diff --git a/pkg/kubelet/api/v1alpha1/runtime/api.pb.go b/pkg/kubelet/api/v1alpha1/runtime/api.pb.go index aea5a4d0025..8382c925617 100644 --- a/pkg/kubelet/api/v1alpha1/runtime/api.pb.go +++ b/pkg/kubelet/api/v1alpha1/runtime/api.pb.go @@ -475,9 +475,8 @@ type LinuxSandboxSecurityContext struct { NamespaceOptions *NamespaceOption `protobuf:"bytes,1,opt,name=namespace_options,json=namespaceOptions" json:"namespace_options,omitempty"` // Optional SELinux context to be applied. SelinuxOptions *SELinuxOption `protobuf:"bytes,2,opt,name=selinux_options,json=selinuxOptions" json:"selinux_options,omitempty"` - // User to run the entrypoint of the sandbox process. Can be either UID or - // user name. - RunAsUser *string `protobuf:"bytes,3,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"` + // UID to run sandbox processes as, when applicable. + RunAsUser *int64 `protobuf:"varint,3,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"` // If set, the root filesystem of the sandbox is read-only. ReadonlyRootfs *bool `protobuf:"varint,4,opt,name=readonly_rootfs,json=readonlyRootfs" json:"readonly_rootfs,omitempty"` // List of groups applied to the first process run in the sandbox, in @@ -505,11 +504,11 @@ func (m *LinuxSandboxSecurityContext) GetSelinuxOptions() *SELinuxOption { return nil } -func (m *LinuxSandboxSecurityContext) GetRunAsUser() string { +func (m *LinuxSandboxSecurityContext) GetRunAsUser() int64 { if m != nil && m.RunAsUser != nil { return *m.RunAsUser } - return "" + return 0 } func (m *LinuxSandboxSecurityContext) GetReadonlyRootfs() bool { @@ -1336,15 +1335,18 @@ type LinuxContainerSecurityContext struct { NamespaceOptions *NamespaceOption `protobuf:"bytes,3,opt,name=namespace_options,json=namespaceOptions" json:"namespace_options,omitempty"` // SELinux context to be optionally applied. SelinuxOptions *SELinuxOption `protobuf:"bytes,4,opt,name=selinux_options,json=selinuxOptions" json:"selinux_options,omitempty"` - // The user to run the the container process as. Can be either UID or user - // name. - // Defaults to user specified in image metadata if unspecified. - RunAsUser *string `protobuf:"bytes,5,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"` + // UID to run the container process as. Only one of run_as_user and + // run_as_username can be specified at a time. + RunAsUser *int64 `protobuf:"varint,5,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"` + // User name to run the container process as. If specified, the user MUST + // exist in the container image (i.e. in the /etc/passwd inside the image), + // and be resolved there by the runtime; otherwise, the runtime MUST error. + RunAsUsername *string `protobuf:"bytes,6,opt,name=run_as_username,json=runAsUsername" json:"run_as_username,omitempty"` // If set, the root filesystem of the container is read-only. - ReadonlyRootfs *bool `protobuf:"varint,6,opt,name=readonly_rootfs,json=readonlyRootfs" json:"readonly_rootfs,omitempty"` + ReadonlyRootfs *bool `protobuf:"varint,7,opt,name=readonly_rootfs,json=readonlyRootfs" json:"readonly_rootfs,omitempty"` // List of groups applied to the first process run in the container, in // addition to the container's primary GID. - SupplementalGroups []int64 `protobuf:"varint,7,rep,name=supplemental_groups,json=supplementalGroups" json:"supplemental_groups,omitempty"` + SupplementalGroups []int64 `protobuf:"varint,8,rep,name=supplemental_groups,json=supplementalGroups" json:"supplemental_groups,omitempty"` XXX_unrecognized []byte `json:"-"` } @@ -1383,10 +1385,17 @@ func (m *LinuxContainerSecurityContext) GetSelinuxOptions() *SELinuxOption { return nil } -func (m *LinuxContainerSecurityContext) GetRunAsUser() string { +func (m *LinuxContainerSecurityContext) GetRunAsUser() int64 { if m != nil && m.RunAsUser != nil { return *m.RunAsUser } + return 0 +} + +func (m *LinuxContainerSecurityContext) GetRunAsUsername() string { + if m != nil && m.RunAsUsername != nil { + return *m.RunAsUsername + } return "" } @@ -2441,8 +2450,13 @@ type Image struct { RepoDigests []string `protobuf:"bytes,3,rep,name=repo_digests,json=repoDigests" json:"repo_digests,omitempty"` // Size