a LinuxSeccomp +func LoadProfileFromConfig(config *Seccomp, specgen *specs.Spec) (*specs.LinuxSeccomp, error) { + return setupSeccomp(config, specgen) +} + var nativeToSeccomp = map[string]Arch{ "amd64": ArchX86_64, "arm64": ArchAARCH64, @@ -127,21 +146,22 @@ Loop: } if call.Name != "" { - newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Name, call.Action, call.Args)) + newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall([]string{call.Name}, call.Action, call.Args, call.ErrnoRet)) } - for _, n := range call.Names { - newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(n, call.Action, call.Args)) + if len(call.Names) > 0 { + newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Names, call.Action, call.Args, call.ErrnoRet)) } } return newConfig, nil } -func createSpecsSyscall(name string, action Action, args []*Arg) specs.LinuxSyscall { +func createSpecsSyscall(names []string, action Action, args []*Arg, errnoRet *uint) specs.LinuxSyscall { newCall := specs.LinuxSyscall{ - Names: []string{name}, - Action: specs.LinuxSeccompAction(action), + Names: names, + Action: specs.LinuxSeccompAction(action), + ErrnoRet: errnoRet, } // Loop through all the arguments of the syscall and convert them @@ -157,3 +177,15 @@ func createSpecsSyscall(name string, action Action, args []*Arg) specs.LinuxSysc } return newCall } + +// IsEnabled returns true if seccomp is enabled for the host. +func IsEnabled() bool { + // Check if Seccomp is supported, via CONFIG_SECCOMP. + if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL { + // Make sure the kernel has CONFIG_SECCOMP_FILTER. + if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL { + return true + } + } + return false +} diff --git a/vendor/github.com/seccomp/containers-golang/seccomp_unsupported.go b/vendor/github.com/seccomp/containers-golang/seccomp_unsupported.go index 279340426af..936a9a641fb 100644 --- a/vendor/github.com/seccomp/containers-golang/seccomp_unsupported.go +++ b/vendor/github.com/seccomp/containers-golang/seccomp_unsupported.go @@ -1,5 +1,9 @@ // +build !seccomp +// SPDX-License-Identifier: Apache-2.0 + +// Copyright 2013-2018 Docker, Inc. + package seccomp // import "github.com/seccomp/containers-golang" import ( @@ -22,3 +26,18 @@ func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error) { func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error) { return nil, fmt.Errorf("Seccomp not supported on this platform") } + +// LoadProfileFromBytes takes a byte slice and decodes the seccomp profile. +func LoadProfileFromBytes(body []byte, rs *specs.Spec) (*specs.LinuxSeccomp, error) { + return nil, fmt.Errorf("Seccomp not supported on this platform") +} + +// LoadProfileFromConfig takes a Seccomp struct and a spec to retrieve a LinuxSeccomp +func LoadProfileFromConfig(config *Seccomp, specgen *specs.Spec) (*specs.LinuxSeccomp, error) { + return nil, fmt.Errorf("Seccomp not supported on this platform") +} + +// IsEnabled returns true if seccomp is enabled for the host. +func IsEnabled() bool { + return false +} diff --git a/vendor/github.com/seccomp/containers-golang/types.go b/vendor/github.com/seccomp/containers-golang/types.go index b549a55fe03..6651c423f31 100644 --- a/vendor/github.com/seccomp/containers-golang/types.go +++ b/vendor/github.com/seccomp/containers-golang/types.go @@ -1,5 +1,9 @@ package seccomp // import "github.com/seccomp/containers-golang" +// SPDX-License-Identifier: Apache-2.0 + +// Copyright 2013-2018 Docker, Inc. + // Seccomp represents the config for a seccomp profile for syscall restriction. type Seccomp struct { DefaultAction Action `json:"defaultAction"` @@ -90,4 +94,5 @@ type Syscall struct { Comment string `json:"comment"` Includes Filter `json:"includes"` Excludes Filter `json:"excludes"` + ErrnoRet *uint `json:"errnoRet,omitempty"` } diff --git a/vendor/github.com/seccomp/containers-golang/vendor.conf b/vendor/github.com/seccomp/containers-golang/vendor.conf deleted file mode 100644 index 6111c475bc8..00000000000 --- a/vendor/github.com/seccomp/containers-golang/vendor.conf +++ /dev/null @@ -1,9 +0,0 @@ -github.com/opencontainers/runtime-tools master -github.com/blang/semver master -github.com/hashicorp/go-multierror master -github.com/hashicorp/errwrap master -github.com/syndtr/gocapability master -github.com/xeipuuv/gojsonschema master -github.com/xeipuuv/gojsonreference master -github.com/xeipuuv/gojsonpointer master - diff --git a/vendor/github.com/vbauerster/mpb/v5/bar.go b/vendor/github.com/vbauerster/mpb/v5/bar.go index 1a4c66fe1f3..9c28a07a8eb 100644 --- a/vendor/github.com/vbauerster/mpb/v5/bar.go +++ b/vendor/github.com/vbauerster/mpb/v5/bar.go @@ -6,28 +6,15 @@ import ( "fmt" "io" "log" + "runtime/debug" "strings" "time" - "unicode/utf8" + "github.com/acarl005/stripansi" + "github.com/mattn/go-runewidth" "github.com/vbauerster/mpb/v5/decor" ) -// BarFiller interface. -// Bar renders itself by calling BarFiller's Fill method. You can -// literally have any bar kind, by implementing this interface and -// passing it to the *Progress.Add(...) *Bar method. -type BarFiller interface { - Fill(w io.Writer, width int, stat *decor.Statistics) -} - -// BarFillerFunc is function type adapter to convert function into Filler. -type BarFillerFunc func(w io.Writer, width int, stat *decor.Statistics) - -func (f BarFillerFunc) Fill(w io.Writer, width int, stat *decor.Statistics) { - f(w, width, stat) -} - // Bar represents a progress Bar. type Bar struct { priority int // used by heap @@ -55,20 +42,22 @@ type Bar struct { recoveredPanic interface{} } -type extFunc func(in io.Reader, tw int, st *decor.Statistics) (out io.Reader, lines int) +type extFunc func(in io.Reader, reqWidth int, st decor.Statistics) (out io.Reader, lines int) type bState struct { - baseF BarFiller - filler BarFiller id int - width int + priority int + reqWidth int total int64 current int64 + refill int64 lastN int64 iterated bool trimSpace bool toComplete bool completeFlushed bool + ignoreComplete bool + dropOnComplete bool noPop bool aDecorators []decor.Decorator pDecorators []decor.Decorator @@ -76,12 +65,10 @@ type bState struct { ewmaDecorators []decor.EwmaDecorator shutdownListeners []decor.ShutdownListener bufP, bufB, bufA *bytes.Buffer + filler BarFiller + middleware func(BarFiller) BarFiller extender extFunc - // priority overrides *Bar's priority, if set - priority int - // dropOnComplete propagates to *Bar - dropOnComplete bool // runningBar is a key for *pState.parkedBars runningBar *Bar @@ -145,13 +132,8 @@ func (b *Bar) Current() int64 { // Given default bar style is "[=>-]<+", refill rune is '+'. // To set bar style use mpb.BarStyle(string) BarOption. func (b *Bar) SetRefill(amount int64) { - type refiller interface { - SetRefill(int64) - } b.operateState <- func(s *bState) { - if f, ok := s.baseF.