From 7d208ba573ecc2c6294482b51872021718f76cb4 Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Thu, 8 Sep 2022 19:11:03 -0400 Subject: [PATCH] Remove in-tree credential plugins (again) This change reverts three commits: 1. Revert "Revert "Remove gcp and azure auth plugins"" This reverts commit 651b4f5b647a205d12fad4d0edc489d97109cccc. 2. Revert "update-gofmt" This reverts commit 79c09f0b310b8b66f8f14ad254f268788c42e076. 3. Revert "Update removal warnings to 1.26" This reverts commit 68758fc5c5099c83104a637e6d6ad3f4534f0d08. Signed-off-by: Monis Khan Kubernetes-commit: 09cde58bbc13ff1229f61146221f56af4ff675dc --- go.mod | 18 +- go.sum | 192 -------- plugin/pkg/client/auth/azure/README.md | 56 --- plugin/pkg/client/auth/azure/azure.go | 477 ------------------ plugin/pkg/client/auth/azure/azure_stub.go | 36 ++ plugin/pkg/client/auth/azure/azure_test.go | 534 --------------------- plugin/pkg/client/auth/gcp/OWNERS | 8 - plugin/pkg/client/auth/gcp/gcp.go | 389 --------------- plugin/pkg/client/auth/gcp/gcp_stub.go | 36 ++ plugin/pkg/client/auth/gcp/gcp_test.go | 527 -------------------- 10 files changed, 77 insertions(+), 2196 deletions(-) delete mode 100644 plugin/pkg/client/auth/azure/README.md delete mode 100644 plugin/pkg/client/auth/azure/azure.go create mode 100644 plugin/pkg/client/auth/azure/azure_stub.go delete mode 100644 plugin/pkg/client/auth/azure/azure_test.go delete mode 100644 plugin/pkg/client/auth/gcp/OWNERS delete mode 100644 plugin/pkg/client/auth/gcp/gcp.go create mode 100644 plugin/pkg/client/auth/gcp/gcp_stub.go delete mode 100644 plugin/pkg/client/auth/gcp/gcp_test.go diff --git a/go.mod b/go.mod index 7ede5fae..597b5e38 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,6 @@ module k8s.io/client-go go 1.19 require ( - github.com/Azure/go-autorest/autorest v0.11.27 - github.com/Azure/go-autorest/autorest/adal v0.9.20 github.com/davecgh/go-spew v1.1.1 github.com/evanphx/json-patch v4.12.0+incompatible github.com/gogo/protobuf v1.3.2 @@ -26,8 +24,8 @@ require ( golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 google.golang.org/protobuf v1.28.1 - k8s.io/api v0.0.0-20220908151745-929c3f077990 - k8s.io/apimachinery v0.0.0-20220902183049-31bc292891b6 + k8s.io/api v0.0.0 + k8s.io/apimachinery v0.0.0 k8s.io/klog/v2 v2.80.0 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed @@ -36,11 +34,6 @@ require ( ) require ( - cloud.google.com/go v0.97.0 // indirect - github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect - github.com/Azure/go-autorest/logger v0.2.1 // indirect - github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect @@ -48,7 +41,6 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.19.5 // indirect github.com/go-openapi/swag v0.19.14 // indirect - github.com/golang-jwt/jwt/v4 v4.2.0 // indirect github.com/google/btree v1.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -59,7 +51,6 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/appengine v1.6.7 // indirect @@ -70,6 +61,7 @@ require ( ) replace ( - k8s.io/api => k8s.io/api v0.0.0-20220908151745-929c3f077990 - k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20220902183049-31bc292891b6 + k8s.io/api => ../api + k8s.io/apimachinery => ../apimachinery + k8s.io/client-go => ../client-go ) diff --git a/go.sum b/go.sum index 9cc814d1..a5c4d081 100644 --- a/go.sum +++ b/go.sum @@ -13,19 +13,6 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -44,41 +31,19 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= -github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= -github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= -github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= -github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= -github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw= -github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= -github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= -github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= -github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -90,14 +55,9 @@ github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -115,9 +75,6 @@ github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5F github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= -github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -131,8 +88,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -146,12 +101,9 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -165,11 +117,7 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -177,8 +125,6 @@ github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -186,27 +132,17 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -247,9 +183,7 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -265,24 +199,16 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38= -golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -305,8 +231,6 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= @@ -315,9 +239,6 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -346,15 +267,6 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= @@ -363,16 +275,6 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -384,8 +286,6 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -411,31 +311,11 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -443,9 +323,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -494,18 +371,7 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -526,18 +392,6 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -569,39 +423,13 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -614,20 +442,6 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -640,7 +454,6 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -652,7 +465,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= @@ -667,10 +479,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.0.0-20220908151745-929c3f077990 h1:i9qPcRqRAx+FjGDG24rliKydPgBQR2PlvOWOm8XhT0E= -k8s.io/api v0.0.0-20220908151745-929c3f077990/go.mod h1:79dXRhEG/Q3WjCgZ7l8YtD1tVlH/shHuG6msPmRw/DQ= -k8s.io/apimachinery v0.0.0-20220902183049-31bc292891b6 h1:BH5hWQ9ueHKgA42ApyJ9RXSibEUHvd9TDr1RBZ6e7lE= -k8s.io/apimachinery v0.0.0-20220902183049-31bc292891b6/go.mod h1:L+XGzqdcOht8VoBmzPAoKcYLqUOWkB5nxGF/6z4/ubo= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.80.0 h1:lyJt0TWMPaGoODa8B8bUuxgHS3W/m/bNr2cca3brA/g= k8s.io/klog/v2 v2.80.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= diff --git a/plugin/pkg/client/auth/azure/README.md b/plugin/pkg/client/auth/azure/README.md deleted file mode 100644 index 096f99e1..00000000 --- a/plugin/pkg/client/auth/azure/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# Azure Active Directory plugin for client authentication - -This plugin provides an integration with Azure Active Directory device flow. If no tokens are present in the kubectl configuration, it will prompt a device code which can be used to login in a browser. After login it will automatically fetch the tokens and store them in the kubectl configuration. In addition it will refresh and update the tokens in the configuration when expired. - -## Usage - -1. Create an Azure Active Directory *Web App / API* application for `apiserver` following these [instructions](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-app-registration). The callback URL does not matter (just cannot be empty). - -2. Create a second Azure Active Directory native application for `kubectl`. The callback URL does not matter (just cannot be empty). - -3. On `kubectl` application's configuration page in Azure portal grant permissions to `apiserver` application by clicking on *Required Permissions*, click the *Add* button and search for the apiserver application created in step 1. Select "Access apiserver" under the *DELEGATED PERMISSIONS*. Once added click the *Grant Permissions* button to apply the changes. - -4. Configure the `apiserver` to use the Azure Active Directory as an OIDC provider with following options - - ``` - --oidc-client-id="spn:APISERVER_APPLICATION_ID" \ - --oidc-issuer-url="https://sts.windows.net/TENANT_ID/" - --oidc-username-claim="sub" - ``` - - * Replace the `APISERVER_APPLICATION_ID` with the application ID of `apiserver` application - * Replace `TENANT_ID` with your tenant ID. -   * For a list of alternative username claims that are supported by the OIDC issuer check the JSON response at `https://sts.windows.net/TENANT_ID/.well-known/openid-configuration`. - -5. Configure `kubectl` to use the `azure` authentication provider - - ``` - kubectl config set-credentials "USER_NAME" --auth-provider=azure \ - --auth-provider-arg=environment=AzurePublicCloud \ - --auth-provider-arg=client-id=APPLICATION_ID \ - --auth-provider-arg=tenant-id=TENANT_ID \ - --auth-provider-arg=apiserver-id=APISERVER_APPLICATION_ID - ``` - - * Supported environments: `AzurePublicCloud`, `AzureUSGovernmentCloud`, `AzureChinaCloud`, `AzureGermanCloud` - * Replace `USER_NAME` and `TENANT_ID` with your user name and tenant ID - * Replace `APPLICATION_ID` with the application ID of your`kubectl` application ID - * Replace `APISERVER_APPLICATION_ID` with the application ID of your `apiserver` application ID - * Be sure to also (create and) select a context that uses above user - -6. (Optionally) the AAD token has `aud` claim with `spn:` prefix. To omit that, add following auth configuration: - - ``` - --auth-provider-arg=config-mode="1" - ``` - - 7. The access token is acquired when first `kubectl` command is executed - - ``` - kubectl get pods - - To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code DEC7D48GA to authenticate. - ``` - - * After signing in a web browser, the token is stored in the configuration, and it will be reused when executing further commands. - * The resulting username in Kubernetes depends on your [configuration of the `--oidc-username-claim` and `--oidc-username-prefix` flags on the API server](https://kubernetes.io/docs/admin/authentication/#configuring-the-api-server). If you are using any authorization method you need to give permissions to that user, e.g. by binding the user to a role in the case of RBAC. diff --git a/plugin/pkg/client/auth/azure/azure.go b/plugin/pkg/client/auth/azure/azure.go deleted file mode 100644 index 455854c0..00000000 --- a/plugin/pkg/client/auth/azure/azure.go +++ /dev/null @@ -1,477 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package azure - -import ( - "encoding/json" - "errors" - "fmt" - "net/http" - "os" - "strconv" - "sync" - - "github.com/Azure/go-autorest/autorest" - "github.com/Azure/go-autorest/autorest/adal" - "github.com/Azure/go-autorest/autorest/azure" - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/util/net" - restclient "k8s.io/client-go/rest" -) - -type configMode int - -const ( - azureTokenKey = "azureTokenKey" - tokenType = "Bearer" - authHeader = "Authorization" - - cfgClientID = "client-id" - cfgTenantID = "tenant-id" - cfgAccessToken = "access-token" - cfgRefreshToken = "refresh-token" - cfgExpiresIn = "expires-in" - cfgExpiresOn = "expires-on" - cfgEnvironment = "environment" - cfgApiserverID = "apiserver-id" - cfgConfigMode = "config-mode" - - configModeDefault configMode = 0 - configModeOmitSPNPrefix configMode = 1 -) - -func init() { - if err := restclient.RegisterAuthProviderPlugin("azure", newAzureAuthProvider); err != nil { - klog.Fatalf("Failed to register azure auth plugin: %v", err) - } -} - -var cache = newAzureTokenCache() - -type azureTokenCache struct { - lock sync.Mutex - cache map[string]*azureToken -} - -func newAzureTokenCache() *azureTokenCache { - return &azureTokenCache{cache: make(map[string]*azureToken)} -} - -func (c *azureTokenCache) getToken(tokenKey string) *azureToken { - c.lock.Lock() - defer c.lock.Unlock() - return c.cache[tokenKey] -} - -func (c *azureTokenCache) setToken(tokenKey string, token *azureToken) { - c.lock.Lock() - defer c.lock.Unlock() - c.cache[tokenKey] = token -} - -var warnOnce sync.Once - -func newAzureAuthProvider(_ string, cfg map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) { - // deprecated in v1.22, remove in v1.25 - warnOnce.Do(func() { - klog.Warningf(`WARNING: the azure auth plugin is deprecated in v1.22+, unavailable in v1.26+; use https://github.com/Azure/kubelogin instead. -To learn more, consult https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins`) - }) - - var ( - ts tokenSource - environment azure.Environment - err error - mode configMode - ) - - environment, err = azure.EnvironmentFromName(cfg[cfgEnvironment]) - if err != nil { - environment = azure.PublicCloud - } - - mode = configModeDefault - if cfg[cfgConfigMode] != "" { - configModeInt, err := strconv.Atoi(cfg[cfgConfigMode]) - if err != nil { - return nil, fmt.Errorf("failed to parse %s, error: %s", cfgConfigMode, err) - } - mode = configMode(configModeInt) - switch mode { - case configModeOmitSPNPrefix: - case configModeDefault: - default: - return nil, fmt.Errorf("%s:%s is not a valid mode", cfgConfigMode, cfg[cfgConfigMode]) - } - } - ts, err = newAzureTokenSourceDeviceCode(environment, cfg[cfgClientID], cfg[cfgTenantID], cfg[cfgApiserverID], mode) - if err != nil { - return nil, fmt.Errorf("creating a new azure token source for device code authentication: %v", err) - } - cacheSource := newAzureTokenSource(ts, cache, cfg, mode, persister) - - return &azureAuthProvider{ - tokenSource: cacheSource, - }, nil -} - -type azureAuthProvider struct { - tokenSource tokenSource -} - -func (p *azureAuthProvider) Login() error { - return errors.New("not yet implemented") -} - -func (p *azureAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper { - return &azureRoundTripper{ - tokenSource: p.tokenSource, - roundTripper: rt, - } -} - -type azureRoundTripper struct { - tokenSource tokenSource - roundTripper http.RoundTripper -} - -var _ net.RoundTripperWrapper = &azureRoundTripper{} - -func (r *azureRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - if len(req.Header.Get(authHeader)) != 0 { - return r.roundTripper.RoundTrip(req) - } - - token, err := r.tokenSource.Token() - if err != nil { - klog.Errorf("Failed to acquire a token: %v", err) - return nil, fmt.Errorf("acquiring a token for authorization header: %v", err) - } - - // clone the request in order to avoid modifying the headers of the original request - req2 := new(http.Request) - *req2 = *req - req2.Header = make(http.Header, len(req.Header)) - for k, s := range req.Header { - req2.Header[k] = append([]string(nil), s...) - } - - req2.Header.Set(authHeader, fmt.Sprintf("%s %s", tokenType, token.token.AccessToken)) - - return r.roundTripper.RoundTrip(req2) -} - -func (r *azureRoundTripper) WrappedRoundTripper() http.RoundTripper { return r.roundTripper } - -type azureToken struct { - token adal.Token - environment string - clientID string - tenantID string - apiserverID string -} - -type tokenSource interface { - Token() (*azureToken, error) - Refresh(*azureToken) (*azureToken, error) -} - -type azureTokenSource struct { - source tokenSource - cache *azureTokenCache - lock sync.Mutex - configMode configMode - cfg map[string]string - persister restclient.AuthProviderConfigPersister -} - -func newAzureTokenSource(source tokenSource, cache *azureTokenCache, cfg map[string]string, configMode configMode, persister restclient.AuthProviderConfigPersister) tokenSource { - return &azureTokenSource{ - source: source, - cache: cache, - cfg: cfg, - persister: persister, - configMode: configMode, - } -} - -// Token fetches a token from the cache of configuration if present otherwise -// acquires a new token from the configured source. Automatically refreshes -// the token if expired. -func (ts *azureTokenSource) Token() (*azureToken, error) { - ts.lock.Lock() - defer ts.lock.Unlock() - - var err error - token := ts.cache.getToken(azureTokenKey) - - if token != nil && !token.token.IsExpired() { - return token, nil - } - - // retrieve from config if no cache - if token == nil { - tokenFromCfg, err := ts.retrieveTokenFromCfg() - - if err == nil { - token = tokenFromCfg - } - } - - if token != nil { - // cache and return if the token is as good - // avoids frequent persistor calls - if !token.token.IsExpired() { - ts.cache.setToken(azureTokenKey, token) - return token, nil - } - - klog.V(4).Info("Refreshing token.") - tokenFromRefresh, err := ts.Refresh(token) - switch { - case err == nil: - token = tokenFromRefresh - case autorest.IsTokenRefreshError(err): - klog.V(4).Infof("Failed to refresh expired token, proceed to auth: %v", err) - // reset token to nil so that the token source will be used to acquire new - token = nil - default: - return nil, fmt.Errorf("unexpected error when refreshing token: %v", err) - } - } - - if token == nil { - tokenFromSource, err := ts.source.Token() - if err != nil { - return nil, fmt.Errorf("failed acquiring new token: %v", err) - } - token = tokenFromSource - } - - // sanity check - if token == nil { - return nil, fmt.Errorf("unable to acquire token") - } - - // corner condition, newly got token is valid but expired - if token.token.IsExpired() { - return nil, fmt.Errorf("newly acquired token is expired") - } - - err = ts.storeTokenInCfg(token) - if err != nil { - return nil, fmt.Errorf("storing the refreshed token in configuration: %v", err) - } - ts.cache.setToken(azureTokenKey, token) - - return token, nil -} - -func (ts *azureTokenSource) retrieveTokenFromCfg() (*azureToken, error) { - accessToken := ts.cfg[cfgAccessToken] - if accessToken == "" { - return nil, fmt.Errorf("no access token in cfg: %s", cfgAccessToken) - } - refreshToken := ts.cfg[cfgRefreshToken] - if refreshToken == "" { - return nil, fmt.Errorf("no refresh token in cfg: %s", cfgRefreshToken) - } - environment := ts.cfg[cfgEnvironment] - if environment == "" { - return nil, fmt.Errorf("no environment in cfg: %s", cfgEnvironment) - } - clientID := ts.cfg[cfgClientID] - if clientID == "" { - return nil, fmt.Errorf("no client ID in cfg: %s", cfgClientID) - } - tenantID := ts.cfg[cfgTenantID] - if tenantID == "" { - return nil, fmt.Errorf("no tenant ID in cfg: %s", cfgTenantID) - } - resourceID := ts.cfg[cfgApiserverID] - if resourceID == "" { - return nil, fmt.Errorf("no apiserver ID in cfg: %s", cfgApiserverID) - } - expiresIn := ts.cfg[cfgExpiresIn] - if expiresIn == "" { - return nil, fmt.Errorf("no expiresIn in cfg: %s", cfgExpiresIn) - } - expiresOn := ts.cfg[cfgExpiresOn] - if expiresOn == "" { - return nil, fmt.Errorf("no expiresOn in cfg: %s", cfgExpiresOn) - } - tokenAudience := resourceID - if ts.configMode == configModeDefault { - tokenAudience = fmt.Sprintf("spn:%s", resourceID) - } - - return &azureToken{ - token: adal.Token{ - AccessToken: accessToken, - RefreshToken: refreshToken, - ExpiresIn: json.Number(expiresIn), - ExpiresOn: json.Number(expiresOn), - NotBefore: json.Number(expiresOn), - Resource: tokenAudience, - Type: tokenType, - }, - environment: environment, - clientID: clientID, - tenantID: tenantID, - apiserverID: resourceID, - }, nil -} - -func (ts *azureTokenSource) storeTokenInCfg(token *azureToken) error { - newCfg := make(map[string]string) - newCfg[cfgAccessToken] = token.token.AccessToken - newCfg[cfgRefreshToken] = token.token.RefreshToken - newCfg[cfgEnvironment] = token.environment - newCfg[cfgClientID] = token.clientID - newCfg[cfgTenantID] = token.tenantID - newCfg[cfgApiserverID] = token.apiserverID - newCfg[cfgExpiresIn] = string(token.token.ExpiresIn) - newCfg[cfgExpiresOn] = string(token.token.ExpiresOn) - newCfg[cfgConfigMode] = strconv.Itoa(int(ts.configMode)) - - err := ts.persister.Persist(newCfg) - if err != nil { - return fmt.Errorf("persisting the configuration: %v", err) - } - ts.cfg = newCfg - return nil -} - -func (ts *azureTokenSource) Refresh(token *azureToken) (*azureToken, error) { - return ts.source.Refresh(token) -} - -// refresh outdated token with adal. -func (ts *azureTokenSourceDeviceCode) Refresh(token *azureToken) (*azureToken, error) { - env, err := azure.EnvironmentFromName(token.environment) - if err != nil { - return nil, err - } - - var oauthConfig *adal.OAuthConfig - if ts.configMode == configModeOmitSPNPrefix { - oauthConfig, err = adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, token.tenantID, nil) - if err != nil { - return nil, fmt.Errorf("building the OAuth configuration without api-version for token refresh: %v", err) - } - } else { - oauthConfig, err = adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, token.tenantID) - if err != nil { - return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err) - } - } - - callback := func(t adal.Token) error { - return nil - } - spt, err := adal.NewServicePrincipalTokenFromManualToken( - *oauthConfig, - token.clientID, - token.apiserverID, - token.token, - callback) - if err != nil { - return nil, fmt.Errorf("creating new service principal for token refresh: %v", err) - } - - if err := spt.Refresh(); err != nil { - // Caller expects IsTokenRefreshError(err) to trigger prompt. - return nil, fmt.Errorf("refreshing token: %w", err) - } - - return &azureToken{ - token: spt.Token(), - environment: token.environment, - clientID: token.clientID, - tenantID: token.tenantID, - apiserverID: token.apiserverID, - }, nil -} - -type azureTokenSourceDeviceCode struct { - environment azure.Environment - clientID string - tenantID string - apiserverID string - configMode configMode -} - -func newAzureTokenSourceDeviceCode(environment azure.Environment, clientID string, tenantID string, apiserverID string, configMode configMode) (tokenSource, error) { - if clientID == "" { - return nil, errors.New("client-id is empty") - } - if tenantID == "" { - return nil, errors.New("tenant-id is empty") - } - if apiserverID == "" { - return nil, errors.New("apiserver-id is empty") - } - return &azureTokenSourceDeviceCode{ - environment: environment, - clientID: clientID, - tenantID: tenantID, - apiserverID: apiserverID, - configMode: configMode, - }, nil -} - -func (ts *azureTokenSourceDeviceCode) Token() (*azureToken, error) { - var ( - oauthConfig *adal.OAuthConfig - err error - ) - if ts.configMode == configModeOmitSPNPrefix { - oauthConfig, err = adal.NewOAuthConfigWithAPIVersion(ts.environment.ActiveDirectoryEndpoint, ts.tenantID, nil) - if err != nil { - return nil, fmt.Errorf("building the OAuth configuration without api-version for device code authentication: %v", err) - } - } else { - oauthConfig, err = adal.NewOAuthConfig(ts.environment.ActiveDirectoryEndpoint, ts.tenantID) - if err != nil { - return nil, fmt.Errorf("building the OAuth configuration for device code authentication: %v", err) - } - } - client := &autorest.Client{} - deviceCode, err := adal.InitiateDeviceAuth(client, *oauthConfig, ts.clientID, ts.apiserverID) - if err != nil { - return nil, fmt.Errorf("initialing the device code authentication: %v", err) - } - - _, err = fmt.Fprintln(os.Stderr, *deviceCode.Message) - if err != nil { - return nil, fmt.Errorf("prompting the device code message: %v", err) - } - - token, err := adal.WaitForUserCompletion(client, deviceCode) - if err != nil { - return nil, fmt.Errorf("waiting for device code authentication to complete: %v", err) - } - - return &azureToken{ - token: *token, - environment: ts.environment.Name, - clientID: ts.clientID, - tenantID: ts.tenantID, - apiserverID: ts.apiserverID, - }, nil -} diff --git a/plugin/pkg/client/auth/azure/azure_stub.go b/plugin/pkg/client/auth/azure/azure_stub.go new file mode 100644 index 00000000..22d3c6b3 --- /dev/null +++ b/plugin/pkg/client/auth/azure/azure_stub.go @@ -0,0 +1,36 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package azure + +import ( + "errors" + + "k8s.io/client-go/rest" + "k8s.io/klog/v2" +) + +func init() { + if err := rest.RegisterAuthProviderPlugin("azure", newAzureAuthProvider); err != nil { + klog.Fatalf("Failed to register azure auth plugin: %v", err) + } +} + +func newAzureAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) { + return