of the image in bytes. Size_ *uint64 `protobuf:"varint,4,opt,name=size" json:"size,omitempty"` - // User that will run the command(s). - User *string `protobuf:"bytes,5,opt,name=user" json:"user,omitempty"` + // UID that will run the command(s). This is used as a default if no user is + // specified when creating the container. UID and the following user name + // are mutually exclusive. + Uid *int64 `protobuf:"varint,5,opt,name=uid" json:"uid,omitempty"` + // User name that will run the command(s). This is used if UID is not set + // and no user is specified when creating container. + Username *string `protobuf:"bytes,6,opt,name=username" json:"username,omitempty"` XXX_unrecognized []byte `json:"-"` } @@ -2479,9 +2493,16 @@ func (m *Image) GetSize_() uint64 { return 0 } -func (m *Image) GetUser() string { - if m != nil && m.User != nil { - return *m.User +func (m *Image) GetUid() int64 { + if m != nil && m.Uid != nil { + return *m.Uid + } + return 0 +} + +func (m *Image) GetUsername() string { + if m != nil && m.Username != nil { + return *m.Username } return "" } @@ -3805,214 +3826,216 @@ var _ImageService_serviceDesc = grpc.ServiceDesc{ } var fileDescriptorApi = []byte{ - // 3336 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xcc, 0x3a, 0xcd, 0x72, 0x1b, 0xc7, - 0xd1, 0x04, 0x40, 0x80, 0x40, 0x83, 0x00, 0xc1, 0x21, 0x45, 0x42, 0xa0, 0x25, 0x51, 0x6b, 0xc9, - 0x96, 0x64, 0x5b, 0x9f, 0xc5, 0x2f, 0xb1, 0x62, 0xd9, 0x92, 0x0d, 0x93, 0xb4, 0x43, 0x4b, 0x82, - 0xe8, 0x85, 0xe4, 0xd8, 0xe5, 0xc3, 0x66, 0x85, 0x1d, 0x81, 0x2b, 0x01, 0xbb, 0xeb, 0xdd, 0x81, - 0x2c, 0xe6, 0x92, 0x6b, 0x0e, 0x49, 0x55, 0xae, 0x39, 0x25, 0x87, 0x54, 0xb9, 0x92, 0xdc, 0x52, - 0x95, 0xaa, 0xbc, 0x43, 0x2a, 0x0f, 0x90, 0x47, 0xc8, 0x2b, 0xe4, 0x94, 0x9a, 0xdf, 0x9d, 0xfd, - 0xa3, 0x48, 0xd9, 0x15, 0xeb, 0xb6, 0xd3, 0xd3, 0xd3, 0xd3, 0xd3, 0xdd, 0xd3, 0x7f, 0x3b, 0xd0, - 0xb0, 0x03, 0xf7, 0x6a, 0x10, 0xfa, 0xc4, 0x47, 0x0b, 0xe1, 0xcc, 0x23, 0xee, 0x14, 0x1b, 0x57, - 0xa0, 0xfd, 0x39, 0x0e, 0x23, 0xd7, 0xf7, 0x4c, 0xfc, 0xf5, 0x0c, 0x47, 0x04, 0x75, 0x61, 0xe1, - 0x29, 0x87, 0x74, 0x4b, 0x9b, 0xa5, 0x4b, 0x0d, 0x53, 0x0e, 0x8d, 0x6f, 0x4b, 0xb0, 0xa4, 0x90, - 0xa3, 0xc0, 0xf7, 0x22, 0x5c, 0x8c, 0x8d, 0xce, 0xc3, 0xa2, 0xd8, 0xc4, 0xf2, 0xec, 0x29, 0xee, - 0x96, 0xd9, 0x74, 0x53, 0xc0, 0x06, 0xf6, 0x14, 0xa3, 0xd7, 0x61, 0x49, 0xa2, 0x48, 0x22, 0x15, - 0x86, 0xd5, 0x16, 0x60, 0xb1, 0x1b, 0xba, 0x0a, 0x2b, 0x12, 0xd1, 0x0e, 0x5c, 0x85, 0x3c, 0xcf, - 0x90, 0x97, 0xc5, 0x54, 0x3f, 0x70, 0x05, 0xbe, 0xf1, 0x15, 0x34, 0x76, 0x06, 0xc3, 0x6d, 0xdf, - 0x7b, 0xe4, 0x8e, 0x29, 0x8b, 0x11, 0x0e, 0xe9, 0x9a, 0x6e, 0x69, 0xb3, 0x42, 0x59, 0x14, 0x43, - 0xd4, 0x83, 0x7a, 0x84, 0xed, 0x70, 0x74, 0x80, 0xa3, 0x6e, 0x99, 0x4d, 0xa9, 0x31, 0x5d, 0xe5, - 0x07, 0xc4, 0xf5, 0xbd, 0xa8, 0x5b, 0xe1, 0xab, 0xc4, 0xd0, 0xf8, 0x5d, 0x09, 0x9a, 0xfb, 0x7e, - 0x48, 0xee, 0xda, 0x41, 0xe0, 0x7a, 0x63, 0xf4, 0x16, 0xd4, 0x99, 0x50, 0x47, 0xfe, 0x84, 0xc9, - 0xa0, 0xbd, 0xb5, 0x7c, 0x55, 0xb0, 0x74, 0x75, 0x5f, 0x4c, 0x98, 0x0a, 0x05, 0x5d, 0x84, 0xf6, - 0xc8, 0xf7, 0x88, 0xed, 0x7a, 0x38, 0xb4, 0x02, 0x3f, 0x24, 0x4c, 0x32, 0x55, 0xb3, 0xa5, 0xa0, - 0x94, 0x38, 0xda, 0x80, 0xc6, 0x81, 0x1f, 0x11, 0x8e, 0x51, 0x61, 0x18, 0x75, 0x0a, 0x60, 0x93, - 0xeb, 0xb0, 0xc0, 0x26, 0xdd, 0x40, 0xc8, 0xa0, 0x46, 0x87, 0x7b, 0x81, 0xf1, 0xdb, 0x12, 0x54, - 0xef, 0xfa, 0x33, 0x8f, 0xa4, 0xb6, 0xb1, 0xc9, 0x81, 0xd0, 0x8f, 0xb6, 0x8d, 0x4d, 0x0e, 0xe2, - 0x6d, 0x28, 0x06, 0x57, 0x11, 0xdf, 0x86, 0x4e, 0xf6, 0xa0, 0x1e, 0x62, 0xdb, 0xf1, 0xbd, 0xc9, - 0x21, 0x63, 0xa1, 0x6e, 0xaa, 0x31, 0xd5, 0x5d, 0x84, 0x27, 0xae, 0x37, 0x7b, 0x66, 0x85, 0x78, - 0x62, 0x3f, 0xc4, 0x13, 0xc6, 0x4a, 0xdd, 0x6c, 0x0b, 0xb0, 0xc9, 0xa1, 0xc6, 0x63, 0x58, 0xa2, - 0xca, 0x8e, 0x02, 0x7b, 0x84, 0xef, 0x31, 0x11, 0x52, 0xd3, 0x60, 0x9b, 0x7a, 0x98, 0x7c, 0xe3, - 0x87, 0x4f, 0x18, 0x67, 0x75, 0xb3, 0x49, 0x61, 0x03, 0x0e, 0x42, 0xa7, 0xa1, 0xce, 0xf9, 0x72, - 0x1d, 0xc6, 0x56, 0xdd, 0x64, 0x27, 0xde, 0x77, 0x1d, 0x35, 0xe5, 0x06, 0x23, 0xc1, 0xd5, 0x02, - 0x3f, 0xfd, 0xc8, 0xf8, 0x7d, 0x19, 0x36, 0xee, 