(refiller); ok { - f.SetRefill(amount) - } + s.refill = amount } } @@ -170,17 +152,18 @@ func (b *Bar) TraverseDecorators(cb func(decor.Decorator)) { } // SetTotal sets total dynamically. -// If total is less or equal to zero it takes progress' current value. -// If complete is true, complete event will be triggered. +// If total is less than or equal to zero it takes progress' current value. +// A complete flag enables or disables complete event on `current >= total`. func (b *Bar) SetTotal(total int64, complete bool) { select { case b.operateState <- func(s *bState) { + s.ignoreComplete = !complete if total <= 0 { s.total = s.current } else { s.total = total } - if complete && !s.toComplete { + if !s.ignoreComplete && !s.toComplete { s.current = s.total s.toComplete = true go b.refreshTillShutdown() @@ -197,7 +180,7 @@ func (b *Bar) SetCurrent(current int64) { s.iterated = true s.lastN = current - s.current s.current = current - if s.total > 0 && s.current >= s.total { + if !s.ignoreComplete && s.current >= s.total { s.current = s.total s.toComplete = true go b.refreshTillShutdown() @@ -224,7 +207,7 @@ func (b *Bar) IncrInt64(n int64) { s.iterated = true s.lastN = n s.current += n - if s.total > 0 && s.current >= s.total { + if !s.ignoreComplete && s.current >= s.total { s.current = s.total s.toComplete = true go b.refreshTillShutdown() @@ -316,44 +299,40 @@ func (b *Bar) serve(ctx context.Context, s *bState) { } func (b *Bar) render(tw int) { - if b.recoveredPanic != nil { - b.toShutdown = false - b.frameCh <- b.panicToFrame(tw) - return - } select { case b.operateState <- func(s *bState) { + stat := newStatistics(tw, s) defer func() { // recovering if user defined decorator panics for example if p := recover(); p != nil { - b.dlogger.Println(p) + s.extender = makePanicExtender(p) + frame, lines := s.extender(nil, s.reqWidth, stat) + b.extendedLines = lines + b.toShutdown = !b.toShutdown b.recoveredPanic = p - b.toShutdown = !s.completeFlushed - b.frameCh <- b.panicToFrame(tw) + b.frameCh <- frame + b.dlogger.Println(p) } + s.completeFlushed = s.toComplete }() - - st := newStatistics(s) - frame := s.draw(tw, st) - frame, b.extendedLines = s.extender(frame, tw, st) - + frame, lines := s.extender(s.draw(stat), s.reqWidth, stat) + b.extendedLines = lines b.toShutdown = s.toComplete && !s.completeFlushed - s.completeFlushed = s.toComplete b.frameCh <- frame }: case <-b.done: s := b.cacheState - st := newStatistics(s) - frame := s.draw(tw, st) - frame, b.extendedLines = s.extender(frame, tw, st) + stat := newStatistics(tw, s) + var r io.Reader + if b.recoveredPanic == nil { + r = s.draw(stat) + } + frame, lines := s.extender(r, s.reqWidth, stat) + b.extendedLines = lines b.frameCh <- frame } } -func (b *Bar) panicToFrame(termWidth int) io.Reader { - return strings.NewReader(fmt.Sprintf(fmt.Sprintf("%%.%dv\n", termWidth), b.recoveredPanic)) -} - func (b *Bar) subscribeDecorators() { var averageDecorators []decor.AverageDecorator var ewmaDecorators []decor.EwmaDecorator @@ -396,34 +375,41 @@ func (b *Bar) wSyncTable() [][]chan int { } } -func (s *bState) draw(termWidth int, stat *decor.Statistics) io.Reader { +func (s *bState) draw(stat decor.Statistics) io.Reader { + if !s.trimSpace { + stat.AvailableWidth -= 2 + s.bufB.WriteByte(' ') + defer s.bufB.WriteByte(' ') + } + + nlr := strings.NewReader("\n") + tw := stat.AvailableWidth for _, d := range s.pDecorators { - s.bufP.WriteString(d.Decor(stat)) + str := d.Decor(stat) + stat.AvailableWidth -= runewidth.StringWidth(stripansi.Strip(str)) + s.bufP.WriteString(str) + } + if stat.AvailableWidth <= 0 { + trunc := strings.NewReader(runewidth.Truncate(stripansi.Strip(s.bufP.String()), tw, "…")) + s.bufP.Reset() + return io.MultiReader(trunc, s.bufB, nlr) } + tw = stat.AvailableWidth for _, d := range s.aDecorators { - s.bufA.WriteString(d.Decor(stat)) + str := d.Decor(stat) + stat.AvailableWidth -= runewidth.StringWidth(stripansi.Strip(str)) + s.bufA.WriteString(str) } - - s.bufA.WriteByte('\n') - - prependCount := utf8.RuneCount(s.bufP.Bytes()) - appendCount := utf8.RuneCount(s.bufA.Bytes()) - 1 - - if fitWidth := s.width; termWidth > 1 { - if !s.trimSpace { - // reserve space for edge spaces - termWidth -= 2 - s.bufB.WriteByte(' ') - defer s.bufB.WriteByte(' ') - } - if prependCount+s.width+appendCount > termWidth { - fitWidth = termWidth - prependCount - appendCount - } - s.filler.Fill(s.bufB, fitWidth, stat) + if stat.AvailableWidth <= 0 { + trunc := strings.NewReader(runewidth.Truncate(stripansi.Strip(s.bufA.String()), tw, "…")) + s.bufA.Reset() + return io.MultiReader(s.bufP, s.bufB, trunc, nlr) } - return io.MultiReader(s.bufP, s.bufB, s.bufA) + s.filler.Fill(s.bufB, s.reqWidth, stat) + + return io.MultiReader(s.bufP, s.bufB, s.bufA, nlr) } func (s *bState) wSyncTable() [][]chan int { @@ -448,12 +434,14 @@ func (s *bState) wSyncTable() [][]chan int { return table } -func newStatistics(s *bState) *decor.Statistics { - return &decor.Statistics{ - ID: s.id, - Completed: s.completeFlushed, - Total: s.total, - Current: s.current, +func newStatistics(tw int, s *bState) decor.Statistics { + return decor.Statistics{ + ID: s.id, + AvailableWidth: tw, + Total: s.total, + Current: s.current, + Refill: s.refill, + Completed: s.completeFlushed, } } @@ -474,3 +462,17 @@ func ewmaIterationUpdate(done bool, s *bState, dur time.Duration) { d.EwmaUpdate(s.lastN, dur) } } + +func makePanicExtender(p interface{}) extFunc { + pstr := fmt.Sprint(p) + stack := debug.Stack() + stackLines := bytes.Count(stack, []byte("\n")) + return func(_ io.Reader, _ int, st decor.Statistics) (io.Reader, int) { + mr := io.MultiReader( + strings.NewReader(runewidth.Truncate(pstr, st.AvailableWidth, "…")), + strings.NewReader(fmt.Sprintf("\n%#v\n", st)), + bytes.NewReader(stack), + ) + return mr, stackLines + 1 + } +} diff --git a/vendor/github.com/vbauerster/mpb/v5/bar_filler.go b/vendor/github.com/vbauerster/mpb/v5/bar_filler.go index 00bf0a494a9..07148bffbc6 100644 --- a/vendor/github.com/vbauerster/mpb/v5/bar_filler.go +++ b/vendor/github.com/vbauerster/mpb/v5/bar_filler.go @@ -2,137 +2,29 @@ package mpb import ( "io" - "unicode/utf8" "github.com/vbauerster/mpb/v5/decor" - "github.com/vbauerster/mpb/v5/internal" ) -const ( - rLeft = iota - rFill - rTip - rEmpty - rRight - rRevTip - rRefill -) - -// DefaultBarStyle is a string containing 7 runes. -// Each rune is a building block of a progress bar. -// -// '1st rune' stands for left boundary rune -// -// '2nd rune' stands for fill rune +// BarFiller interface. +// Bar (without decorators) renders itself by calling BarFiller's Fill method. // -// '3rd rune' stands for tip rune +// `reqWidth` is