nil, errors.New(`The azure auth plugin has been removed. +Please use the https://github.com/Azure/kubelogin kubectl/client-go credential plugin instead. +See https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins for further details`) +} diff --git a/plugin/pkg/client/auth/azure/azure_test.go b/plugin/pkg/client/auth/azure/azure_test.go deleted file mode 100644 index aa3f0989..00000000 --- a/plugin/pkg/client/auth/azure/azure_test.go +++ /dev/null @@ -1,534 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package azure - -import ( - "encoding/json" - "errors" - "fmt" - "net/http" - "strconv" - "strings" - "sync" - "testing" - "time" - - "github.com/Azure/go-autorest/autorest/adal" - "github.com/Azure/go-autorest/autorest/azure" -) - -func TestAzureAuthProvider(t *testing.T) { - t.Run("validate against invalid configurations", func(t *testing.T) { - vectors := []struct { - cfg map[string]string - expectedError string - }{ - { - cfg: map[string]string{ - cfgClientID: "foo", - cfgApiserverID: "foo", - cfgTenantID: "foo", - cfgConfigMode: "-1", - }, - expectedError: "config-mode:-1 is not a valid mode", - }, - { - cfg: map[string]string{ - cfgClientID: "foo", - cfgApiserverID: "foo", - cfgTenantID: "foo", - cfgConfigMode: "2", - }, - expectedError: "config-mode:2 is not a valid mode", - }, - { - cfg: map[string]string{ - cfgClientID: "foo", - cfgApiserverID: "foo", - cfgTenantID: "foo", - cfgConfigMode: "foo", - }, - expectedError: "failed to parse config-mode, error: strconv.Atoi: parsing \"foo\": invalid syntax", - }, - } - - for _, v := range vectors { - persister := &fakePersister{} - _, err := newAzureAuthProvider("", v.cfg, persister) - if !strings.Contains(err.Error(), v.expectedError) { - t.Errorf("cfg %v should fail with message containing '%s'. actual: '%s'", v.cfg, v.expectedError, err) - } - } - }) - - t.Run("it should return non-nil provider in happy cases", func(t *testing.T) { - vectors := []struct { - cfg map[string]string - expectedConfigMode configMode - }{ - { - cfg: map[string]string{ - cfgClientID: "foo", - cfgApiserverID: "foo", - cfgTenantID: "foo", - }, - expectedConfigMode: configModeDefault, - }, - { - cfg: map[string]string{ - cfgClientID: "foo", - cfgApiserverID: "foo", - cfgTenantID: "foo", - cfgConfigMode: "0", - }, - expectedConfigMode: configModeDefault, - }, - { - cfg: map[string]string{ - cfgClientID: "foo", - cfgApiserverID: "foo", - cfgTenantID: "foo", - cfgConfigMode: "1", - }, - expectedConfigMode: configModeOmitSPNPrefix, - }, - } - - for _, v := range vectors { - persister := &fakePersister{} - provider, err := newAzureAuthProvider("", v.cfg, persister) - if err != nil { - t.Errorf("newAzureAuthProvider should not fail with '%s'", err) - } - if provider == nil { - t.Fatalf("newAzureAuthProvider should return non-nil provider") - } - azureProvider := provider.(*azureAuthProvider) - if azureProvider == nil { - t.Fatalf("newAzureAuthProvider should return an instance of type azureAuthProvider") - } - ts := azureProvider.tokenSource.(*azureTokenSource) - if ts == nil { - t.Fatalf("azureAuthProvider should be an instance of azureTokenSource") - } - if ts.configMode != v.expectedConfigMode { - t.Errorf("expected configMode: %d, actual: %d", v.expectedConfigMode, ts.configMode) - } - } - }) -} - -func TestTokenSourceDeviceCode(t *testing.T) { - var ( - clientID = "clientID" - tenantID = "tenantID" - apiserverID = "apiserverID" - configMode = configModeDefault - azureEnv = azure.Environment{} - ) - t.Run("validate to create azureTokenSourceDeviceCode", func(t *testing.T) { - if _, err := newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, apiserverID, configModeDefault); err != nil { - t.Errorf("newAzureTokenSourceDeviceCode should not have failed. err: %s", err) - } - - if _, err := newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, apiserverID, configModeOmitSPNPrefix); err != nil { - t.Errorf("newAzureTokenSourceDeviceCode should not have failed. err: %s", err) - } - - _, err := newAzureTokenSourceDeviceCode(azureEnv, "", tenantID, apiserverID, configMode) - actual := "client-id is empty" - if err.Error() != actual { - t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err) - } - - _, err = newAzureTokenSourceDeviceCode(azureEnv, clientID, "", apiserverID, configMode) - actual = "tenant-id is empty" - if err.Error() != actual { - t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err) - } - - _, err = newAzureTokenSourceDeviceCode(azureEnv, clientID, tenantID, "", configMode) - actual = "apiserver-id is empty" - if err.Error() != actual { - t.Errorf("newAzureTokenSourceDeviceCode should have failed. expected: %s, actual: %s", actual, err) - } - }) -} -func TestAzureTokenSource(t *testing.T) { - configModes := []configMode{configModeOmitSPNPrefix, configModeDefault} - expectedConfigModes := []string{"1", "0"} - - for i, configMode := range configModes { - t.Run(fmt.Sprintf("validate token from cfg with configMode %v", configMode), func(t *testing.T) { - const ( - serverID = "fakeServerID" - clientID = "fakeClientID" - tenantID = "fakeTenantID" - accessToken = "fakeToken" - environment = "fakeEnvironment" - refreshToken = "fakeToken" - expiresIn = "foo" - expiresOn = "foo" - ) - cfg := map[string]string{ - cfgConfigMode: strconv.Itoa(int(configMode)), - cfgApiserverID: serverID, - cfgClientID: clientID, - cfgTenantID: tenantID, - cfgEnvironment: environment, - cfgAccessToken: accessToken, - cfgRefreshToken: refreshToken, - cfgExpiresIn: expiresIn, - cfgExpiresOn: expiresOn, - } - fakeSource := fakeTokenSource{token: newFakeAzureToken("fakeToken", time.Now().Add(3600*time.Second))} - persiter := &fakePersister{cache: make(map[string]string)} - tokenCache := newAzureTokenCache() - tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, persiter) - azTokenSource := tokenSource.(*azureTokenSource) - token, err := azTokenSource.retrieveTokenFromCfg() - if err != nil { - t.Errorf("failed to retrieve the token form cfg: %s", err) - } - if token.apiserverID != serverID { - t.Errorf("expecting token.apiserverID: %s, actual: %s", serverID, token.apiserverID) - } - if token.clientID != clientID { - t.Errorf("expecting token.clientID: %s, actual: %s", clientID, token.clientID) - } - if token.tenantID != tenantID { - t.Errorf("expecting token.tenantID: %s, actual: %s", tenantID, token.tenantID) - } - expectedAudience := serverID - if configMode == configModeDefault { - expectedAudience = fmt.Sprintf("spn:%s", serverID) - } - if token.token.Resource != expectedAudience { - t.Errorf("expecting adal token.Resource: %s, actual: %s", expectedAudience, token.token.Resource) - } - }) - - t.Run("validate token against cache", func(t *testing.T) { - fakeAccessToken := "fake token 1" - fakeSource := fakeTokenSource{token: newFakeAzureToken(fakeAccessToken, time.Now().Add(3600*time.Second))} - cfg := make(map[string]string) - persiter := &fakePersister{cache: make(map[string]string)} - tokenCache := newAzureTokenCache() - tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, persiter) - token, err := tokenSource.Token() - if err != nil { - t.Errorf("failed to retrieve the token form cache: %v", err) - } - - wantCacheLen := 1 - if len(tokenCache.cache) != wantCacheLen { - t.Errorf("Token() cache length error: got %v, want %v", len(tokenCache.cache), wantCacheLen) - } - - if token != tokenCache.cache[azureTokenKey] { - t.Error("Token() returned token != cached token") - } - - wantCfg := token2Cfg(token) - wantCfg[cfgConfigMode] = expectedConfigModes[i] - persistedCfg := persiter.Cache() - - wantCfgLen := len(wantCfg) - persistedCfgLen := len(persistedCfg) - if wantCfgLen != persistedCfgLen { - t.Errorf("wantCfgLen and persistedCfgLen do not match, wantCfgLen=%v, persistedCfgLen=%v", wantCfgLen, persistedCfgLen) - } - - for k, v := range persistedCfg { - if strings.Compare(v, wantCfg[k]) != 0 { - t.Errorf("Token() persisted cfg %s: got %v, want %v", k, v, wantCfg[k]) - } - } - - fakeSource.token = newFakeAzureToken("fake token 2", time.Now().Add(3600*time.Second)) - token, err = tokenSource.Token() - if err != nil { - t.Errorf("failed to retrieve the cached token: %v", err) - } - - if token.token.AccessToken != fakeAccessToken { - t.Errorf("Token() didn't return the cached token") - } - }) - } -} - -func TestAzureTokenSourceScenarios(t *testing.T) { - expiredToken := newFakeAzureToken("expired token", time.Now().Add(-time.Second)) - extendedToken := newFakeAzureToken("extend token", time.Now().Add(1000*time.Second)) - fakeToken := newFakeAzureToken("fake token", time.Now().Add(1000*time.Second)) - wrongToken := newFakeAzureToken("wrong token", time.Now().Add(1000*time.Second)) - tests := []struct { - name string - sourceToken *azureToken - refreshToken *azureToken - cachedToken *azureToken - configToken *azureToken - expectToken *azureToken - tokenErr error - refreshErr error - expectErr string - tokenCalls uint - refreshCalls uint - persistCalls uint - }{ - { - name: "new config", - sourceToken: fakeToken, - expectToken: fakeToken, - tokenCalls: 1, - persistCalls: 1, - }, - { - name: "load token from cache", - sourceToken: wrongToken, - cachedToken: fakeToken, - configToken: wrongToken, - expectToken: fakeToken, - }, - { - name: "load token from config", - sourceToken: wrongToken, - configToken: fakeToken, - expectToken: fakeToken, - }, - { - name: "cached token timeout, extend success, config token should never load", - cachedToken: expiredToken, - refreshToken: extendedToken, - configToken: wrongToken, - expectToken: extendedToken, - refreshCalls: 1, - persistCalls: 1, - }, - { - name: "config token timeout, extend failure, acquire new token", - configToken: expiredToken, - refreshErr: fakeTokenRefreshError{message: "FakeError happened when refreshing"}, - sourceToken: fakeToken, - expectToken: fakeToken, - refreshCalls: 1, - tokenCalls: 1, - persistCalls: 1, - }, - { - name: "extend failure with fmt.Errorf nested tokenRefreshError", - configToken: expiredToken, - refreshErr: fmt.Errorf("refreshing token: %w", fakeTokenRefreshError{message: "nested FakeError happened when refreshing"}), - sourceToken: fakeToken, - expectToken: fakeToken, - refreshCalls: 1, - tokenCalls: 1, - persistCalls: 1, - }, - { - name: "unexpected error when extend", - configToken: expiredToken, - refreshErr: errors.New("unexpected refresh error"), - sourceToken: fakeToken, - expectErr: "unexpected refresh error", - refreshCalls: 1, - }, - { - name: "token error", - tokenErr: errors.New("tokenerr"), - expectErr: "tokenerr", - tokenCalls: 1, - }, - { - name: "Token() got expired token", - sourceToken: expiredToken, - expectErr: "newly acquired token is expired", - tokenCalls: 1, - }, - { - name: "Token() got nil but no error", - sourceToken: nil, - expectErr: "unable to acquire token", - tokenCalls: 1, - }, - } - for _, tc := range tests { - configModes := []configMode{configModeOmitSPNPrefix, configModeDefault} - - for _, configMode := range configModes { - t.Run(fmt.Sprintf("%s with configMode: %v", tc.name, configMode), func(t *testing.T) { - persister := newFakePersister() - - cfg := map[string]string{ - cfgConfigMode: strconv.Itoa(int(configMode)), - } - if tc.configToken != nil { - cfg = token2Cfg(tc.configToken) - } - - tokenCache := newAzureTokenCache() - if tc.cachedToken != nil { - tokenCache.setToken(azureTokenKey, tc.cachedToken) - } - - fakeSource := fakeTokenSource{ - token: tc.sourceToken, - tokenErr: tc.tokenErr, - refreshToken: tc.refreshToken, - refreshErr: tc.refreshErr, - } - - tokenSource := newAzureTokenSource(&fakeSource, tokenCache, cfg, configMode, &persister) - token, err := tokenSource.Token() - - if token != nil && fakeSource.token != nil && token.apiserverID != fakeSource.token.apiserverID { - t.Errorf("expecting apiservierID: %s, got: %s", fakeSource.token.apiserverID, token.apiserverID) - } - if fakeSource.tokenCalls != tc.tokenCalls { - t.Errorf("expecting tokenCalls: %v, got: %v", tc.tokenCalls, fakeSource.tokenCalls) - } - - if fakeSource.refreshCalls != tc.refreshCalls { - t.Errorf("expecting refreshCalls: %v, got: %v", tc.refreshCalls, fakeSource.refreshCalls) - } - - if persister.calls != tc.persistCalls { - t.Errorf("expecting persister calls: %v, got: %v", tc.persistCalls, persister.calls) - } - - if tc.expectErr != "" { - if !strings.Contains(err.Error(), tc.expectErr) { - t.Errorf("expecting error %v, got %v", tc.expectErr, err) - } - if token != nil { - t.Errorf("token should be nil in err situation, got %v", token) - } - } else { - if err != nil { - t.Fatalf("error should be nil, got %v", err) - } - if token.token.AccessToken != tc.expectToken.token.AccessToken { - t.Errorf("token should have accessToken %v, got %v", token.token.AccessToken, tc.expectToken.token.AccessToken) - } - } - }) - } - } -} - -type fakePersister struct { - lock sync.Mutex - cache map[string]string - calls uint -} - -func newFakePersister() fakePersister { - return fakePersister{cache: make(map[string]string), calls: 0} -} - -func (p *fakePersister) Persist(cache map[string]string) error { - p.lock.Lock() - defer p.lock.Unlock() - p.calls++ - p.cache = map[string]string{} - for k, v := range cache { - p.cache[k] = v - } - return nil -} - -func (p *fakePersister) Cache() map[string]string { - ret := map[string]string{} - p.lock.Lock() - defer p.lock.Unlock() - for k, v := range p.cache { - ret[k] = v - } - return ret -} - -// a simple token source simply always returns the token property -type fakeTokenSource struct { - token *azureToken - tokenCalls uint - tokenErr error - refreshToken *azureToken - refreshCalls uint - refreshErr error -} - -func (ts *fakeTokenSource) Token() (*azureToken, error) { - ts.tokenCalls++ - return ts.token, ts.tokenErr -} - -func (ts *fakeTokenSource) Refresh(*azureToken) (*azureToken, error) { - ts.refreshCalls++ - return ts.refreshToken, ts.refreshErr -} - -func token2Cfg(token *azureToken) map[string]string { - cfg := make(map[string]string) - cfg[cfgAccessToken] = token.token.AccessToken - cfg[cfgRefreshToken] = token.token.RefreshToken - cfg[cfgEnvironment] = token.environment - cfg[cfgClientID] = token.clientID - cfg[cfgTenantID] = token.tenantID - cfg[cfgApiserverID] = token.apiserverID - cfg[cfgExpiresIn] = string(token.token.ExpiresIn) - cfg[cfgExpiresOn] = string(token.token.ExpiresOn) - return cfg -} - -func newFakeAzureToken(accessToken string, expiresOnTime time.Time) *azureToken { - return &azureToken{ - token: newFakeADALToken(accessToken, strconv.FormatInt(expiresOnTime.Unix(), 10)), - environment: "testenv", - clientID: "fake", - tenantID: "fake", - apiserverID: "fake", - } -} - -func newFakeADALToken(accessToken string, expiresOn string) adal.Token { - return adal.Token{ - AccessToken: accessToken, - RefreshToken: "fake", - ExpiresIn: "3600", - ExpiresOn: json.Number(expiresOn), - NotBefore: json.Number(expiresOn), - Resource: "fake", - Type: "fake", - } -} - -// copied from go-autorest/adal -type fakeTokenRefreshError struct { - message string - resp *http.Response -} - -// Error implements the error interface which is part of the TokenRefreshError interface. -func (tre fakeTokenRefreshError) Error() string { - return tre.message -} - -// Response implements the TokenRefreshError interface, it returns the raw HTTP response from the refresh operation. -func (tre fakeTokenRefreshError) Response() *http.Response { - return tre.resp -} diff --git a/plugin/pkg/client/auth/gcp/OWNERS b/plugin/pkg/client/auth/gcp/OWNERS deleted file mode 100644 index 727c970a..00000000 --- a/plugin/pkg/client/auth/gcp/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - cjcullen -reviewers: - - cjcullen -emeritus_approvers: - - jlowdermilk diff --git a/plugin/pkg/client/auth/gcp/gcp.go b/plugin/pkg/client/auth/gcp/gcp.go deleted file mode 100644 index ee7c4948..00000000 --- a/plugin/pkg/client/auth/gcp/gcp.go +++ /dev/null @@ -1,389 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package gcp - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "net/http" - "os/exec" - "strings" - "sync" - "time" - - "golang.org/x/oauth2" - "golang.org/x/oauth2/google" - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/yaml" - restclient "k8s.io/client-go/rest" - "k8s.io/client-go/util/jsonpath" - "k8s.io/klog/v2" -) - -func init() { - if err := restclient.