0xd0, 0xcd, 0x87, 0xb6, 0xe7, 0x3c, 0xf4, 0x9f, - 0x0d, 0xf1, 0x68, 0x16, 0xba, 0xe4, 0x70, 0xdb, 0xf7, 0x08, 0x7e, 0x46, 0xd0, 0x2e, 0x2c, 0x7b, - 0x92, 0x17, 0x4b, 0xaa, 0x97, 0xee, 0xde, 0xdc, 0xea, 0x2a, 0x9d, 0xa5, 0xb8, 0x35, 0x3b, 0x5e, - 0x12, 0x10, 0xa1, 0x0f, 0xe2, 0xb3, 0x4b, 0x22, 0x65, 0x46, 0x64, 0x4d, 0x11, 0x19, 0xee, 0x32, - 0x3e, 0x04, 0x09, 0x29, 0x13, 0x49, 0xe0, 0x2c, 0xd0, 0x7b, 0x60, 0xd9, 0x91, 0x35, 0x8b, 0x70, - 0x28, 0x8c, 0xbe, 0x11, 0xce, 0xbc, 0x7e, 0xf4, 0x20, 0xc2, 0x21, 0xbb, 0x18, 0x42, 0xd0, 0x56, - 0xe8, 0xfb, 0xe4, 0x51, 0x24, 0x85, 0x2b, 0xc1, 0x26, 0x83, 0xa2, 0xff, 0x83, 0x95, 0x68, 0x16, - 0x04, 0x13, 0x3c, 0xc5, 0x1e, 0xb1, 0x27, 0xd6, 0x38, 0xf4, 0x67, 0x41, 0xd4, 0xad, 0x6e, 0x56, - 0x2e, 0x55, 0x4c, 0xa4, 0x4f, 0x7d, 0xc2, 0x66, 0x8c, 0xdf, 0x94, 0xe0, 0x14, 0xe3, 0x6c, 0xdf, - 0x77, 0x84, 0x90, 0xc4, 0x35, 0x79, 0x15, 0x5a, 0x23, 0xb6, 0xdc, 0x0a, 0xec, 0x10, 0x7b, 0x44, - 0xd8, 0xcb, 0x22, 0x07, 0xee, 0x33, 0x18, 0xba, 0x07, 0x9d, 0x48, 0xc8, 0xd4, 0x1a, 0x71, 0xa1, - 0x8a, 0xa3, 0x5f, 0x50, 0x47, 0x3f, 0x42, 0x01, 0xe6, 0x52, 0x94, 0x04, 0x18, 0x21, 0xa0, 0x98, - 0x93, 0xbb, 0x98, 0xd8, 0x8e, 0x4d, 0x6c, 0x84, 0x60, 0x9e, 0xf9, 0x0c, 0xce, 0x02, 0xfb, 0x46, - 0x1d, 0xa8, 0xcc, 0x84, 0x31, 0x34, 0x4c, 0xfa, 0x89, 0x5e, 0x81, 0x86, 0x52, 0x8d, 0x94, 0xa1, - 0x02, 0xd0, 0x0b, 0x6c, 0x13, 0x82, 0xa7, 0x01, 0x61, 0xb2, 0x6b, 0x99, 0x72, 0x68, 0xfc, 0x7d, - 0x1e, 0x3a, 0x99, 0xe3, 0x5f, 0x87, 0xfa, 0x54, 0x6c, 0x2f, 0x2c, 0x62, 0x23, 0xbe, 0xc5, 0x19, - 0x0e, 0x4d, 0x85, 0x4c, 0x2f, 0x09, 0x35, 0x3f, 0xcd, 0xc7, 0xa9, 0x31, 0x95, 0xe9, 0xc4, 0x1f, - 0x5b, 0x8e, 0x1b, 0xe2, 0x11, 0xf1, 0xc3, 0x43, 0xc1, 0xe5, 0xe2, 0xc4, 0x1f, 0xef, 0x48, 0x18, - 0xba, 0x06, 0xe0, 0x78, 0x11, 0x15, 0xe7, 0x23, 0x77, 0xcc, 0x78, 0x6d, 0x6e, 0x21, 0xb5, 0xb7, - 0xf2, 0x63, 0x66, 0xc3, 0xf1, 0x22, 0xc1, 0xec, 0xbb, 0xd0, 0xa2, 0x7e, 0xc1, 0x9a, 0x72, 0x17, - 0xc4, 0x15, 0xde, 0xdc, 0x5a, 0xd5, 0x38, 0x56, 0xfe, 0xc9, 0x5c, 0x0c, 0xe2, 0x41, 0x84, 0x6e, - 0x42, 0x8d, 0xdd, 0xcb, 0xa8, 0x5b, 0x63, 0x6b, 0x2e, 0xe6, 0x9c, 0x92, 0xef, 0x72, 0xf5, 0x0e, - 0xc3, 0xdb, 0xf5, 0x48, 0x78, 0x68, 0x8a, 0x45, 0xe8, 0x0e, 0x34, 0x6d, 0xcf, 0xf3, 0x89, 0xcd, - 0xcd, 0x7e, 0x81, 0xd1, 0xb8, 0x52, 0x4c, 0xa3, 0x1f, 0x23, 0x73, 0x42, 0xfa, 0x72, 0xf4, 0x23, - 0xa8, 0xb2, 0x7b, 0xd1, 0xad, 0xb3, 0x53, 0x9f, 0x4d, 0xda, 0x50, 0x9a, 0x98, 0xc9, 0x91, 0x7b, - 0xef, 0x42, 0x53, 0x63, 0x8d, 0x1a, 0xc6, 0x13, 0x7c, 0x28, 0x6c, 0x85, 0x7e, 0xa2, 0x55, 0xa8, - 0x3e, 0xb5, 0x27, 0x33, 0xa9, 0x0f, 0x3e, 0xb8, 0x51, 0xfe, 0x49, 0xa9, 0x77, 0x0b, 0x3a, 0x69, - 0x8e, 0x4e, 0xb2, 0xde, 0xd8, 0x83, 0x55, 0x73, 0xe6, 0xc5, 0x8c, 0xc9, 0xa0, 0x79, 0x0d, 0x6a, - 0x42, 0x7f, 0xdc, 0x76, 0x4e, 0x17, 0x4a, 0xc4, 0x14, 0x88, 0xc6, 0x4d, 0x38, 0x95, 0x22, 0x25, - 0x42, 0xea, 0x05, 0x68, 0x07, 0xbe, 0x63, 0x45, 0x1c, 0x6c, 0xb9, 0x8e, 0xbc, 0x89, 0x81, 0xc2, - 0xdd, 0x73, 0xe8, 0xf2, 0x21, 0xf1, 0x83, 0x2c, 0x2b, 0xc7, 0x5b, 0xde, 0x85, 0xb5, 0xf4, 0x72, - 0xbe, 0xbd, 0xf1, 0x01, 0xac, 0x9b, 0x78, 0xea, 0x3f, 0xc5, 0x2f, 0x4a, 0xba, 0x07, 0xdd, 0x2c, - 0x81, 0x98, 0x78, 0x0c, 0x1d, 0x12, 0x9b, 0xcc, 0xa2, 0x93, 0x11, 0xbf, 0xac, 0x13, 0x10, 0xc1, - 0x82, 0xd3, 0x41, 0x6d, 0x28, 0xbb, 0x81, 0x58, 0x54, 0x76, 0x03, 0xe3, 0x4b, 0x68, 0x0c, 0x74, - 0x6f, 0xa0, 0x47, 0x9b, 0x86, 0x29, 0x87, 0x68, 0x2b, 0x0e, 0xf4, 0xe5, 0xe7, 0x44, 0x02, 0x95, - 0x02, 0xdc, 0xce, 0x38, 0x51, 0xc1, 0xc3, 0x16, 0x80, 0xf2, 0x40, 0x32, 0xb2, 0xa0, 0x2c, 0x3d, - 0x53, 0xc3, 0x32, 0xfe, 0x98, 0x70, 0x47, 0xda, 0x61, 0x1c, 0x75, 0x18, 0x27, 0xe1, 0x9e, 0xca, - 0x27, 0x71, 0x4f, 0x57, 0xa1, 0x1a, 0x11, 0x9b, 0x70, 0x07, 0xd9, 0xd6, 0x0e, 0x97, 0xdc, 0x12, - 0x9b, 0x1c, 0x0d, 0x9d, 0x01, 0x18, 0x85, 0xd8, 0x26, 0xd8, 0xb1, 0x6c, 0xee, 0x39, 0x2b, 0x66, - 0x43, 0x40, 0xfa, 0x04, 0xdd, 0x88, 0xe5, 0x58, 0x65, 0x6c, 0x6c, 0xe6, 0x10, 0x4c, 0xe8, 0x25, - 0x96, 0xb4, 0xba, 0xed, 0xb5, 0xa3, 0x6f, 0xbb, 0x58, 0xc7, 0x91, 0x35, 0x87, 0xb5, 0x50, 0xe8, - 0xb0, 0xf8, 0x8a, 0xe3, 0x38, 0xac, 0x7a, 0xa1, 0xc3, 0x12, 0x34, 0x8e, 0x74, 0x58, 0x3f, 0xa4, - 0xeb, 0xb9, 0x0b, 0xdd, 0xec, 0xd5, 0x11, 0x2e, 0xe3, 