requested width, which is set via: +// func WithWidth(width int) ContainerOption +// func BarWidth(width int) BarOption // -// '4th rune' stands for empty rune +// Default implementations can be obtained via: // -// '5th rune' stands for right boundary rune +// func NewBarFiller(style string, reverse bool) BarFiller +// func NewSpinnerFiller(style []string, alignment SpinnerAlignment) BarFiller // -// '6th rune' stands for reverse tip rune -// -// '7th rune' stands for refill rune -// -const DefaultBarStyle string = "[=>-]<+" - -type barFiller struct { - format [][]byte - tip []byte - refill int64 - reverse bool - flush func(w io.Writer, bb [][]byte) -} - -// NewBarFiller constucts mpb.BarFiller, to be used with *Progress.Add(...) *Bar method. -func NewBarFiller(style string, reverse bool) BarFiller { - if style == "" { - style = DefaultBarStyle - } - bf := &barFiller{ - format: make([][]byte, utf8.RuneCountInString(style)), - reverse: reverse, - } - bf.SetStyle(style) - return bf -} - -func (s *barFiller) SetStyle(style string) { - if !utf8.ValidString(style) { - return - } - src := make([][]byte, 0, utf8.RuneCountInString(style)) - for _, r := range style { - src = append(src, []byte(string(r))) - } - copy(s.format, src) - s.SetReverse(s.reverse) -} - -func (s *barFiller) SetReverse(reverse bool) { - if reverse { - s.tip = s.format[rRevTip] - s.flush = reverseFlush - } else { - s.tip = s.format[rTip] - s.flush = normalFlush - } - s.reverse = reverse +type BarFiller interface { + Fill(w io.Writer, reqWidth int, stat decor.Statistics) } -func (s *barFiller) SetRefill(amount int64) { - s.refill = amount -} - -func (s *barFiller) Fill(w io.Writer, width int, stat *decor.Statistics) { - // don't count rLeft and rRight as progress - width -= 2 - if width < 2 { - return - } - w.Write(s.format[rLeft]) - defer w.Write(s.format[rRight]) - - bb := make([][]byte, width) - - cwidth := int(internal.PercentageRound(stat.Total, stat.Current, width)) - - for i := 0; i < cwidth; i++ { - bb[i] = s.format[rFill] - } - - if s.refill > 0 { - var rwidth int - if s.refill > stat.Current { - rwidth = cwidth - } else { - rwidth = int(internal.PercentageRound(stat.Total, int64(s.refill), width)) - } - for i := 0; i < rwidth; i++ { - bb[i] = s.format[rRefill] - } - } - - if cwidth > 0 && cwidth < width { - bb[cwidth-1] = s.tip - } - - for i := cwidth; i < width; i++ { - bb[i] = s.format[rEmpty] - } - - s.flush(w, bb) -} - -func normalFlush(w io.Writer, bb [][]byte) { - for i := 0; i < len(bb); i++ { - w.Write(bb[i]) - } -} +// BarFillerFunc is function type adapter to convert function into BarFiller. +type BarFillerFunc func(w io.Writer, reqWidth int, stat decor.Statistics) -func reverseFlush(w io.Writer, bb [][]byte) { - for i := len(bb) - 1; i >= 0; i-- { - w.Write(bb[i]) - } +func (f BarFillerFunc) Fill(w io.Writer, reqWidth int, stat decor.Statistics) { + f(w, reqWidth, stat) } diff --git a/vendor/github.com/vbauerster/mpb/v5/bar_filler_bar.go b/vendor/github.com/vbauerster/mpb/v5/bar_filler_bar.go new file mode 100644 index 00000000000..637bd88ca17 --- /dev/null +++ b/vendor/github.com/vbauerster/mpb/v5/bar_filler_bar.go @@ -0,0 +1,173 @@ +package mpb + +import ( + "bytes" + "io" + "unicode/utf8" + + "github.com/mattn/go-runewidth" + "github.com/vbauerster/mpb/v5/decor" + "github.com/vbauerster/mpb/v5/internal" +) + +const ( + rLeft = iota + rFill + rTip + rSpace + rRight + rRevTip + rRefill +) + +// DefaultBarStyle is a string containing 7 runes. +// Each rune is a building block of a progress bar. +// +// '1st rune' stands for left boundary rune +// +// '2nd rune' stands for fill rune +// +// '3rd rune' stands for tip rune +// +// '4th rune' stands for space rune +// +// '5th rune' stands for right boundary rune +// +// '6th rune' stands for reverse tip rune +// +// '7th rune' stands for refill rune +// +const DefaultBarStyle string = "[=>-]<+" + +type barFiller struct { + format [][]byte + rwidth []int + tip []byte + refill int64 + reverse bool + flush func(io.Writer, *space, [][]byte) +} + +type space struct { + space []byte + rwidth int + count int +} + +// NewBarFiller constucts mpb.BarFiller, to be used with *Progress.Add(...) *Bar method. +func NewBarFiller(style string, reverse bool) BarFiller { + bf := &barFiller{ + format: make([][]byte, len(DefaultBarStyle)), + rwidth: make([]int, len(DefaultBarStyle)), + reverse: reverse, + } + bf.SetStyle(style) + return bf +} + +func (s *barFiller) SetStyle(style string) { + if !utf8.ValidString(style) { + panic("invalid bar style") + } + if style == "" { + style = DefaultBarStyle + } + src := make([][]byte, utf8.RuneCountInString(style)) + i := 0 + for _, r := range style { + s.rwidth[i] = runewidth.RuneWidth(r) + src[i] = []byte(string(r)) + i++ + } + copy(s.format, src) + s.SetReverse(s.reverse) +} + +func (s *barFiller) SetReverse(reverse bool) { + if reverse { + s.tip = s.format[rRevTip] + s.flush = reverseFlush + } else { + s.tip = s.format[rTip] + s.flush = regularFlush + } + s.reverse = reverse +} + +func (s *barFiller) Fill(w io.Writer, reqWidth int, stat decor.Statistics) { + width := internal.WidthForBarFiller(reqWidth, stat.AvailableWidth) + + if brackets := s.rwidth[rLeft] + s.rwidth[rRight]; width < brackets { + return + } else { + // don't count brackets as progress + width -= brackets + } + w.Write(s.format[rLeft]) + defer w.Write(s.format[rRight]) + + cwidth := int(internal.PercentageRound(stat.Total, stat.Current, width)) + space := &space{ + space: s.format[rSpace], + rwidth: s.rwidth[rSpace], + count: width - cwidth, + } + + index, refill := 0, 0 + bb := make([][]byte, cwidth) + + if cwidth > 0 && cwidth != width { + bb[index] = s.tip + cwidth -= s.rwidth[rTip] + index++ + } + + if stat.Refill > 0 { + refill = int(internal.PercentageRound(stat.Total, int64(stat.Refill), width)) + if refill > cwidth { + refill = cwidth + } + cwidth -= refill + } + + for cwidth > 0 { + bb[index] = s.format[rFill] + cwidth -= s.rwidth[rFill] + index++ + } + + for refill > 0 { + bb[index] = s.format[rRefill] + refill -= s.rwidth[rRefill] + index++ + } + + if cwidth+refill < 0 || space.rwidth > 1 { + buf := new(bytes.Buffer) + s.flush(buf, space, bb[:index]) + io.WriteString(w, runewidth.Truncate(buf.String(), width, "…")) + return + } + + s.flush(w, space, bb) +} + +func regularFlush(w io.Writer, space *space, bb [][]byte) { + for i := len(bb) - 1; i >= 0; i-- { + w.Write(bb[i]) + } + for space.count > 0 { + w.Write(space.space) + space.count -= space.rwidth + } +} + +func reverseFlush(w io.Writer, space *space, bb [][]byte) { + for space.count > 0 { + w.Write(space.space) + space.count -= space.rwidth + } + for i := 0; i < len(bb); i++ { + w.Write(bb[i]) + } +} diff --git a/vendor/github.com/vbauerster/mpb/v5/spinner_filler.go