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil { - klog.Fatalf("Failed to register gcp auth plugin: %v", err) - } -} - -var ( - // Stubbable for testing - execCommand = exec.Command - - // defaultScopes: - // - cloud-platform is the base scope to authenticate to GCP. - // - userinfo.email is used to authenticate to GKE APIs with gserviceaccount - // email instead of numeric uniqueID. - defaultScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email"} -) - -// gcpAuthProvider is an auth provider plugin that uses GCP credentials to provide -// tokens for kubectl to authenticate itself to the apiserver. A sample json config -// is provided below with all recognized options described. -// -// { -// 'auth-provider': { -// # Required -// "name": "gcp", -// -// 'config': { -// # Authentication options -// # These options are used while getting a token. -// -// # comma-separated list of GCP API scopes. default value of this field -// # is "https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email". -// # to override the API scopes, specify this field explicitly. -// "scopes": "https://www.googleapis.com/auth/cloud-platform" -// -// # Caching options -// -// # Raw string data representing cached access token. -// "access-token": "ya29.CjWdA4GiBPTt", -// # RFC3339Nano expiration timestamp for cached access token. -// "expiry": "2016-10-31 22:31:9.123", -// -// # Command execution options -// # These options direct the plugin to execute a specified command and parse -// # token and expiry time from the output of the command. -// -// # Command to execute for access token. Command output will be parsed as JSON. -// # If "cmd-args" is not present, this value will be split on whitespace, with -// # the first element interpreted as the command, remaining elements as args. -// "cmd-path": "/usr/bin/gcloud", -// -// # Arguments to pass to command to execute for access token. -// "cmd-args": "config config-helper --output=json" -// -// # JSONPath to the string field that represents the access token in -// # command output. If omitted, defaults to "{.access_token}". -// "token-key": "{.credential.access_token}", -// -// # JSONPath to the string field that represents expiration timestamp -// # of the access token in the command output. If omitted, defaults to -// # "{.token_expiry}" -// "expiry-key": ""{.credential.token_expiry}", -// -// # golang reference time in the format that the expiration timestamp uses. -// # If omitted, defaults to time.RFC3339Nano -// "time-fmt": "2006-01-02 15:04:05.999999999" -// } -// } -// } -type gcpAuthProvider struct { - tokenSource oauth2.TokenSource - persister restclient.AuthProviderConfigPersister -} - -var warnOnce sync.Once - -func newGCPAuthProvider(_ string, gcpConfig map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) { - warnOnce.Do(func() { - klog.Warningf(`WARNING: the gcp auth plugin is deprecated in v1.22+, unavailable in v1.26+; use gcloud instead. -To learn more, consult https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke`) - }) - - ts, err := tokenSource(isCmdTokenSource(gcpConfig), gcpConfig) - if err != nil { - return nil, err - } - cts, err := newCachedTokenSource(gcpConfig["access-token"], gcpConfig["expiry"], persister, ts, gcpConfig) - if err != nil { - return nil, err - } - return &gcpAuthProvider{cts, persister}, nil -} - -func isCmdTokenSource(gcpConfig map[string]string) bool { - _, ok := gcpConfig["cmd-path"] - return ok -} - -func tokenSource(isCmd bool, gcpConfig map[string]string) (oauth2.TokenSource, error) { - // Command-based token source - if isCmd { - cmd := gcpConfig["cmd-path"] - if len(cmd) == 0 { - return nil, fmt.Errorf("missing access token cmd") - } - if gcpConfig["scopes"] != "" { - return nil, fmt.Errorf("scopes can only be used when kubectl is using a gcp service account key") - } - var args []string - if cmdArgs, ok := gcpConfig["cmd-args"]; ok { - args = strings.Fields(cmdArgs) - } else { - fields := strings.Fields(cmd) - cmd = fields[0] - args = fields[1:] - } - return newCmdTokenSource(cmd, args, gcpConfig["token-key"], gcpConfig["expiry-key"], gcpConfig["time-fmt"]), nil - } - - // Google Application Credentials-based token source - scopes := parseScopes(gcpConfig) - ts, err := google.DefaultTokenSource(context.Background(), scopes...) - if err != nil { - return nil, fmt.Errorf("cannot construct google default token source: %v", err) - } - return ts, nil -} - -// parseScopes constructs a list of scopes that should be included in token source -// from the config map. -func parseScopes(gcpConfig map[string]string) []string { - scopes, ok := gcpConfig["scopes"] - if !ok { - return defaultScopes - } - if scopes == "" { - return []string{} - } - return strings.Split(gcpConfig["scopes"], ",") -} - -func (g *gcpAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper { - var resetCache map[string]string - if cts, ok := g.tokenSource.(*cachedTokenSource); ok { - resetCache = cts.baseCache() - } else { - resetCache = make(map[string]string) - } - return &conditionalTransport{&oauth2.Transport{Source: g.tokenSource, Base: rt}, g.persister, resetCache} -} - -func (g *gcpAuthProvider) Login() error { return nil } - -type cachedTokenSource struct { - lk sync.Mutex - source oauth2.TokenSource - accessToken string `datapolicy:"token"` - expiry time.Time - persister restclient.AuthProviderConfigPersister - cache map[string]string -} - -func newCachedTokenSource(accessToken, expiry string, persister restclient.AuthProviderConfigPersister, ts oauth2.TokenSource, cache map[string]string) (*cachedTokenSource, error) { - var expiryTime time.Time - if parsedTime, err := time.Parse(time.RFC3339Nano, expiry); err == nil { - expiryTime = parsedTime - } - if cache == nil { - cache = make(map[string]string) - } - return &cachedTokenSource{ - source: ts, - accessToken: accessToken, - expiry: expiryTime, - persister: persister, - cache: cache, - }, nil -} - -func (t *cachedTokenSource) Token() (*oauth2.Token, error) { - tok := t.cachedToken() - if tok.Valid() && !tok.Expiry.IsZero() { - return tok, nil - } - tok, err := t.source.Token() - if err != nil { - return nil, err - } - cache := t.update(tok) - if t.persister != nil { - if err := t.persister.Persist(cache); err != nil { - klog.V(4).Infof("Failed to persist token: %v", err) - } - } - return tok, nil -} - -func (t *cachedTokenSource) cachedToken() *oauth2.Token { - t.lk.Lock() - defer t.lk.Unlock() - return &oauth2.Token{ - AccessToken: t.accessToken, - TokenType: "Bearer", - Expiry: t.expiry, - } -} - -func (t *cachedTokenSource) update(tok *oauth2.Token) map[string]string { - t.lk.Lock() - defer t.lk.Unlock() - t.accessToken = tok.AccessToken - t.expiry = tok.Expiry - ret := map[string]string{} - for k, v := range t.cache { - ret[k] = v - } - ret["access-token"] = t.accessToken - ret["expiry"] = t.expiry.Format(time.RFC3339Nano) - return ret -} - -// baseCache is the base configuration value for this TokenSource, without any cached ephemeral tokens. -func (t *cachedTokenSource) baseCache() map[string]string { - t.lk.Lock() - defer t.lk.Unlock() - ret := map[string]string{} - for k, v := range t.cache { - ret[k] = v - } - delete(ret, "access-token") - delete(ret, "expiry") - return ret -} - -type commandTokenSource struct { - cmd string - args []string - tokenKey string `datapolicy:"token"` - expiryKey string `datapolicy:"secret-key"` - timeFmt string -} - -func newCmdTokenSource(cmd string, args []string, tokenKey, expiryKey, timeFmt string) *commandTokenSource { - if len(timeFmt) == 