0x1a, 0xd4, 0x22, 0x06, 0x39, 0xc2, 0xfd, - 0x88, 0x25, 0x02, 0xd1, 0xf8, 0x77, 0x49, 0xb7, 0xba, 0x8f, 0xdd, 0x09, 0xc1, 0x61, 0xc6, 0xea, - 0x94, 0xf1, 0x94, 0x8f, 0x67, 0x3c, 0x43, 0x68, 0x33, 0xb1, 0x5b, 0x11, 0x9e, 0xb0, 0xe8, 0xc6, - 0x72, 0xe7, 0xe6, 0xd6, 0x9b, 0x39, 0x0b, 0xf9, 0x96, 0x5c, 0x67, 0x43, 0x81, 0xce, 0x25, 0xde, - 0x9a, 0xe8, 0xb0, 0xde, 0x87, 0x80, 0xb2, 0x48, 0x27, 0x12, 0xdd, 0xa7, 0xf4, 0xba, 0xd2, 0xd4, - 0x39, 0xc7, 0x6d, 0x3f, 0x62, 0x6c, 0x1c, 0x21, 0x37, 0xce, 0xa7, 0x29, 0x10, 0x8d, 0x3f, 0x54, - 0x00, 0xe2, 0xc9, 0x97, 0xf6, 0x9e, 0x5e, 0x57, 0xb7, 0x86, 0xa7, 0x06, 0xe7, 0x72, 0xe8, 0xe5, - 0xde, 0x97, 0x8f, 0x93, 0xf7, 0x85, 0x27, 0x09, 0x17, 0xf2, 0x56, 0xbf, 0xb4, 0x37, 0x65, 0x1b, - 0xd6, 0xd2, 0xea, 0x16, 0xf7, 0xe4, 0x32, 0x54, 0x5d, 0x82, 0xa7, 0xbc, 0x10, 0x6c, 0x6e, 0xad, - 0xe4, 0x1c, 0xcb, 0xe4, 0x18, 0xc6, 0x79, 0x68, 0xec, 0x4d, 0xed, 0x31, 0x1e, 0x06, 0x78, 0x44, - 0xf7, 0x72, 0xe9, 0x40, 0xec, 0xcf, 0x07, 0xc6, 0x16, 0xd4, 0x6f, 0xe3, 0xc3, 0xcf, 0xe9, 0xbe, - 0xc7, 0xe5, 0xcf, 0xf8, 0x47, 0x09, 0xd6, 0x99, 0xbb, 0xdb, 0x96, 0x65, 0x98, 0x89, 0x23, 0x7f, - 0x16, 0x8e, 0x70, 0xc4, 0x54, 0x1a, 0xcc, 0xac, 0x00, 0x87, 0xae, 0xcf, 0x6d, 0x8a, 0xaa, 0x34, - 0x98, 0xed, 0x33, 0x00, 0x2d, 0xd5, 0xe8, 0xf4, 0xd7, 0x33, 0x5f, 0xd8, 0x56, 0xc5, 0xac, 0x8f, - 0x82, 0xd9, 0x67, 0x74, 0x2c, 0xd7, 0x46, 0x07, 0x76, 0x88, 0x23, 0x66, 0x43, 0x7c, 0xed, 0x90, - 0x01, 0xd0, 0x35, 0x38, 0x35, 0xc5, 0x53, 0x3f, 0x3c, 0xb4, 0x26, 0xee, 0xd4, 0x25, 0x96, 0xeb, - 0x59, 0x0f, 0x0f, 0x09, 0x8e, 0x84, 0xe1, 0x20, 0x3e, 0x79, 0x87, 0xce, 0xed, 0x79, 0x1f, 0xd1, - 0x19, 0x64, 0x40, 0xcb, 0xf7, 0xa7, 0x56, 0x34, 0xf2, 0x43, 0x6c, 0xd9, 0xce, 0x63, 0xe6, 0xef, - 0x2b, 0x66, 0xd3, 0xf7, 0xa7, 0x43, 0x0a, 0xeb, 0x3b, 0x8f, 0x0d, 0x1b, 0x5a, 0x89, 0x42, 0x87, - 0x26, 0xee, 0xac, 0xa2, 0x11, 0x89, 0x3b, 0xfd, 0xa6, 0xb0, 0xd0, 0x9f, 0x48, 0x39, 0xb0, 0x6f, - 0x0a, 0x23, 0x87, 0x81, 0xcc, 0xda, 0xd9, 0x37, 0x15, 0xd8, 0x04, 0x3f, 0x15, 0x75, 0x64, 0xc3, - 0xe4, 0x03, 0xc3, 0x01, 0xd8, 0xb6, 0x03, 0xfb, 0xa1, 0x3b, 0x71, 0xc9, 0x21, 0xba, 0x0c, 0x1d, - 0xdb, 0x71, 0xac, 0x91, 0x84, 0xb8, 0x58, 0x16, 0xf5, 0x4b, 0xb6, 0xe3, 0x6c, 0x6b, 0x60, 0xf4, - 0x06, 0x2c, 0x3b, 0xa1, 0x1f, 0x24, 0x71, 0x79, 0x95, 0xdf, 0xa1, 0x13, 0x3a, 0xb2, 0xf1, 0x9f, - 0x32, 0x9c, 0x49, 0xaa, 0x25, 0x5d, 0x3a, 0x5e, 0x87, 0xc5, 0xd4, 0xae, 0xa5, 0x84, 0x05, 0xc5, - 0x4c, 0x9a, 0x09, 0x44, 0x74, 0x16, 0x20, 0x08, 0xdd, 0xa7, 0xee, 0x04, 0x8f, 0xb1, 0xac, 0x65, - 0x35, 0x48, 0x7e, 0x4d, 0x5a, 0xf9, 0x3e, 0x6a, 0xd2, 0xf9, 0xef, 0x52, 0x93, 0x56, 0x8f, 0x51, - 0x93, 0xd6, 0x4e, 0x52, 0x93, 0x2e, 0x14, 0xd6, 0xa4, 0x7f, 0x2a, 0xc1, 0x6a, 0x52, 0xf8, 0xa2, - 0xcc, 0xb9, 0x05, 0x8d, 0x50, 0xde, 0x0e, 0x21, 0xf0, 0xcd, 0x64, 0xd2, 0x90, 0xbd, 0x45, 0x66, - 0xbc, 0x04, 0x7d, 0x56, 0x58, 0xad, 0xbe, 0x56, 0x40, 0xe6, 0xb9, 0xf5, 0x6a, 0x1f, 0x96, 0x15, - 0xf2, 0x91, 0xe5, 0xaa, 0x56, 0x7e, 0x96, 0x93, 0xe5, 0xa7, 0x07, 0xb5, 0x1d, 0xfc, 0xd4, 0x1d, - 0xe1, 0xef, 0xa5, 0x47, 0xb3, 0x09, 0xcd, 0x00, 0x87, 0x53, 0x37, 0x8a, 0x94, 0xe1, 0x34, 0x4c, - 0x1d, 0x64, 0xfc, 0xab, 0x0a, 0x4b, 0x69, 0xc9, 0xbe, 0x93, 0xa9, 0x76, 0x7b, 0xb1, 0x25, 0xa7, - 0xcf, 0xa7, 0x45, 0xa9, 0x4b, 0xd2, 0x11, 0x96, 0x53, 0xa9, 0xad, 0xf2, 0x95, 0xc2, 0x39, 0xd2, - 0xf3, 0x8f, 0xfc, 0xe9, 0xd4, 0xf6, 0x1c, 0xd9, 0x3f, 0x13, 0x43, 0x2a, 0x2d, 0x3b, 0x1c, 0x53, - 0xf3, 0xa4, 0x60, 0xf6, 0x8d, 0xce, 0x41, 0x93, 0xa6, 0x88, 0xae, 0xc7, 0x8a, 0x65, 0x61, 0x7c, - 0x20, 0x40, 0x3b, 0x6e, 0x88, 0x2e, 0xc2, 0x3c, 0xf6, 0x9e, 0xca, 0x78, 0x14, 0x37, 0xd8, 0xa4, - 0x03, 0x36, 0xd9, 0x34, 0x7a, 0x0d, 0x6a, 0x53, 0x7f, 0xe6, 0x11, 0x99, 0x2c, 0xb6, 0x15, 0x22, - 0xeb, 0x8a, 0x99, 0x62, 0x16, 0x5d, 0x86, 0x05, 0x87, 0xe9, 0x40, 0x66, 0x84, 0x4b, 0x71, 0xc1, - 0xcd, 0xe0, 0xa6, 0x9c, 0x47, 0xef, 0xab, 0x48, 0xda, 0x48, 0xc5, 0xc2, 0x94, 0x50, 0x73, 0xc3, - 0xe9, 0xed, 0x64, 0x38, 0x05, 0x46, 0xe2, 0x72, 0x21, 0x89, 0xa3, 0xcb, 0xe5, 0xd3, 0x50, 0x9f, - 0xf8, 0x63, 0x6e, 0x07, 0x4d, 0x5e, 0xc5, 0x4c, 0xfc, 0x31, 0x33, 0x83, 0x55, 0x9a, 0x3e, 0x38, - 0xae, 0xd7, 0x5d, 0x64, 0x77, 0x92, 0x0f, 0x68, 0x54, 0x60, 