b/vendor/github.com/vbauerster/mpb/v5/bar_filler_spinner.go similarity index 87% rename from vendor/github.com/vbauerster/mpb/v5/spinner_filler.go rename to vendor/github.com/vbauerster/mpb/v5/bar_filler_spinner.go index 517725fbfa9..d2cb2b7260b 100644 --- a/vendor/github.com/vbauerster/mpb/v5/spinner_filler.go +++ b/vendor/github.com/vbauerster/mpb/v5/bar_filler_spinner.go @@ -6,6 +6,7 @@ import ( "unicode/utf8" "github.com/vbauerster/mpb/v5/decor" + "github.com/vbauerster/mpb/v5/internal" ) // SpinnerAlignment enum. @@ -39,7 +40,8 @@ func NewSpinnerFiller(style []string, alignment SpinnerAlignment) BarFiller { return filler } -func (s *spinnerFiller) Fill(w io.Writer, width int, stat *decor.Statistics) { +func (s *spinnerFiller) Fill(w io.Writer, reqWidth int, stat decor.Statistics) { + width := internal.WidthForBarFiller(reqWidth, stat.AvailableWidth) frame := s.frames[s.count%uint(len(s.frames))] frameWidth := utf8.RuneCountInString(frame) diff --git a/vendor/github.com/vbauerster/mpb/v5/bar_option.go b/vendor/github.com/vbauerster/mpb/v5/bar_option.go index 76f2050f154..31b7939b017 100644 --- a/vendor/github.com/vbauerster/mpb/v5/bar_option.go +++ b/vendor/github.com/vbauerster/mpb/v5/bar_option.go @@ -46,7 +46,7 @@ func BarID(id int) BarOption { // BarWidth sets bar width independent of the container. func BarWidth(width int) BarOption { return func(s *bState) { - s.width = width + s.reqWidth = width } } @@ -77,19 +77,22 @@ func BarFillerClearOnComplete() BarOption { // BarFillerOnComplete replaces bar's filler with message, on complete event. func BarFillerOnComplete(message string) BarOption { - return func(s *bState) { - s.filler = makeBarFillerOnComplete(s.baseF, message) - } + return BarFillerMiddleware(func(base BarFiller) BarFiller { + return BarFillerFunc(func(w io.Writer, reqWidth int, st decor.Statistics) { + if st.Completed { + io.WriteString(w, message) + } else { + base.Fill(w, reqWidth, st) + } + }) + }) } -func makeBarFillerOnComplete(filler BarFiller, message string) BarFiller { - return BarFillerFunc(func(w io.Writer, width int, st *decor.Statistics) { - if st.Completed { - io.WriteString(w, message) - } else { - filler.Fill(w, width, st) - } - }) +// BarFillerMiddleware provides a way to augment default BarFiller. +func BarFillerMiddleware(middle func(BarFiller) BarFiller) BarOption { + return func(s *bState) { + s.middleware = middle + } } // BarPriority sets bar's priority. Zero is highest priority, i.e. bar @@ -103,21 +106,20 @@ func BarPriority(priority int) BarOption { // BarExtender is an option to extend bar to the next new line, with // arbitrary output. -func BarExtender(extender BarFiller) BarOption { - if extender == nil { +func BarExtender(filler BarFiller) BarOption { + if filler == nil { return nil } return func(s *bState) { - s.extender = makeExtFunc(extender) + s.extender = makeExtFunc(filler) } } -func makeExtFunc(extender BarFiller) extFunc { +func makeExtFunc(filler BarFiller) extFunc { buf := new(bytes.Buffer) - nl := []byte("\n") - return func(r io.Reader, tw int, st *decor.Statistics) (io.Reader, int) { - extender.Fill(buf, tw, st) - return io.MultiReader(r, buf), bytes.Count(buf.Bytes(), nl) + return func(r io.Reader, reqWidth int, st decor.Statistics) (io.Reader, int) { + filler.Fill(buf, reqWidth, st) + return io.MultiReader(r, buf), bytes.Count(buf.Bytes(), []byte("\n")) } } @@ -139,7 +141,7 @@ func BarStyle(style string) BarOption { SetStyle(string) } return func(s *bState) { - if t, ok := s.baseF.(styleSetter); ok { + if t, ok := s.filler.(styleSetter); ok { t.SetStyle(style) } } @@ -159,7 +161,7 @@ func BarReverse() BarOption { SetReverse(bool) } return func(s *bState) { - if t, ok := s.baseF.(revSetter); ok { + if t, ok := s.filler.(revSetter); ok { t.SetReverse(true) } } @@ -189,7 +191,7 @@ func MakeFillerTypeSpecificBarOption( cb func(interface{}), ) BarOption { return func(s *bState) { - if t, ok := typeChecker(s.baseF); ok { + if t, ok := typeChecker(s.filler); ok { cb(t) } } diff --git a/vendor/github.com/vbauerster/mpb/v5/options.go b/vendor/github.com/vbauerster/mpb/v5/container_option.go similarity index 92% rename from vendor/github.com/vbauerster/mpb/v5/options.go rename to vendor/github.com/vbauerster/mpb/v5/container_option.go index 04887028412..fac59e43653 100644 --- a/vendor/github.com/vbauerster/mpb/v5/options.go +++ b/vendor/github.com/vbauerster/mpb/v5/container_option.go @@ -21,14 +21,11 @@ func WithWaitGroup(wg *sync.WaitGroup) ContainerOption { } } -// WithWidth sets container width. Default is 80. Bars inherit this -// width, as long as no BarWidth is applied. -func WithWidth(w int) ContainerOption { +// WithWidth sets container width. If not set underlying bars will +// occupy whole term width. +func WithWidth(width int) ContainerOption { return func(s *pState) { - if w < 0 { - return - } - s.width = w + s.reqWidth = width } } diff --git a/vendor/github.com/vbauerster/mpb/v5/cwriter/writer.go b/vendor/github.com/vbauerster/mpb/v5/cwriter/writer.go index 9ec1ec66b98..bb503360d84 100644 --- a/vendor/github.com/vbauerster/mpb/v5/cwriter/writer.go +++ b/vendor/github.com/vbauerster/mpb/v5/cwriter/writer.go @@ -7,7 +7,7 @@ import ( "io" "os" - "golang.org/x/crypto/ssh/terminal" + "github.com/mattn/go-isatty" ) // NotATTY not a TeleTYpewriter error. @@ -30,13 +30,14 @@ func New(out io.Writer) *Writer { w := &Writer{out: out} if f, ok := out.(*os.File); ok { w.fd = f.Fd() - w.isTerminal = terminal.IsTerminal(int(w.fd)) + w.isTerminal = isatty.IsTerminal(w.fd) } return w } // Flush flushes the underlying buffer. func (w *Writer) Flush(lineCount int) (err error) { + // some terminals interpret clear 0 lines as clear 1 if w.lineCount > 0 { w.clearLines() } @@ -63,9 +64,9 @@ func (w *Writer) ReadFrom(r io.Reader) (n int64, err error) { // GetWidth returns width of underlying terminal. func (w *Writer) GetWidth() (int, error) { - if w.isTerminal { - tw, _, err := terminal.GetSize(int(w.fd)) - return tw, err + if !w.isTerminal { + return -1, NotATTY } - return -1, NotATTY + tw, _, err := GetSize(w.fd) + return tw, err } diff --git a/vendor/github.com/vbauerster/mpb/v5/cwriter/writer_posix.go b/vendor/github.com/vbauerster/mpb/v5/cwriter/writer_posix.go index 3fb8b7d754b..e836cec3a71 100644 --- a/vendor/github.com/vbauerster/mpb/v5/cwriter/writer_posix.go +++ b/vendor/github.com/vbauerster/mpb/v5/cwriter/writer_posix.go @@ -2,8 +2,21 @@ package cwriter -import "fmt" +import ( + "fmt" + + "golang.org/x/sys/unix" +) func (w *Writer) clearLines() { fmt.Fprintf(w.out, cuuAndEd, w.lineCount) } + +// GetSize returns the dimensions of the given terminal. +func GetSize(fd uintptr) (width, height int, err error) { + ws, err := unix.IoctlGetWinsize(int(fd), unix.TIOCGWINSZ) + if