0 { - timeFmt = time.RFC3339Nano - } - if len(tokenKey) == 0 { - tokenKey = "{.access_token}" - } - if len(expiryKey) == 0 { - expiryKey = "{.token_expiry}" - } - return &commandTokenSource{ - cmd: cmd, - args: args, - tokenKey: tokenKey, - expiryKey: expiryKey, - timeFmt: timeFmt, - } -} - -func (c *commandTokenSource) Token() (*oauth2.Token, error) { - fullCmd := strings.Join(append([]string{c.cmd}, c.args...), " ") - cmd := execCommand(c.cmd, c.args...) - var stderr bytes.Buffer - cmd.Stderr = &stderr - output, err := cmd.Output() - if err != nil { - return nil, fmt.Errorf("error executing access token command %q: err=%v output=%s stderr=%s", fullCmd, err, output, string(stderr.Bytes())) - } - token, err := c.parseTokenCmdOutput(output) - if err != nil { - return nil, fmt.Errorf("error parsing output for access token command %q: %v", fullCmd, err) - } - return token, nil -} - -func (c *commandTokenSource) parseTokenCmdOutput(output []byte) (*oauth2.Token, error) { - output, err := yaml.ToJSON(output) - if err != nil { - return nil, err - } - var data interface{} - if err := json.Unmarshal(output, &data); err != nil { - return nil, err - } - - accessToken, err := parseJSONPath(data, "token-key", c.tokenKey) - if err != nil { - return nil, fmt.Errorf("error parsing token-key %q from %q: %v", c.tokenKey, string(output), err) - } - expiryStr, err := parseJSONPath(data, "expiry-key", c.expiryKey) - if err != nil { - return nil, fmt.Errorf("error parsing expiry-key %q from %q: %v", c.expiryKey, string(output), err) - } - var expiry time.Time - if t, err := time.Parse(c.timeFmt, expiryStr); err != nil { - klog.V(4).Infof("Failed to parse token expiry from %s (fmt=%s): %v", expiryStr, c.timeFmt, err) - } else { - expiry = t - } - - return &oauth2.Token{ - AccessToken: accessToken, - TokenType: "Bearer", - Expiry: expiry, - }, nil -} - -func parseJSONPath(input interface{}, name, template string) (string, error) { - j := jsonpath.New(name) - buf := new(bytes.Buffer) - if err := j.Parse(template); err != nil { - return "", err - } - if err := j.Execute(buf, input); err != nil { - return "", err - } - return buf.String(), nil -} - -type conditionalTransport struct { - oauthTransport *oauth2.Transport - persister restclient.AuthProviderConfigPersister - resetCache map[string]string -} - -var _ net.RoundTripperWrapper = &conditionalTransport{} - -func (t *conditionalTransport) RoundTrip(req *http.Request) (*http.Response, error) { - if len(req.Header.Get("Authorization")) != 0 { - return t.oauthTransport.Base.RoundTrip(req) - } - - res, err := t.oauthTransport.RoundTrip(req) - - if err != nil { - return nil, err - } - - if res.StatusCode == 401 { - klog.V(4).Infof("The credentials that were supplied are invalid for the target cluster") - t.persister.Persist(t.resetCache) - } - - return res, nil -} - -func (t *conditionalTransport) WrappedRoundTripper() http.RoundTripper { return t.oauthTransport.Base } diff --git a/plugin/pkg/client/auth/gcp/gcp_stub.go b/plugin/pkg/client/auth/gcp/gcp_stub.go new file mode 100644 index 00000000..99585f93 --- /dev/null +++ b/plugin/pkg/client/auth/gcp/gcp_stub.go @@ -0,0 +1,36 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package gcp + +import ( + "errors" + + "k8s.io/client-go/rest" + "k8s.io/klog/v2" +) + +func init() { + if err := rest.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil { + klog.Fatalf("Failed to register gcp auth plugin: %v", err) + } +} + +func newGCPAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) { + return nil, errors.New(`The gcp auth plugin has been removed. +Please use the "gke-gcloud-auth-plugin" kubectl/client-go credential plugin instead. +See https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke for further details`) +} diff --git a/plugin/pkg/client/auth/gcp/gcp_test.go b/plugin/pkg/client/auth/gcp/gcp_test.go deleted file mode 100644 index f49385a2..00000000 --- a/plugin/pkg/client/auth/gcp/gcp_test.go +++ /dev/null @@ -1,527 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package gcp - -import ( - "fmt" - "io/ioutil" - "net/http" - "os" - "os/exec" - "reflect" - "strings" - "sync" - "testing" - "time" - - "golang.org/x/oauth2" -) - -type fakeOutput struct { - args []string - output string -} - -var ( - wantCmd []string - // Output for fakeExec, keyed by command - execOutputs = map[string]fakeOutput{ - "/default/no/args": { - args: []string{}, - output: `{ - "access_token": "faketoken", - "token_expiry": "2016-10-31T22:31:09.123000000Z" -}`}, - "/default/legacy/args": { - args: []string{"arg1", "arg2", "arg3"}, - output: `{ - "access_token": "faketoken", - "token_expiry": "2016-10-31T22:31:09.123000000Z" -}`}, - "/space in path/customkeys": { - args: []string{"can", "haz", "auth"}, - output: `{ - "token": "faketoken", - "token_expiry": { - "datetime": "2016-10-31 22:31:09.123" - } -}`}, - "missing/tokenkey/noargs": { - args: []string{}, - output: `{ - "broken": "faketoken", - "token_expiry": { - "datetime": "2016-10-31 22:31:09.123000000Z" - } -}`}, - "missing/expirykey/legacyargs": { - args: []string{"split", "on", "whitespace"}, - output: `{ - "access_token": "faketoken", - "expires": "2016-10-31T22:31:09.123000000Z" -}`}, - "invalid expiry/timestamp": { - args: []string{"foo", "--bar", "--baz=abc,def"}, - output: `{ - "access_token": "faketoken", - "token_expiry": "sometime soon, idk" -}`}, - "badjson": { - args: []string{}, - output: `{ - "access_token": "faketoken", - "token_expiry": "sometime soon, idk" - ------ -`}, - } -) - -func fakeExec(command string, args ...string) *exec.Cmd { - cs := []string{"-test.run=TestHelperProcess", "--", command} - cs = append(cs, args...) - cmd := exec.Command(os.Args[0], cs...) - cmd.Env = []string{"GO_WANT_HELPER_PROCESS=1"} - return cmd -} - -func TestHelperProcess(t *testing.T) { - if os.Getenv("GO_WANT_HELPER_PROCESS") != "1" { - return - } - // Strip out the leading args used to exec into this function. - gotCmd := os.Args[3] - gotArgs := os.Args[4:] - output, ok := execOutputs[gotCmd] - if !ok { - fmt.Fprintf(os.Stdout, "unexpected call cmd=%q args=%v\n", gotCmd, gotArgs) - os.Exit(1) - } else if !reflect.DeepEqual(output.args, gotArgs) { - fmt.Fprintf(os.Stdout, "call cmd=%q got args %v, want: %v\n", gotCmd, gotArgs, output.args) - os.Exit(1) - } - fmt.Fprintf(os.Stdout, output.output) - os.Exit(0) -} - -func Test_isCmdTokenSource(t *testing.T) { - c1 := map[string]string{"cmd-path": "foo"} - if v := isCmdTokenSource(c1); !v { - t.Fatalf("cmd-path present in config (%+v), but got %v", c1, v) - } - - c2 := map[string]string{"cmd-args": "foo bar"} - if v := isCmdTokenSource(c2); v { - t.Fatalf("cmd-path not present in config (%+v), but got %v", c2, v) - } -} - -func Test_tokenSource_cmd(t *testing.T) { - if _, err := tokenSource(true, map[string]string{}); err == nil { - t.Fatalf("expected error, cmd-args not present in config") - } - - c := map[string]string{ - "cmd-path": "foo", - "cmd-args": "bar"} - ts, err := tokenSource(true, c) - if err != nil { - t.Fatalf("failed to return cmd token source: %+v", err) - } - if ts == nil { - t.Fatal("returned nil token source") - } - if _, ok := ts.