0x1f, 0x96, 0xef, 0x8d, 0x70, 0xb7, - 0xc5, 0xa6, 0x1a, 0x0c, 0x72, 0xcf, 0x1b, 0xb1, 0xa0, 0x45, 0xc8, 0x61, 0xb7, 0xcd, 0xe0, 0xf4, - 0x13, 0xfd, 0xbf, 0x4c, 0xd1, 0x97, 0x98, 0x7e, 0xcf, 0x14, 0x5c, 0x93, 0x97, 0xa6, 0x1e, 0xff, - 0x6b, 0x09, 0xd6, 0xb6, 0x59, 0xd2, 0xa3, 0x79, 0x82, 0x13, 0xd4, 0x93, 0xe8, 0x6d, 0x55, 0xb8, - 0xa7, 0x8b, 0xbf, 0xf4, 0x61, 0x05, 0x1e, 0xfa, 0x10, 0xda, 0x92, 0xa6, 0x58, 0x59, 0x79, 0x5e, - 0xc9, 0xdf, 0x8a, 0xf4, 0xa1, 0xf1, 0x3e, 0xac, 0x67, 0x78, 0x16, 0x09, 0xca, 0x79, 0x58, 0x8c, - 0x3d, 0x82, 0x62, 0xb9, 0xa9, 0x60, 0x7b, 0x8e, 0x71, 0x83, 0x16, 0xfe, 0x76, 0x48, 0x32, 0x07, - 0x3e, 0xc6, 0x5a, 0x56, 0xf5, 0x27, 0xd7, 0x8a, 0xc2, 0x7c, 0x08, 0xab, 0x43, 0xe2, 0x07, 0x2f, - 0x40, 0x94, 0xde, 0x74, 0x7a, 0x6c, 0x7f, 0x46, 0x44, 0x56, 0x22, 0x87, 0xc6, 0x3a, 0xef, 0x51, - 0x64, 0x77, 0x7b, 0x0f, 0xd6, 0x78, 0x8b, 0xe0, 0x45, 0x0e, 0x71, 0x5a, 0x36, 0x28, 0xb2, 0x74, - 0x7f, 0x5d, 0xd6, 0x5c, 0x5d, 0x41, 0x4d, 0xf3, 0x56, 0xb2, 0xa6, 0x59, 0xcf, 0x2a, 0x3c, 0x91, - 0x67, 0x67, 0xcd, 0xa8, 0x92, 0x63, 0x46, 0x66, 0xa6, 0xf0, 0x99, 0x67, 0x37, 0xfd, 0x8d, 0x2c, - 0xf5, 0xff, 0x61, 0xdd, 0xb3, 0xc7, 0xeb, 0x1e, 0xb5, 0xb5, 0xea, 0xb5, 0xbc, 0x9d, 0xaa, 0x7b, - 0xba, 0x45, 0x6c, 0xaa, 0xb2, 0xe7, 0x57, 0xf3, 0xd0, 0x50, 0x73, 0x19, 0x99, 0x66, 0x85, 0x54, - 0xce, 0x11, 0x92, 0x1e, 0x74, 0x2a, 0x2f, 0x12, 0x74, 0xe6, 0x9f, 0x17, 0x74, 0x36, 0xa0, 0xc1, - 0x3e, 0xac, 0x10, 0x3f, 0x12, 0x41, 0xa4, 0xce, 0x00, 0x26, 0x7e, 0x14, 0x2b, 0xbe, 0x76, 0x2c, - 0xc5, 0x27, 0x0b, 0xac, 0x85, 0x74, 0x81, 0xf5, 0x8e, 0x0a, 0x0b, 0x3c, 0x80, 0x9c, 0xcd, 0x92, - 0xcb, 0x0d, 0x08, 0xbb, 0xc9, 0x80, 0xc0, 0x63, 0xca, 0xab, 0x39, 0x8b, 0x5f, 0xda, 0xf2, 0xea, - 0x0e, 0x2f, 0xaf, 0x74, 0xab, 0x12, 0xde, 0x6b, 0x0b, 0x40, 0x5d, 0x54, 0x59, 0x63, 0xa1, 0xec, - 0xd1, 0x4c, 0x0d, 0x8b, 0xba, 0x82, 0x84, 0xfc, 0xe3, 0x86, 0xe0, 0x31, 0x5c, 0xc1, 0x5f, 0xf4, - 0xd4, 0xa6, 0xa0, 0x73, 0xf6, 0x4e, 0xa6, 0x22, 0x3f, 0x9e, 0xd5, 0xbd, 0x95, 0x2c, 0xc8, 0x4f, - 0x66, 0x2e, 0x99, 0x7a, 0x9c, 0x45, 0x62, 0x3b, 0x14, 0xd3, 0xbc, 0x94, 0x6a, 0x08, 0x48, 0x9f, - 0xd0, 0xfc, 0xe7, 0x91, 0xeb, 0xb9, 0xd1, 0x01, 0x9f, 0xaf, 0xb1, 0x79, 0x90, 0xa0, 0x3e, 0xfb, - 0x1d, 0x88, 0x9f, 0xb9, 0xc4, 0x1a, 0xf9, 0x0e, 0x66, 0xc6, 0x58, 0x35, 0xeb, 0x14, 0xb0, 0xed, - 0x3b, 0x38, 0xbe, 0x20, 0xf5, 0x13, 0x5d, 0x90, 0x46, 0xea, 0x82, 0xac, 0x41, 0x2d, 0xc4, 0x76, - 0xe4, 0x7b, 0x5d, 0xe0, 0x3f, 0x15, 0xf9, 0x88, 0x3a, 0xf8, 0x29, 0x8e, 0x22, 0xba, 0x81, 0xc8, - 0x3a, 0xc4, 0x50, 0xcb, 0x8d, 0x16, 0x8b, 0x72, 0xa3, 0x23, 0x5a, 0x73, 0xa9, 0xdc, 0xa8, 0x55, - 0x94, 0x1b, 0x1d, 0xa7, 0x33, 0xa7, 0x65, 0x7e, 0xed, 0xa3, 0x32, 0xbf, 0x1f, 0xf2, 0xe2, 0xdc, - 0x86, 0xf5, 0x8c, 0xa9, 0x8b, 0x9b, 0xf3, 0x76, 0xaa, 0x81, 0xd7, 0x2d, 0x92, 0x82, 0xea, 0xdf, - 0xfd, 0x1c, 0x96, 0x76, 0x9f, 0xe1, 0xd1, 0xf0, 0xd0, 0x1b, 0x9d, 0x20, 0x56, 0x77, 0xa0, 0x32, - 0x9a, 0x3a, 0xa2, 0x0c, 0xa6, 0x9f, 0x7a, 0xf4, 0xae, 0x24, 0xa3, 0xb7, 0x05, 0x9d, 0x78, 0x07, - 0xc1, 0xe7, 0x1a, 0xe5, 0xd3, 0xa1, 0xc8, 0x94, 0xf8, 0xa2, 0x29, 0x46, 0x02, 0x8e, 0xc3, 0x90, - 0x9d, 0x9a, 0xc3, 0x71, 0x18, 0x26, 0xcd, 0xb6, 0x92, 0x34, 0x5b, 0xe3, 0x31, 0x34, 0xe9, 0x06, - 0xdf, 0x89, 0x7d, 0x91, 0xc2, 0x56, 0xe2, 0x14, 0x56, 0x65, 0xc2, 0xf3, 0x5a, 0x26, 0x6c, 0x6c, - 0xc2, 0x22, 0xdf, 0x4b, 0x1c, 0xa4, 0x03, 0x95, 0x59, 0x38, 0x91, 0x7a, 0x9b, 0x85, 0x13, 0xe3, - 0xa7, 0xd0, 0xea, 0x13, 0x62, 0x8f, 0x0e, 0x4e, 0xc0, 0x8f, 0xda, 0xab, 0xac, 0xef, 0x65, 0x40, - 0x5b, 0x52, 0x2a, 0xdc, 0x6d, 0x00, 0x68, 0xdf, 0x0f, 0xc9, 0xc7, 0x7e, 0xf8, 0x8d, 0x1d, 0x3a, - 0x27, 0xcb, 0x59, 0x11, 0xcc, 0x8b, 0x77, 0x03, 0x95, 0x4b, 0x55, 0x93, 0x7d, 0x1b, 0xaf, 0xc3, - 0x4a, 0x82, 0x5e, 0xe1, 0xc6, 0xd7, 0xa1, 0xc9, 0xbc, 0x82, 0xc8, 0x8e, 0x2e, 0xe9, 0x9d, 0xad, - 0xa3, 0x5c, 0x07, 0xad, 0x7c, 0xa9, 0xdb, 0x67, 0x70, 0xe5, 0xa3, 0xdf, 0x4c, 0x25, 0x12, 0xab, - 0xc9, 0xf5, 0xa9, 0x24, 0xe2, 0x97, 0x50, 0x65, 0xe0, 0x8c, 0x8f, 0xde, 0xa0, 0x85, 0x7e, 0xe0, - 0x5b, 0xc4, 0x1e, 0xab, 0x97, 0x18, 0x14, 0x70, 0xdf, 0x1e, 0x47, 0xec, 0x21, 0x09, 0x9d, 0x74, - 0xdc, 0x31, 0x8e, 0x88, 0x7c, 0x8e, 0xd1, 0xa4, 0xb0, 0x1d, 