err != nil { + return -1, -1, err + } + return int(ws.Col), int(ws.Row), nil +} diff --git a/vendor/github.com/vbauerster/mpb/v5/cwriter/writer_windows.go b/vendor/github.com/vbauerster/mpb/v5/cwriter/writer_windows.go index 7125289009f..7a3ed5bcc72 100644 --- a/vendor/github.com/vbauerster/mpb/v5/cwriter/writer_windows.go +++ b/vendor/github.com/vbauerster/mpb/v5/cwriter/writer_windows.go @@ -14,7 +14,6 @@ var ( procGetConsoleScreenBufferInfo = kernel32.NewProc("GetConsoleScreenBufferInfo") procSetConsoleCursorPosition = kernel32.NewProc("SetConsoleCursorPosition") procFillConsoleOutputCharacter = kernel32.NewProc("FillConsoleOutputCharacterW") - procFillConsoleOutputAttribute = kernel32.NewProc("FillConsoleOutputAttribute") ) type coord struct { @@ -41,8 +40,9 @@ func (w *Writer) clearLines() { if !w.isTerminal { fmt.Fprintf(w.out, cuuAndEd, w.lineCount) } - var info consoleScreenBufferInfo - procGetConsoleScreenBufferInfo.Call(w.fd, uintptr(unsafe.Pointer(&info))) + + info := new(consoleScreenBufferInfo) + procGetConsoleScreenBufferInfo.Call(w.fd, uintptr(unsafe.Pointer(info))) info.cursorPosition.y -= int16(w.lineCount) if info.cursorPosition.y < 0 { @@ -51,10 +51,19 @@ func (w *Writer) clearLines() { procSetConsoleCursorPosition.Call(w.fd, uintptr(uint32(uint16(info.cursorPosition.y))<<16|uint32(uint16(info.cursorPosition.x)))) // clear the lines - cursor := coord{ + cursor := &coord{ x: info.window.left, y: info.cursorPosition.y, } count := uint32(info.size.x) * uint32(w.lineCount) - procFillConsoleOutputCharacter.Call(w.fd, uintptr(' '), uintptr(count), *(*uintptr)(unsafe.Pointer(&cursor)), uintptr(unsafe.Pointer(new(uint32)))) + procFillConsoleOutputCharacter.Call(w.fd, uintptr(' '), uintptr(count), *(*uintptr)(unsafe.Pointer(cursor)), uintptr(unsafe.Pointer(new(uint32)))) +} + +// GetSize returns the visible dimensions of the given terminal. +// +// These dimensions don't include any scrollback buffer height. +func GetSize(fd uintptr) (width, height int, err error) { + info := new(consoleScreenBufferInfo) + procGetConsoleScreenBufferInfo.Call(fd, uintptr(unsafe.Pointer(info))) + return int(info.window.right - info.window.left), int(info.window.bottom - info.window.top), nil } diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/any.go b/vendor/github.com/vbauerster/mpb/v5/decor/any.go index bf9cf51a55a..39518f59457 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/any.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/any.go @@ -1,21 +1,21 @@ package decor // Any decorator displays text, that can be changed during decorator's -// lifetime via provided func call back. +// lifetime via provided DecorFunc. // -// `f` call back which provides string to display +// `fn` DecorFunc callback // // `wcc` optional WC config // -func Any(f func(*Statistics) string, wcc ...WC) Decorator { - return &any{initWC(wcc...), f} +func Any(fn DecorFunc, wcc ...WC) Decorator { + return &any{initWC(wcc...), fn} } type any struct { WC - f func(*Statistics) string + fn DecorFunc } -func (d *any) Decor(s *Statistics) string { - return d.FormatMsg(d.f(s)) +func (d *any) Decor(s Statistics) string { + return d.FormatMsg(d.fn(s)) } diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/counters.go b/vendor/github.com/vbauerster/mpb/v5/decor/counters.go index 297bf937bd9..010ec371a10 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/counters.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/counters.go @@ -46,21 +46,21 @@ func Counters(unit int, pairFmt string, wcc ...WC) Decorator { return Any(chooseSizeProducer(unit, pairFmt), wcc...) } -func chooseSizeProducer(unit int, format string) func(*Statistics) string { +func chooseSizeProducer(unit int, format string) DecorFunc { if format == "" { format = "%d / %d" } switch unit { case UnitKiB: - return func(s *Statistics) string { + return func(s Statistics) string { return fmt.Sprintf(format, SizeB1024(s.Current), SizeB1024(s.Total)) } case UnitKB: - return func(s *Statistics) string { + return func(s Statistics) string { return fmt.Sprintf(format, SizeB1000(s.Current), SizeB1000(s.Total)) } default: - return func(s *Statistics) string { + return func(s Statistics) string { return fmt.Sprintf(format, s.Current, s.Total) } } diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/decorator.go b/vendor/github.com/vbauerster/mpb/v5/decor/decorator.go index 5bca63d5252..e81fae367ee 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/decorator.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/decorator.go @@ -3,9 +3,9 @@ package decor import ( "fmt" "time" - "unicode/utf8" "github.com/acarl005/stripansi" + "github.com/mattn/go-runewidth" ) const ( @@ -47,22 +47,32 @@ const ( // Statistics consists of progress related statistics, that Decorator // may need. type Statistics struct { - ID int - Completed bool - Total int64 - Current int64 + ID int + AvailableWidth int + Total int64 + Current int64 + Refill int64 + Completed bool } // Decorator interface. -// Implementors should embed WC type, that way only single method -// Decor(*Statistics) needs to be implemented, the rest will be handled -// by WC type. +// Most of the time there is no need to implement this interface +// manually, as decor package already provides a wide range of decorators +// which implement this interface. If however built-in decorators don't +// meet your needs, you're free to implement your own one by implementing +// this particular interface. The easy way to go is to convert a +// `DecorFunc` into a `Decorator` interface by using provided +// `func Any(DecorFunc, ...WC) Decorator`. type Decorator interface { Configurator Synchronizer - Decor(*Statistics) string + Decor(Statistics) string } +// DecorFunc func type. +// To be used with `func Any`(DecorFunc, ...WC) Decorator`. +type DecorFunc func(Statistics) string + // Synchronizer interface. // All decorators implement this interface implicitly. Its Sync // method exposes width sync channel, if DSyncWidth bit is set. @@ -117,38 +127,35 @@ var ( // W represents width and C represents bit set of width related config. // A decorator should embed WC, to enable width synchronization. type WC struct { - W int - C int - dynFormat string - wsync chan int + W int + C int + fill func(s string, w int) string + wsync chan int } // FormatMsg formats final message according to WC.W and WC.C. // Should be called by any Decorator implementation. func (wc *WC) FormatMsg(msg string) string { - var format string - runeCount := utf8.RuneCountInString(stripansi.Strip(msg)) - ansiCount := utf8.RuneCountInString(msg) - runeCount + pureWidth := runewidth.StringWidth(msg) + stripWidth := runewidth.StringWidth(stripansi.Strip(msg)) + maxCell := wc.W if (wc.C & DSyncWidth) != 0 { + cellCount := stripWidth if (wc.C & DextraSpace) != 0 { - runeCount++ + cellCount++ } - wc.wsync <- runeCount - max := <-wc.wsync - format = fmt.Sprintf(wc.dynFormat, ansiCount+max) - } else { - format = fmt.Sprintf(wc.dynFormat, ansiCount+wc.W) + wc.wsync <- cellCount + maxCell = <-wc.wsync } - return fmt.Sprintf(format, msg) + return wc.fill(msg, maxCell+(pureWidth-stripWidth)) } // Init initializes width related config. func (wc *WC) Init() WC { - wc.dynFormat = "%%" + wc.fill = runewidth.FillLeft if (wc.C & DidentRight) != 0 { - wc.dynFormat += "-" + wc.fill = runewidth.FillRight } - wc.dynFormat += "%ds" if (wc.C & DSyncWidth) != 0 { // it's deliberate choice to override wsync on each Init() call, // this way globals like WCSyncSpace can be reused diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/elapsed.go b/vendor/github.com/vbauerster/mpb/v5/decor/elapsed.go index c9999a3b588..e389f15815c 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/elapsed.