(*commandTokenSource); !ok { - t.Fatalf("returned token source type:(%T) expected:(*commandTokenSource)", ts) - } -} - -func Test_tokenSource_cmdCannotBeUsedWithScopes(t *testing.T) { - c := map[string]string{ - "cmd-path": "foo", - "scopes": "A,B"} - if _, err := tokenSource(true, c); err == nil { - t.Fatal("expected error when scopes is used with cmd-path") - } -} - -func Test_tokenSource_applicationDefaultCredentials_fails(t *testing.T) { - // try to use empty ADC file - fakeTokenFile, err := ioutil.TempFile("", "adctoken") - if err != nil { - t.Fatalf("failed to create fake token file: +%v", err) - } - fakeTokenFile.Close() - defer os.Remove(fakeTokenFile.Name()) - - os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", fakeTokenFile.Name()) - defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS") - if _, err := tokenSource(false, map[string]string{}); err == nil { - t.Fatalf("expected error because specified ADC token file is not a JSON") - } -} - -func Test_tokenSource_applicationDefaultCredentials(t *testing.T) { - fakeTokenFile, err := ioutil.TempFile("", "adctoken") - if err != nil { - t.Fatalf("failed to create fake token file: +%v", err) - } - fakeTokenFile.Close() - defer os.Remove(fakeTokenFile.Name()) - if err := ioutil.WriteFile(fakeTokenFile.Name(), []byte(`{"type":"service_account"}`), 0600); err != nil { - t.Fatalf("failed to write to fake token file: %+v", err) - } - - os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", fakeTokenFile.Name()) - defer os.Unsetenv("GOOGLE_APPLICATION_CREDENTIALS") - ts, err := tokenSource(false, map[string]string{}) - if err != nil { - t.Fatalf("failed to get a token source: %+v", err) - } - if ts == nil { - t.Fatal("returned nil token source") - } -} - -func Test_parseScopes(t *testing.T) { - cases := []struct { - in map[string]string - out []string - }{ - { - map[string]string{}, - []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email"}, - }, - { - map[string]string{"scopes": ""}, - []string{}, - }, - { - map[string]string{"scopes": "A,B,C"}, - []string{"A", "B", "C"}, - }, - } - - for _, c := range cases { - got := parseScopes(c.in) - if !reflect.DeepEqual(got, c.out) { - t.Errorf("expected=%v, got=%v", c.out, got) - } - } -} - -func errEquiv(got, want error) bool { - if got == want { - return true - } - if got != nil && want != nil { - return strings.Contains(got.Error(), want.Error()) - } - return false -} - -func TestCmdTokenSource(t *testing.T) { - execCommand = fakeExec - fakeExpiry := time.Date(2016, 10, 31, 22, 31, 9, 123000000, time.UTC) - customFmt := "2006-01-02 15:04:05.999999999" - - tests := []struct { - name string - gcpConfig map[string]string - tok *oauth2.Token - newErr, tokenErr error - }{ - { - "default", - map[string]string{ - "cmd-path": "/default/no/args", - }, - &oauth2.Token{ - AccessToken: "faketoken", - TokenType: "Bearer", - Expiry: fakeExpiry, - }, - nil, - nil, - }, - { - "default legacy args", - map[string]string{ - "cmd-path": "/default/legacy/args arg1 arg2 arg3", - }, - &oauth2.Token{ - AccessToken: "faketoken", - TokenType: "Bearer", - Expiry: fakeExpiry, - }, - nil, - nil, - }, - - { - "custom keys", - map[string]string{ - "cmd-path": "/space in path/customkeys", - "cmd-args": "can haz auth", - "token-key": "{.token}", - "expiry-key": "{.token_expiry.datetime}", - "time-fmt": customFmt, - }, - &oauth2.Token{ - AccessToken: "faketoken", - TokenType: "Bearer", - Expiry: fakeExpiry, - }, - nil, - nil, - }, - { - "missing cmd", - map[string]string{ - "cmd-path": "", - }, - nil, - fmt.Errorf("missing access token cmd"), - nil, - }, - { - "missing token-key", - map[string]string{ - "cmd-path": "missing/tokenkey/noargs", - "token-key": "{.token}", - }, - nil, - nil, - fmt.Errorf("error parsing token-key %q", "{.token}"), - }, - - { - "missing expiry-key", - map[string]string{ - "cmd-path": "missing/expirykey/legacyargs split on whitespace", - "expiry-key": "{.expiry}", - }, - nil, - nil, - fmt.Errorf("error parsing expiry-key %q", "{.expiry}"), - }, - { - "invalid expiry timestamp", - map[string]string{ - "cmd-path": "invalid expiry/timestamp", - "cmd-args": "foo --bar --baz=abc,def", - }, - &oauth2.Token{ - AccessToken: "faketoken", - TokenType: "Bearer", - Expiry: time.Time{}, - }, - nil, - nil, - }, - { - "bad JSON", - map[string]string{ - "cmd-path": "badjson", - }, - nil, - nil, - fmt.Errorf("invalid character '-' after object key:value pair"), - }, - } - - for _, tc := range tests { - provider, err := newGCPAuthProvider("", tc.gcpConfig, nil /* persister */) - if !errEquiv(err, tc.newErr) { - t.Errorf("%q newGCPAuthProvider error: got %v, want %v", tc.name, err, tc.newErr) - continue - } - if err != nil { - continue - } - ts := provider.(*gcpAuthProvider).tokenSource.(*cachedTokenSource).source.(*commandTokenSource) - wantCmd = append([]string{ts.cmd}, ts.args...) - tok, err := ts.Token() - if !errEquiv(err, tc.tokenErr) { - t.Errorf("%q Token() error: got %v, want %v", tc.name, err, tc.tokenErr) - } - if !reflect.DeepEqual(tok, tc.tok) { - t.Errorf("%q Token() got %v, want %v", tc.name, tok, tc.tok) - } - } -} - -type fakePersister struct { - lk sync.Mutex - cache map[string]string -} - -func (f *fakePersister) Persist(cache map[string]string) error { - f.lk.Lock() - defer f.lk.Unlock() - f.cache = map[string]string{} - for k, v := range cache { - f.cache[k] = v - } - return nil -} - -func (f *fakePersister) read() map[string]string { - ret := map[string]string{} - f.lk.Lock() - defer f.lk.Unlock() - for k, v := range f.cache { - ret[k] = v - } - return ret -} - -type fakeTokenSource struct { - token *oauth2.Token - err error -} - -func (f *fakeTokenSource) Token() (*oauth2.Token, error) { - return f.token, f.err -} - -func TestCachedTokenSource(t *testing.T) { - tok := &oauth2.Token{AccessToken: "fakeaccesstoken"} - persister := &fakePersister{} - source := &fakeTokenSource{ - token: tok, - err: nil, - } - cache := map[string]string{ - "foo": "bar", - "baz": "bazinga", - } - ts, err := newCachedTokenSource("fakeaccesstoken", "", persister, source, cache) - if err != nil { - t.Fatal(err) - } - var wg sync.WaitGroup - wg.Add(10) - for i := 0; i < 10; i++ { - go func() { - _, err := ts.Token() - if err != nil { - t.Errorf("unexpected error: %s", err) - } - wg.Done() - }() - } - wg.Wait() - cache["access-token"] = "fakeaccesstoken" - cache["expiry"] = tok.Expiry.Format(time.RFC3339Nano) - if got := persister.read(); !reflect.DeepEqual(got, cache) { - t.Errorf("got cache %v, want %v", got, cache) - } -} - -type MockTransport struct { - res *http.Response -} - -func (t *MockTransport) RoundTrip(req *http.Request) (*http.Response, error) { - return t.res, nil -} - -func Test_cmdTokenSource_roundTrip(t *testing.T) { - - accessToken := "fakeToken" - fakeExpiry := time.Now().Add(time.Hour) - fakeExpiryStr := fakeExpiry.Format(time.RFC3339Nano) - fs := &fakeTokenSource{ - token: &oauth2.Token{ - AccessToken: accessToken, - Expiry: fakeExpiry, - }, - } - - cmdCache := map[string]string{ - "cmd-path": "/path/to/tokensource/cmd", - "cmd-args": "--output=json", - } - cmdCacheUpdated := map[string]string{ - "cmd-path": "/path/to/tokensource/cmd", - "cmd-args": "--output=json", - "access-token": accessToken, - "expiry": fakeExpiryStr, - } - simpleCacheUpdated := map[string]string{ - "access-token": accessToken, - "expiry": fakeExpiryStr, - } - - tests := []struct { - name string - res http.Response - baseCache, expectedCache map[string]string - }{ - { - "Unauthorized", - http.Response{StatusCode: http.StatusUnauthorized}, - make(map[string]string), - make(map[string]string), - }, - { - "Unauthorized, nonempty defaultCache", - http.Response{StatusCode: http.StatusUnauthorized}, - cmdCache, - cmdCache, - }, - { - "Authorized", - http.Response{StatusCode: http.StatusOK}, - make(map[string]string), - simpleCacheUpdated, - }, - { - "Authorized, nonempty defaultCache", - http.Response{StatusCode: http.StatusOK}, - cmdCache, - cmdCacheUpdated, - }, - } - - persister := &fakePersister{} - req := http.Request{Header: http.Header{}} - - for _, tc := range tests { - cts, err := newCachedTokenSource(accessToken, fakeExpiry.String(), persister, fs, tc.baseCache) - if err != nil { - t.Fatalf("unexpected error from newCachedTokenSource: %v", err) - } - authProvider := gcpAuthProvider{cts, persister} - - fakeTransport := MockTransport{&tc.res} - transport := (authProvider.WrapTransport(&fakeTransport)) - // call Token to persist/update cache - if _, err := cts.Token(); err != nil { - t.Fatalf("unexpected error from cachedTokenSource.Token(): %v", err) - } - - transport.RoundTrip(&req) - - if got := persister.read(); !reflect.DeepEqual(got, tc.expectedCache) { - t.Errorf("got cache %v, want %v", got, tc.expectedCache) - } - } - -}