0x0e, 0xa2, 0x12, 0x89, 0xdc, 0x5f, - 0xf0, 0x04, 0x61, 0xde, 0x64, 0xdf, 0xaa, 0x15, 0x55, 0x8d, 0x5b, 0x51, 0xc6, 0xfb, 0x80, 0xf4, - 0x33, 0x08, 0x21, 0xbd, 0x06, 0x35, 0x76, 0x44, 0x19, 0xb2, 0xda, 0xc9, 0x43, 0x98, 0x62, 0xd6, - 0xb8, 0x05, 0x88, 0x4b, 0x25, 0x11, 0xa6, 0x8e, 0x2f, 0xc1, 0xf7, 0x60, 0x25, 0xb1, 0x5e, 0xfd, - 0xef, 0x4b, 0x10, 0x48, 0xef, 0x2e, 0x16, 0xff, 0xb3, 0x04, 0xd0, 0x9f, 0x91, 0x03, 0x51, 0xc0, - 0xf7, 0xa0, 0x4e, 0x4f, 0xa4, 0xb5, 0x1d, 0xd4, 0x98, 0xce, 0x05, 0x76, 0x14, 0x7d, 0xe3, 0x87, - 0x32, 0x0f, 0x53, 0x63, 0x56, 0x7c, 0xcf, 0xc8, 0x81, 0x6c, 0xbc, 0xd1, 0x6f, 0x74, 0x11, 0xda, - 0xfc, 0x45, 0x8c, 0x65, 0x3b, 0x4e, 0x88, 0xa3, 0x48, 0x74, 0xe0, 0x5a, 0x1c, 0xda, 0xe7, 0x40, - 0x8a, 0xe6, 0x3a, 0xd8, 0x23, 0x2e, 0x39, 0xb4, 0x88, 0xff, 0x04, 0x7b, 0x42, 0xb4, 0x2d, 0x09, - 0xbd, 0x4f, 0x81, 0x14, 0x2d, 0xc4, 0x63, 0x37, 0x22, 0xa1, 0x44, 0xab, 0x71, 0x34, 0x09, 0x65, - 0x68, 0xc6, 0xb7, 0x25, 0xe8, 0xec, 0xcf, 0x26, 0x13, 0x7e, 0xc8, 0x93, 0xca, 0x12, 0xbd, 0x2e, - 0xce, 0x51, 0x4e, 0xb5, 0xe1, 0x62, 0x11, 0x89, 0xc3, 0x7d, 0xf7, 0x72, 0x6d, 0x05, 0x96, 0x35, - 0x46, 0x45, 0xa5, 0x71, 0x0b, 0x10, 0x2f, 0x42, 0x5e, 0x8c, 0x7f, 0xe3, 0x14, 0xac, 0x24, 0xd6, - 0x0b, 0xb2, 0x57, 0xa0, 0x25, 0x7e, 0x9e, 0x09, 0x3d, 0x9f, 0x86, 0x3a, 0xf5, 0x08, 0x23, 0xd7, - 0x91, 0x4d, 0xd5, 0x85, 0xc0, 0x77, 0xb6, 0x5d, 0x27, 0x34, 0x06, 0xd0, 0x32, 0x39, 0x79, 0x81, - 0x7b, 0x13, 0xda, 0xe2, 0x57, 0x9b, 0x95, 0xf8, 0x19, 0x1d, 0x77, 0x00, 0x13, 0xb4, 0xcd, 0x96, - 0xa7, 0x0f, 0x8d, 0xaf, 0xa0, 0xf7, 0x20, 0x70, 0x68, 0x4a, 0xa3, 0x53, 0x95, 0x47, 0xbb, 0x09, - 0xf2, 0x51, 0x56, 0x11, 0xf1, 0xe4, 0xb2, 0x56, 0xa8, 0x0f, 0x8d, 0x33, 0xb0, 0x91, 0x4b, 0x5c, - 0x9c, 0x3b, 0x80, 0x4e, 0x3c, 0xe1, 0xb8, 0xb2, 0x97, 0xcc, 0x7a, 0xc4, 0x25, 0xad, 0x47, 0xbc, - 0xa6, 0xe2, 0x24, 0xf7, 0xb8, 0x62, 0xa4, 0xa5, 0x2e, 0x95, 0xa2, 0xd4, 0x65, 0x3e, 0x91, 0xba, - 0x18, 0x9f, 0x2a, 0xe9, 0x89, 0xbc, 0xf1, 0x5d, 0x96, 0xbc, 0xf2, 0xbd, 0xa5, 0x27, 0x38, 0x9d, - 0x73, 0x38, 0x8e, 0x61, 0x6a, 0xc8, 0xc6, 0x12, 0xb4, 0x12, 0x3e, 0xc1, 0xf8, 0x10, 0xda, 0xa9, - 0x4b, 0x7e, 0x35, 0x15, 0xe0, 0x33, 0x62, 0x4b, 0x86, 0xf7, 0x2b, 0xaf, 0x40, 0x5d, 0xbe, 0x1d, - 0x43, 0x0b, 0x50, 0xb9, 0xbf, 0xbd, 0xdf, 0x99, 0xa3, 0x1f, 0x0f, 0x76, 0xf6, 0x3b, 0xa5, 0x2b, - 0x37, 0x60, 0x29, 0xf5, 0x5b, 0x08, 0x2d, 0x43, 0x6b, 0xd8, 0x1f, 0xec, 0x7c, 0x74, 0xef, 0x0b, - 0xcb, 0xdc, 0xed, 0xef, 0x7c, 0xd9, 0x99, 0x43, 0xab, 0xd0, 0x91, 0xa0, 0xc1, 0xbd, 0xfb, 0x1c, - 0x5a, 0xba, 0xf2, 0x04, 0xda, 0xc9, 0x0c, 0x16, 0x9d, 0x82, 0xe5, 0xed, 0x7b, 0x83, 0xfb, 0xfd, - 0xbd, 0xc1, 0xae, 0x69, 0x6d, 0x9b, 0xbb, 0xfd, 0xfb, 0xbb, 0x3b, 0x9d, 0xb9, 0x24, 0xd8, 0x7c, - 0x30, 0x18, 0xec, 0x0d, 0x3e, 0xe9, 0x94, 0x28, 0xd5, 0x18, 0xbc, 0xfb, 0xc5, 0x1e, 0x45, 0x2e, - 0x27, 0x91, 0x1f, 0x0c, 0x6e, 0x0f, 0xee, 0xfd, 0x6c, 0xd0, 0xa9, 0x6c, 0xfd, 0xb9, 0x09, 0x6d, - 0x79, 0x40, 0x1c, 0xb2, 0xa6, 0xe7, 0x2d, 0x58, 0x90, 0xcf, 0xfa, 0xe2, 0x9c, 0x3a, 0xf9, 0x06, - 0xb1, 0xd7, 0xcd, 0x4e, 0x08, 0x43, 0x99, 0x43, 0xfb, 0x4c, 0x71, 0xda, 0x2f, 0xb8, 0x33, 0xba, - 0x28, 0x33, 0xff, 0xf8, 0x7a, 0x67, 0x8b, 0xa6, 0x15, 0xc5, 0x21, 0xd5, 0x96, 0xfe, 0x16, 0x02, - 0xc5, 0x6b, 0x72, 0xdf, 0x58, 0xf4, 0xce, 0x15, 0xce, 0x2b, 0xa2, 0x5f, 0x42, 0x27, 0xfd, 0x0a, - 0x02, 0xc5, 0xcd, 0xeb, 0x82, 0x17, 0x16, 0xbd, 0xf3, 0x47, 0x60, 0xe8, 0xa4, 0x33, 0xef, 0x05, - 0x36, 0x8b, 0xff, 0xf8, 0x66, 0x48, 0x17, 0xfd, 0x46, 0xe6, 0xa2, 0x48, 0xfe, 0x3a, 0x43, 0xfa, - 0x5f, 0xfa, 0x9c, 0x5f, 0xa8, 0x9a, 0x28, 0xf2, 0xff, 0xb9, 0x19, 0x73, 0xe8, 0x73, 0x58, 0x4a, - 0xf5, 0xbb, 0x50, 0xbc, 0x2a, 0xbf, 0x7b, 0xd7, 0xdb, 0x2c, 0x46, 0x48, 0xea, 0x4d, 0xef, 0x66, - 0x25, 0xf4, 0x96, 0xd3, 0x22, 0x4b, 0xe8, 0x2d, 0xb7, 0x0d, 0xc6, 0xcc, 0x2b, 0xd1, 0xb3, 0xd2, - 0xcc, 0x2b, 0xaf, 0x41, 0xd6, 0x3b, 0x5b, 0x34, 0xad, 0x1f, 0x3f, 0xd5, 0xaf, 0xd2, 0x8e, 0x9f, - 0xdf, 0x06, 0xeb, 0x6d, 0x16, 0x23, 0xa4, 0x75, 0x15, 0xd7, 0xe1, 0x29, 0x5d, 0x65, 0xda, 0x3e, - 0x29, 0x5d, 0x65, 0x0b, 0x78, 0xa1, 0xab, 0x54, 0x41, 0x7d, 0xae, 0xb0, 0x16, 0xc9, 0xea, 0x2a, - 0xbf, 0xbc, 0x31, 0xe6, 0x50, 0x1f, 0xea, 0xb2, 0x98, 0x40, 0xf1, 