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/elapsed.go @@ -25,11 +25,11 @@ func Elapsed(style TimeStyle, wcc ...WC) Decorator { func NewElapsed(style TimeStyle, startTime time.Time, wcc ...WC) Decorator { var msg string producer := chooseTimeProducer(style) - f := func(s *Statistics) string { + fn := func(s Statistics) string { if !s.Completed { msg = producer(time.Since(startTime)) } return msg } - return Any(f, wcc...) + return Any(fn, wcc...) } diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/eta.go b/vendor/github.com/vbauerster/mpb/v5/decor/eta.go index 6cb27a24740..d03caa73570 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/eta.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/eta.go @@ -63,7 +63,7 @@ type movingAverageETA struct { producer func(time.Duration) string } -func (d *movingAverageETA) Decor(s *Statistics) string { +func (d *movingAverageETA) Decor(s Statistics) string { v := math.Round(d.average.Value()) remaining := time.Duration((s.Total - s.Current) * int64(v)) if d.normalizer != nil { @@ -117,7 +117,7 @@ type averageETA struct { producer func(time.Duration) string } -func (d *averageETA) Decor(s *Statistics) string { +func (d *averageETA) Decor(s Statistics) string { var remaining time.Duration if s.Current != 0 { durPerItem := float64(time.Since(d.startTime)) / float64(s.Current) diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/merge.go b/vendor/github.com/vbauerster/mpb/v5/decor/merge.go index 520f13a7f2e..e41406a64da 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/merge.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/merge.go @@ -1,9 +1,10 @@ package decor import ( - "fmt" "strings" - "unicode/utf8" + + "github.com/acarl005/stripansi" + "github.com/mattn/go-runewidth" ) // Merge wraps its decorator argument with intention to sync width @@ -64,18 +65,18 @@ func (d *mergeDecorator) Base() Decorator { return d.Decorator } -func (d *mergeDecorator) Decor(s *Statistics) string { +func (d *mergeDecorator) Decor(s Statistics) string { msg := d.Decorator.Decor(s) - msgLen := utf8.RuneCountInString(msg) + pureWidth := runewidth.StringWidth(msg) + stripWidth := runewidth.StringWidth(stripansi.Strip(msg)) + cellCount := stripWidth if (d.wc.C & DextraSpace) != 0 { - msgLen++ + cellCount++ } - var total int - max := utf8.RuneCountInString(d.placeHolders[0].FormatMsg("")) - total += max - pw := (msgLen - max) / len(d.placeHolders) - rem := (msgLen - max) % len(d.placeHolders) + total := runewidth.StringWidth(d.placeHolders[0].FormatMsg("")) + pw := (cellCount - total) / len(d.placeHolders) + rem := (cellCount - total) % len(d.placeHolders) var diff int for i := 1; i < len(d.placeHolders); i++ { @@ -87,20 +88,20 @@ func (d *mergeDecorator) Decor(s *Statistics) string { width = 0 } } - max = utf8.RuneCountInString(ph.FormatMsg(strings.Repeat(" ", width))) + max := runewidth.StringWidth(ph.FormatMsg(strings.Repeat(" ", width))) total += max diff = max - pw } d.wc.wsync <- pw + rem - max = <-d.wc.wsync - return fmt.Sprintf(fmt.Sprintf(d.wc.dynFormat, max+total), msg) + max := <-d.wc.wsync + return d.wc.fill(msg, max+total+(pureWidth-stripWidth)) } type placeHolderDecorator struct { WC } -func (d *placeHolderDecorator) Decor(*Statistics) string { +func (d *placeHolderDecorator) Decor(Statistics) string { return "" } diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/name.go b/vendor/github.com/vbauerster/mpb/v5/decor/name.go index a7d477e0756..3af31125454 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/name.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/name.go @@ -8,5 +8,5 @@ package decor // `wcc` optional WC config // func Name(str string, wcc ...WC) Decorator { - return Any(func(*Statistics) string { return str }, wcc...) + return Any(func(Statistics) string { return str }, wcc...) } diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/on_complete.go b/vendor/github.com/vbauerster/mpb/v5/decor/on_complete.go index 0a1526bf5c5..f46b19abaa9 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/on_complete.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/on_complete.go @@ -24,7 +24,7 @@ type onCompleteWrapper struct { msg string } -func (d *onCompleteWrapper) Decor(s *Statistics) string { +func (d *onCompleteWrapper) Decor(s Statistics) string { if s.Completed { wc := d.GetConf() return wc.FormatMsg(d.msg) diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/percentage.go b/vendor/github.com/vbauerster/mpb/v5/decor/percentage.go index 65ca7d31884..d6314a61989 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/percentage.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/percentage.go @@ -50,7 +50,7 @@ func NewPercentage(format string, wcc ...WC) Decorator { if format == "" { format = "% d" } - f := func(s *Statistics) string { + f := func(s Statistics) string { p := internal.Percentage(s.Total, s.Current, 100) return fmt.Sprintf(format, percentageType(p)) } diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/speed.go b/vendor/github.com/vbauerster/mpb/v5/decor/speed.go index 8a48e3f52be..634edabfdc0 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/speed.