0xed, 0x4e, 0x55, 0x30, 0xbd, - 0xd3, 0x39, 0x33, 0x8a, 0xc4, 0x8f, 0x61, 0x9e, 0x42, 0xd1, 0x6a, 0x02, 0x49, 0x2e, 0x3d, 0x95, - 0x82, 0xaa, 0x65, 0xef, 0x41, 0x8d, 0x67, 0xe3, 0x28, 0xf6, 0xb9, 0x89, 0x44, 0xbf, 0xb7, 0x9e, - 0x81, 0xab, 0xc5, 0x9f, 0xf2, 0xa7, 0xbe, 0x22, 0xad, 0x46, 0x1b, 0x89, 0x07, 0x76, 0xc9, 0xe4, - 0xbd, 0xf7, 0x4a, 0xfe, 0xa4, 0xa2, 0xf5, 0x10, 0x56, 0x72, 0x42, 0x20, 0x8a, 0x7b, 0x3f, 0xc5, - 0xd1, 0xb7, 0x77, 0xe1, 0x68, 0x24, 0xfd, 0xb0, 0x42, 0x6b, 0x6b, 0xba, 0xa9, 0x6b, 0xca, 0x5a, - 0xcf, 0xc0, 0xe5, 0xe2, 0xad, 0xbf, 0x95, 0x61, 0x91, 0x27, 0x2a, 0xc2, 0x55, 0x7f, 0x02, 0x10, - 0xa7, 0xcb, 0xa8, 0x97, 0xb0, 0x9e, 0x44, 0x1d, 0xd0, 0xdb, 0xc8, 0x9d, 0xd3, 0xc5, 0xa8, 0x65, - 0xbe, 0x9a, 0x18, 0xb3, 0xf9, 0xb4, 0x26, 0xc6, 0x9c, 0x64, 0xd9, 0x98, 0x43, 0x3b, 0xd0, 0x50, - 0xe9, 0x18, 0xd2, 0xb2, 0xb8, 0x54, 0x2e, 0xd9, 0xeb, 0xe5, 0x4d, 0xe9, 0x1c, 0x69, 0xf9, 0x97, - 0xc6, 0x51, 0x36, 0xab, 0xd3, 0x38, 0xca, 0x4b, 0xd9, 0xe6, 0xfe, 0x1b, 0x00, 0x00, 0xff, 0xff, - 0xce, 0x7b, 0x46, 0x5c, 0x58, 0x2f, 0x00, 0x00, + // 3365 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xcc, 0x3a, 0xdb, 0x72, 0x1b, 0xc7, + 0xb1, 0x04, 0x40, 0x82, 0x40, 0x83, 0x00, 0xc1, 0x21, 0x45, 0x42, 0xa0, 0x25, 0x51, 0x6b, 0x49, + 0x96, 0x64, 0x5b, 0xc7, 0xe2, 0x39, 0xc7, 0x3a, 0x96, 0x2d, 0xd9, 0x30, 0x49, 0xfb, 0xd0, 0x92, + 0x20, 0x7a, 0x21, 0x39, 0x76, 0xf9, 0x61, 0xb3, 0xc2, 0x0e, 0xc1, 0x95, 0x80, 0xdd, 0xf5, 0xee, + 0x80, 0x16, 0xf3, 0x05, 0x79, 0x48, 0xaa, 0xf2, 0xea, 0xa7, 0xa4, 0x52, 0xa9, 0x72, 0x25, 0x79, + 0x4b, 0x55, 0xaa, 0xf2, 0x0f, 0xa9, 0x7c, 0x40, 0x3e, 0x21, 0x7f, 0x91, 0x9a, 0xdb, 0xee, 0xcc, + 0x5e, 0x28, 0x52, 0x76, 0xc5, 0x7a, 0xdb, 0xe9, 0xe9, 0xe9, 0xe9, 0xdb, 0xf4, 0x74, 0xf7, 0x2c, + 0xd4, 0xed, 0xc0, 0xbd, 0x11, 0x84, 0x3e, 0xf1, 0xd1, 0x7c, 0x38, 0xf5, 0x88, 0x3b, 0xc1, 0xc6, + 0x75, 0x68, 0x7d, 0x81, 0xc3, 0xc8, 0xf5, 0x3d, 0x13, 0x7f, 0x33, 0xc5, 0x11, 0x41, 0x1d, 0x98, + 0x3f, 0xe4, 0x90, 0x4e, 0x69, 0xa3, 0x74, 0xb5, 0x6e, 0xca, 0xa1, 0xf1, 0x7d, 0x09, 0x16, 0x63, + 0xe4, 0x28, 0xf0, 0xbd, 0x08, 0x17, 0x63, 0xa3, 0x8b, 0xb0, 0x20, 0x36, 0xb1, 0x3c, 0x7b, 0x82, + 0x3b, 0x65, 0x36, 0xdd, 0x10, 0xb0, 0xbe, 0x3d, 0xc1, 0xe8, 0x0d, 0x58, 0x94, 0x28, 0x92, 0x48, + 0x85, 0x61, 0xb5, 0x04, 0x58, 0xec, 0x86, 0x6e, 0xc0, 0xb2, 0x44, 0xb4, 0x03, 0x37, 0x46, 0x9e, + 0x65, 0xc8, 0x4b, 0x62, 0xaa, 0x17, 0xb8, 0x02, 0xdf, 0xf8, 0x1a, 0xea, 0xdb, 0xfd, 0xc1, 0x96, + 0xef, 0xed, 0xbb, 0x23, 0xca, 0x62, 0x84, 0x43, 0xba, 0xa6, 0x53, 0xda, 0xa8, 0x50, 0x16, 0xc5, + 0x10, 0x75, 0xa1, 0x16, 0x61, 0x3b, 0x1c, 0x1e, 0xe0, 0xa8, 0x53, 0x66, 0x53, 0xf1, 0x98, 0xae, + 0xf2, 0x03, 0xe2, 0xfa, 0x5e, 0xd4, 0xa9, 0xf0, 0x55, 0x62, 0x68, 0x7c, 0x57, 0x82, 0xc6, 0x9e, + 0x1f, 0x92, 0x07, 0x76, 0x10, 0xb8, 0xde, 0x08, 0xbd, 0x0d, 0x35, 0xa6, 0xd4, 0xa1, 0x3f, 0x66, + 0x3a, 0x68, 0x6d, 0x2e, 0xdd, 0x10, 0x2c, 0xdd, 0xd8, 0x13, 0x13, 0x66, 0x8c, 0x82, 0x2e, 0x43, + 0x6b, 0xe8, 0x7b, 0xc4, 0x76, 0x3d, 0x1c, 0x5a, 0x81, 0x1f, 0x12, 0xa6, 0x99, 0x39, 0xb3, 0x19, + 0x43, 0x29, 0x71, 0xb4, 0x0e, 0xf5, 0x03, 0x3f, 0x22, 0x1c, 0xa3, 0xc2, 0x30, 0x6a, 0x14, 0xc0, + 0x26, 0xd7, 0x60, 0x9e, 0x4d, 0xba, 0x81, 0xd0, 0x41, 0x95, 0x0e, 0x77, 0x03, 0xe3, 0x37, 0x25, + 0x98, 0x7b, 0xe0, 0x4f, 0x3d, 0x92, 0xda, 0xc6, 0x26, 0x07, 0xc2, 0x3e, 0xca, 0x36, 0x36, 0x39, + 0x48, 0xb6, 0xa1, 0x18, 0xdc, 0x44, 0x7c, 0x1b, 0x3a, 0xd9, 0x85, 0x5a, 0x88, 0x6d, 0xc7, 0xf7, + 0xc6, 0x47, 0x8c, 0x85, 0x9a, 0x19, 0x8f, 0xa9, 0xed, 0x22, 0x3c, 0x76, 0xbd, 0xe9, 0x73, 0x2b, + 0xc4, 0x63, 0xfb, 0x09, 0x1e, 0x33, 0x56, 0x6a, 0x66, 0x4b, 0x80, 0x4d, 0x0e, 0x35, 0x9e, 0xc2, + 0x22, 0x35, 0x76, 0x14, 0xd8, 0x43, 0xfc, 0x90, 0xa9, 0x90, 0xba, 0x06, 0xdb, 0xd4, 0xc3, 0xe4, + 0x5b, 0x3f, 0x7c, 0xc6, 0x38, 0xab, 0x99, 0x0d, 0x0a, 0xeb, 0x73, 0x10, 0x3a, 0x0b, 0x35, 0xce, + 0x97, 0xeb, 0x30, 0xb6, 0x6a, 0x26, 0x93, 0x78, 0xcf, 0x75, 0xe2, 0x29, 0x37, 0x18, 0x0a, 0xae, + 0xe6, 0xb9, 0xf4, 0x43, 0xe3, 0xb7, 0x65, 0x58, 0xbf, 0x4f, 0x37, 0x1f, 0xd8, 0x9e, 0xf3, 0xc4, + 0x7f, 0x3e, 0xc0, 0xc3, 0x69, 0xe8, 0x92, 0xa3, 0x2d, 0xdf, 0x23, 0xf8, 0x39, 0x41, 0x3b, 0xb0, + 0xe4, 0x49, 0x5e, 0x2c, 