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/speed.go @@ -78,7 +78,7 @@ type movingAverageSpeed struct { msg string } -func (d *movingAverageSpeed) Decor(s *Statistics) string { +func (d *movingAverageSpeed) Decor(s Statistics) string { if !s.Completed { var speed float64 if v := d.average.Value(); v > 0 { @@ -140,7 +140,7 @@ type averageSpeed struct { msg string } -func (d *averageSpeed) Decor(s *Statistics) string { +func (d *averageSpeed) Decor(s Statistics) string { if !s.Completed { speed := float64(s.Current) / float64(time.Since(d.startTime)) d.msg = d.producer(speed * 1e9) diff --git a/vendor/github.com/vbauerster/mpb/v5/decor/spinner.go b/vendor/github.com/vbauerster/mpb/v5/decor/spinner.go index abfb2f76c74..6871639db2d 100644 --- a/vendor/github.com/vbauerster/mpb/v5/decor/spinner.go +++ b/vendor/github.com/vbauerster/mpb/v5/decor/spinner.go @@ -12,7 +12,7 @@ func Spinner(frames []string, wcc ...WC) Decorator { frames = defaultSpinnerStyle } var count uint - f := func(s *Statistics) string { + f := func(s Statistics) string { frame := frames[count%uint(len(frames))] count++ return frame diff --git a/vendor/github.com/vbauerster/mpb/v5/go.mod b/vendor/github.com/vbauerster/mpb/v5/go.mod index 672191fc8de..389a19d546a 100644 --- a/vendor/github.com/vbauerster/mpb/v5/go.mod +++ b/vendor/github.com/vbauerster/mpb/v5/go.mod @@ -3,8 +3,9 @@ module github.com/vbauerster/mpb/v5 require ( github.com/VividCortex/ewma v1.1.1 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d - golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 - golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 // indirect + github.com/mattn/go-isatty v0.0.12 + github.com/mattn/go-runewidth v0.0.9 + golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 ) go 1.14 diff --git a/vendor/github.com/vbauerster/mpb/v5/go.sum b/vendor/github.com/vbauerster/mpb/v5/go.sum index 9a411976aaa..dcaa8c55305 100644 --- a/vendor/github.com/vbauerster/mpb/v5/go.sum +++ b/vendor/github.com/vbauerster/mpb/v5/go.sum @@ -2,12 +2,10 @@ github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdc github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4 h1:QmwruyY+bKbDDL0BaglrbZABEali68eoMFhTZpCjYVA= -golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/github.com/vbauerster/mpb/v5/internal/percentage.go b/vendor/github.com/vbauerster/mpb/v5/internal/percentage.go index 7e261cb221b..e321e0a6b56 100644 --- a/vendor/github.com/vbauerster/mpb/v5/internal/percentage.go +++ b/vendor/github.com/vbauerster/mpb/v5/internal/percentage.go @@ -7,6 +7,9 @@ func Percentage(total, current int64, width int) float64 { if total <= 0 { return 0 } + if current >= total { + return float64(width) + } return float64(int64(width)*current) / float64(total) } diff --git a/vendor/github.com/vbauerster/mpb/v5/internal/width.go b/vendor/github.com/vbauerster/mpb/v5/internal/width.go new file mode 100644 index 00000000000..35d52898390 --- /dev/null +++ b/vendor/github.com/vbauerster/mpb/v5/internal/width.go @@ -0,0 +1,8 @@ +package internal + +func WidthForBarFiller(reqWidth, available int) int { + if reqWidth <= 0 || reqWidth >= available { + return available + } + return reqWidth +} diff --git a/vendor/github.com/vbauerster/mpb/v5/progress.go b/vendor/github.com/vbauerster/mpb/v5/progress.go index a366b9295f7..ac1ce50abbf 100644 --- a/vendor/github.com/vbauerster/mpb/v5/progress.go +++ b/vendor/github.com/vbauerster/mpb/v5/progress.go @@ -19,8 +19,6 @@ import ( const ( // default RefreshRate prr = 120 * time.Millisecond - // default width - pwidth = 80 ) // Progress represents the container that renders Progress bars @@ -46,7 +44,7 @@ type pState struct { // following are provided/overrided by user idCount int - width int + reqWidth int popCompleted bool rr time.Duration uwg *sync.WaitGroup @@ -70,7 +68,6 @@ func New(options ...ContainerOption) *Progress { func NewWithContext(ctx context.Context, options ...ContainerOption) *Progress { s := &pState{ bHeap: priorityQueue{}, - width: pwidth, rr: prr, parkedBars: make(map[*Bar]*Bar), output: os.Stdout, @@ -113,7 +110,7 @@ func (p *Progress) AddSpinner(total int64, alignment SpinnerAlignment, options . // Panics if *Progress instance is done, i.e. called after *Progress.Wait(). func (p *Progress) Add(total int64, filler BarFiller, options ...BarOption) *Bar { if filler == nil { - filler = NewBarFiller(DefaultBarStyle, false) + filler = BarFillerFunc(func(io.Writer, int, decor.Statistics) {}) } p.bwg.Add(1) result := make(chan *Bar) @@ -215,14 +212,46 @@ func (p *Progress) serve(s *pState, cw *cwriter.Writer) { op(s) case <-p.refreshCh: if err := s.render(cw); err != nil { - go p.dlogger.Println(err) + p.dlogger.Println(err) } case <-s.shutdownNotifier: + if s.heapUpdated { + if err := s.render(cw); err != nil { + p.dlogger.Println(err) + } + } return } } } +func (s *pState) newTicker(done <-chan struct{}) chan time.Time { + ch := make(chan time.Time) + if s.shutdownNotifier == nil { + s.shutdownNotifier = make(chan struct{}) + } + go func() { + if s.renderDelay != nil { + <-s.renderDelay + } + if s.refreshSrc == nil { + ticker := time.NewTicker(s.rr) + defer ticker.Stop() + s.refreshSrc = ticker.C + } + for { + select { + case tick := <-s.refreshSrc: + ch <- tick + case <-done: + close(s.shutdownNotifier) + return + } + } + }() + return ch +} + func (s *pState) render(cw *cwriter.Writer) error { if s.heapUpdated { s.updateSyncMatrix() @@ -233,7 +262,7 @@ func (s *pState) render(cw *cwriter.Writer) error { tw, err := cw.GetWidth() if err != nil { - tw = s.width + tw = s.reqWidth } for i := 0; i < s.bHeap.Len(); i++ { bar := s.bHeap[i] @@ -250,11 +279,16 @@ func (s *pState) flush(cw *cwriter.Writer) error { b := heap.Pop(&s.bHeap).(*Bar) cw.ReadFrom(<-b.frameCh) if b.toShutdown { - // shutdown at next flush - // this ensures no bar ends up with less than 100% rendered - defer func() { + if b.recoveredPanic != nil { s.barShutdownQueue = append(s.barShutdownQueue, b) - }() + b.toShutdown = false + } else { + // shutdown at next flush + // this ensures no bar ends up with less than 100% rendered + defer func() { + s.barShutdownQueue = append(s.barShutdownQueue, b) + }() + } } lineCount += b.extendedLines + 1 bm[b] = struct{}{} @@ -295,33 +329,6 @@ func (s *pState) flush(cw *cwriter.Writer) error { return cw.Flush(lineCount) } -func (s *pState) newTicker(done <-chan struct{}) chan time.Time { - ch := make(chan time.Time) - if s.shutdownNotifier == nil { - s.shutdownNotifier = make(chan struct{}) - } - go func() { - if s.renderDelay != nil { - <-s.renderDelay - } - if s.refreshSrc == nil { - ticker := time.NewTicker(s.rr) - defer ticker.Stop() - s.refreshSrc = ticker.C - } - for { - select { - case tick := <-s.refreshSrc: - ch <- tick - case <-done: - close(s.shutdownNotifier) - return - } - } - }() - return ch -} - func (s *pState) updateSyncMatrix() { s.pMatrix = make(map[int][]chan int) s.aMatrix = make(map[int][]chan int) @@ -342,16 +349,13 @@ func (s *pState) updateSyncMatrix() { func (s *pState) makeBarState(total int64, filler BarFiller, options ...BarOption) *bState { bs := &bState{ + id: s.idCount, + priority: s.idCount, + reqWidth: s.reqWidth, total: total, - baseF: extractBaseFiller(filler), filler: filler, - priority: s.idCount, - id: s.idCount, - width: s.width, + extender: func(r io.Reader, _ int, _ decor.Statistics) (io.Reader, int) { return r, 0 }, debugOut: s.debugOut, - extender: func(r io.Reader, _ int, _ *decor.Statistics) (io.Reader, int) { - return r, 0 - }, } for _, opt := range options { @@ -360,13 +364,18 @@ func (s *pState) makeBarState(total int64, filler BarFiller, options ...BarOptio } } + if bs.middleware != nil { + bs.filler = bs.middleware(filler) + bs.middleware = nil + } + if s.popCompleted && !bs.noPop { bs.priority = -1 } - bs.bufP = bytes.NewBuffer(make([]byte, 0, bs.width)) - bs.bufB = bytes.NewBuffer(make([]byte, 0, bs.width)) - bs.bufA = bytes.NewBuffer(make([]byte, 0, bs.width)) + bs.bufP = bytes.NewBuffer(make([]byte, 0, 128)) + bs.bufB = bytes.NewBuffer(make([]byte, 0, 256)) + bs.bufA = bytes.NewBuffer(make([]byte, 0, 128)) return bs } @@ -387,13 +396,3 @@ func syncWidth(matrix map[int][]chan int) { }() } } - -func extractBaseFiller(f BarFiller) BarFiller { - type wrapper interface { - Base() BarFiller - } - if f, ok := f.(wrapper); ok { - return extractBaseFiller(f.Base()) - } - return f -} diff --git a/vendor/gopkg.in/yaml.v2/apic.go b/vendor/gopkg.in/yaml.v2/apic.go index 1f7e87e6727..d2c2308f1f4 100644 --- a/vendor/gopkg.in/yaml.v2/apic.go +++ b/vendor/gopkg.in/yaml.v2/apic.go @@ -86,6 +86,7 @@ func yaml_emitter_initialize(emitter *yaml_emitter_t) { raw_buffer: make([]byte, 0, output_raw_buffer_size), states: make([]yaml_emitter_state_t, 0, initial_stack_size), events: make([]yaml_event_t, 0, initial_queue_size), + best_width: -1, } } diff --git a/vendor/modules.txt b/vendor/modules.txt index a1580d21e67..9ddf712f501 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -5,7 +5,7 @@ github.com/Azure/go-ansiterm/winterm github.com/BurntSushi/toml # github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd github.com/MakeNowJust/heredoc -# github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 +# github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 github.com/Microsoft/go-winio github.com/Microsoft/go-winio/archive/tar github.com/Microsoft/go-winio/backuptar @@ -42,7 +42,7 @@ github.com/VividCortex/ewma github.com/acarl005/stripansi # github.com/beorn7/perks v1.0.1 github.com/beorn7/perks/quantile -# github.com/blang/semver v3.5.0+incompatible +# github.com/blang/semver v3.5.1+incompatible github.com/blang/semver # github.com/certifi/gocertifi v0.0.0-20180905225744-ee1a9a0726d2 github.com/certifi/gocertifi @@ -62,7 +62,7 @@ github.com/containernetworking/cni/pkg/types/020 github.com/containernetworking/cni/pkg/types/current github.com/containernetworking/cni/pkg/utils github.com/containernetworking/cni/pkg/version -# github.com/containers/buildah v1.14.11 +# github.com/containers/buildah v1.15.2 github.com/containers/buildah github.com/containers/buildah/bind github.com/containers/buildah/chroot @@ -75,13 +75,13 @@ github.com/containers/buildah/pkg/parse github.com/containers/buildah/pkg/secrets github.com/containers/buildah/pkg/umask github.com/containers/buildah/util -# github.com/containers/common v0.8.4 +# github.com/containers/common v0.14.0 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/capabilities github.com/containers/common/pkg/cgroupv2 github.com/containers/common/pkg/config github.com/containers/common/pkg/sysinfo -# github.com/containers/image/v5 v5.4.3 +# github.com/containers/image/v5 v5.5.1 github.com/containers/image/v5/copy github.com/containers/image/v5/directory github.com/containers/image/v5/directory/explicitfilepath @@ -96,6 +96,7 @@ github.com/containers/image/v5/internal/iolimits github.com/containers/image/v5/internal/pkg/keyctl github.com/containers/image/v5/internal/pkg/platform github.com/containers/image/v5/internal/tmpdir +github.com/containers/image/v5/internal/uploadreader github.com/containers/image/v5/manifest github.com/containers/image/v5/oci/archive github.com/containers/image/v5/oci/internal @@ -253,7 +254,7 @@ github.com/emicklei/go-restful/log github.com/evanphx/json-patch # github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d github.com/exponent-io/jsonpath -# github.com/fsouza/go-dockerclient v1.6.3 +# github.com/fsouza/go-dockerclient v1.6.5 github.com/fsouza/go-dockerclient # github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa github.com/fullsailor/pkcs7 @@ -315,7 +316,7 @@ github.com/imdario/mergo github.com/inconshreveable/mousetrap # github.com/json-iterator/go v1.1.10 github.com/json-iterator/go -# github.com/klauspost/compress v1.10.7 +# github.com/klauspost/compress v1.10.8 github.com/klauspost/compress/flate github.com/klauspost/compress/fse github.com/klauspost/compress/huff0 @@ -332,6 +333,10 @@ github.com/liggitt/tabwriter github.com/mailru/easyjson/buffer github.com/mailru/easyjson/jlexer github.com/mailru/easyjson/jwriter +# github.com/mattn/go-isatty v0.0.12 +github.com/mattn/go-isatty +# github.com/mattn/go-runewidth v0.0.9 +github.com/mattn/go-runewidth # github.com/mattn/go-shellwords v1.0.10 github.com/mattn/go-shellwords # github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 @@ -377,7 +382,6 @@ github.com/opencontainers/selinux/go-selinux/label github.com/opencontainers/selinux/pkg/pwalk # github.com/openshift/api v0.0.0-20200326160804-ecb9283fe820 github.com/openshift/api/build/v1 -github.com/openshift/api/config/v1 # github.com/openshift/client-go v0.0.0-20200326155132-2a6cd50aedd0 github.com/openshift/client-go/build/clientset/versioned github.com/openshift/client-go/build/clientset/versioned/fake @@ -455,7 +459,7 @@ github.com/prometheus/procfs/internal/fs github.com/prometheus/procfs/internal/util # github.com/russross/blackfriday v1.5.2 github.com/russross/blackfriday -# github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f +# github.com/seccomp/containers-golang v0.5.0 github.com/seccomp/containers-golang # github.com/seccomp/libseccomp-golang v0.9.1 github.com/seccomp/libseccomp-golang @@ -478,7 +482,7 @@ github.com/ulikunitz/xz/lzma github.com/vbatts/tar-split/archive/tar github.com/vbatts/tar-split/tar/asm github.com/vbatts/tar-split/tar/storage -# github.com/vbauerster/mpb/v5 v5.0.3 +# github.com/vbauerster/mpb/v5 v5.2.2 github.com/vbauerster/mpb/v5 github.com/vbauerster/mpb/v5/cwriter github.com/vbauerster/mpb/v5/decor @@ -562,7 +566,7 @@ google.golang.org/appengine/internal/urlfetch google.golang.org/appengine/urlfetch # google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.27.0 +# google.golang.org/grpc v1.27.1 google.golang.org/grpc/codes google.golang.org/grpc/connectivity google.golang.org/grpc/grpclog @@ -605,7 +609,7 @@ gopkg.in/inf.v0 gopkg.in/square/go-jose.v2 gopkg.in/square/go-jose.v2/cipher gopkg.in/square/go-jose.v2/json -# gopkg.in/yaml.v2 v2.2.8 +# gopkg.in/yaml.v2 v2.3.0 gopkg.in/yaml.v2 # k8s.io/api v0.19.0-rc.3 => k8s.io/api v0.19.0-rc.3 k8s.io/api/admission/v1