0x69, 0x5e, 0xba, 0x7b, 0x63, 0xb3, 0x13, 0xdb, 0x2c, 0xc5, 0xad, 0xd9, + 0xf6, 0x74, 0x40, 0x84, 0x3e, 0x4c, 0x64, 0x97, 0x44, 0xca, 0x8c, 0xc8, 0x6a, 0x4c, 0x64, 0xb0, + 0xc3, 0xf8, 0x10, 0x24, 0xa4, 0x4e, 0x24, 0x81, 0xf3, 0x40, 0xcf, 0x81, 0x65, 0x47, 0xd6, 0x34, + 0xc2, 0x21, 0x93, 0xa2, 0x62, 0xd6, 0xc3, 0xa9, 0xd7, 0x8b, 0x1e, 0x47, 0x38, 0x64, 0x07, 0x43, + 0x28, 0xda, 0x0a, 0x7d, 0x9f, 0xec, 0x47, 0x52, 0xb9, 0x12, 0x6c, 0x32, 0x28, 0xfa, 0x2f, 0x58, + 0x8e, 0xa6, 0x41, 0x30, 0xc6, 0x13, 0xec, 0x11, 0x7b, 0x6c, 0x8d, 0x42, 0x7f, 0x1a, 0x44, 0x9d, + 0xb9, 0x8d, 0xca, 0xd5, 0x8a, 0x89, 0xd4, 0xa9, 0x4f, 0xd9, 0x8c, 0xf1, 0xeb, 0x12, 0x9c, 0x61, + 0x9c, 0xed, 0xf9, 0x8e, 0x50, 0x92, 0x38, 0x26, 0xaf, 0x43, 0x73, 0xc8, 0x96, 0x5b, 0x81, 0x1d, + 0x62, 0x8f, 0x08, 0x7f, 0x59, 0xe0, 0xc0, 0x3d, 0x06, 0x43, 0x0f, 0xa1, 0x1d, 0x09, 0x9d, 0x5a, + 0x43, 0xae, 0x54, 0x21, 0xfa, 0xa5, 0x58, 0xf4, 0x63, 0x0c, 0x60, 0x2e, 0x46, 0x3a, 0xc0, 0x08, + 0x01, 0x25, 0x9c, 0x3c, 0xc0, 0xc4, 0x76, 0x6c, 0x62, 0x23, 0x04, 0xb3, 0x2c, 0x66, 0x70, 0x16, + 0xd8, 0x37, 0x6a, 0x43, 0x65, 0x2a, 0x9c, 0xa1, 0x6e, 0xd2, 0x4f, 0xf4, 0x1a, 0xd4, 0x63, 0xd3, + 0x88, 0xc0, 0x91, 0x00, 0xe8, 0x01, 0xb6, 0x09, 0xc1, 0x93, 0x80, 0x30, 0xdd, 0x35, 0x4d, 0x39, + 0x34, 0xfe, 0x36, 0x0b, 0xed, 0x8c, 0xf8, 0xb7, 0xa0, 0x36, 0x11, 0xdb, 0x0b, 0x8f, 0x58, 0x4f, + 0x4e, 0x71, 0x86, 0x43, 0x33, 0x46, 0xa6, 0x87, 0x84, 0xba, 0x9f, 0x12, 0xe3, 0xe2, 0x31, 0xd5, + 0xe9, 0xd8, 0x1f, 0x59, 0x8e, 0x1b, 0xe2, 0x21, 0xf1, 0xc3, 0x23, 0xc1, 0xe5, 0xc2, 0xd8, 0x1f, + 0x6d, 0x4b, 0x18, 0xba, 0x09, 0xe0, 0x78, 0x11, 0x55, 0xe7, 0xbe, 0x3b, 0x62, 0xbc, 0x36, 0x36, + 0x51, 0xbc, 0x77, 0x1c, 0xc7, 0xcc, 0xba, 0xe3, 0x45, 0x82, 0xd9, 0xf7, 0xa0, 0x49, 0xe3, 0x82, + 0x35, 0xe1, 0x21, 0x88, 0x1b, 0xbc, 0xb1, 0xb9, 0xa2, 0x70, 0x1c, 0xc7, 0x27, 0x73, 0x21, 0x48, + 0x06, 0x11, 0xba, 0x03, 0x55, 0x76, 0x2e, 0xa3, 0x4e, 0x95, 0xad, 0xb9, 0x9c, 0x23, 0x25, 0xdf, + 0xe5, 0xc6, 0x7d, 0x86, 0xb7, 0xe3, 0x91, 0xf0, 0xc8, 0x14, 0x8b, 0xd0, 0x7d, 0x68, 0xd8, 0x9e, + 0xe7, 0x13, 0x9b, 0xbb, 0xfd, 0x3c, 0xa3, 0x71, 0xbd, 0x98, 0x46, 0x2f, 0x41, 0xe6, 0x84, 0xd4, + 0xe5, 0xe8, 0x7f, 0x60, 0x8e, 0x9d, 0x8b, 0x4e, 0x8d, 0x49, 0x7d, 0x5e, 0xf7, 0xa1, 0x34, 0x31, + 0x93, 0x23, 0x77, 0xdf, 0x83, 0x86, 0xc2, 0x1a, 0x75, 0x8c, 0x67, 0xf8, 0x48, 0xf8, 0x0a, 0xfd, + 0x44, 0x2b, 0x30, 0x77, 0x68, 0x8f, 0xa7, 0xd2, 0x1e, 0x7c, 0x70, 0xbb, 0xfc, 0x7f, 0xa5, 0xee, + 0x5d, 0x68, 0xa7, 0x39, 0x3a, 0xcd, 0x7a, 0x63, 0x17, 0x56, 0xcc, 0xa9, 0x97, 0x30, 0x26, 0x2f, + 0xcd, 0x9b, 0x50, 0x15, 0xf6, 0xe3, 0xbe, 0x73, 0xb6, 0x50, 0x23, 0xa6, 0x40, 0x34, 0xee, 0xc0, + 0x99, 0x14, 0x29, 0x71, 0xa5, 0x5e, 0x82, 0x56, 0xe0, 0x3b, 0x56, 0xc4, 0xc1, 0x96, 0xeb, 0xc8, + 0x93, 0x18, 0xc4, 0xb8, 0xbb, 0x0e, 0x5d, 0x3e, 0x20, 0x7e, 0x90, 0x65, 0xe5, 0x64, 0xcb, 0x3b, + 0xb0, 0x9a, 0x5e, 0xce, 0xb7, 0x37, 0x3e, 0x84, 0x35, 0x13, 0x4f, 0xfc, 0x43, 0xfc, 0xb2, 0xa4, + 0xbb, 0xd0, 0xc9, 0x12, 0x48, 0x88, 0x27, 0xd0, 0x01, 0xb1, 0xc9, 0x34, 0x3a, 0x1d, 0xf1, 0x6b, + 0x2a, 0x01, 0x71, 0x59, 0x70, 0x3a, 0xa8, 0x05, 0x65, 0x37, 0x10, 0x8b, 0xca, 0x6e, 0x60, 0x7c, + 0x05, 0xf5, 0xbe, 0x1a, 0x0d, 0xd4, 0xdb, 0xa6, 0x6e, 0xca, 0x21, 0xda, 0x4c, 0x2e, 0xfa, 0xf2, + 0x0b, 0x6e, 0x82, 0x38, 0x05, 0xb8, 0x97, 0x09, 0xa2, 0x82, 0x87, 0x4d, 0x80, 0x38, 0x02, 0xc9, + 0x9b, 0x05, 0x65, 0xe9, 0x99, 0x0a, 0x96, 0xf1, 0x07, 0x2d, 0x1c, 0x29, 0xc2, 0x38, 0xb1, 0x30, + 0x8e, 0x16, 0x9e, 0xca, 0xa7, 0x09, 0x4f, 0x37, 0x60, 0x2e, 0x22, 0x36, 0xe1, 0x01, 0xb2, 0xa5, + 0x08, 0xa7, 0x6f, 0x89, 0x4d, 0x8e, 0x86, 0xce, 0x01, 0x0c, 0x43, 0x6c, 0x13, 0xec, 0x58, 0x36, + 0x8f, 0x9c, 0x15, 0xb3, 0x2e, 0x20, 0x3d, 0x82, 0x6e, 0x27, 0x7a, 0x9c, 0x63, 0x6c, 0x6c, 0xe4, + 0x10, 0xd4, 0xec, 0x92, 0x68, 0x3a, 0x3e, 0xed, 0xd5, 0xe3, 0x4f, 0xbb, 0x58, 0xc7, 0x91, 0x95, + 0x80, 0x35, 0x5f, 0x18, 0xb0, 0xf8, 0x8a, 0x93, 0x04, 0xac, 0x5a, 0x61, 0xc0, 0x12, 0x34, 0x8e, + 0x0d, 0x58, 0x3f, 0x65, 0xe8, 0x79, 0x00, 0x9d, 0xec, 0xd1, 0x11, 0x21, 0xe3, 0x26, 0x54, 0x23, + 0x06, 0x39, 0x26, 0xfc, 0x88, 0x25, 0x02, 0xd1, 0xf8, 0x57, 0x49, 0xf5, 0xba, 0x4f, 0xdc, 0x31, + 0xc1, 0x61, 0xc6, 0xeb, 0x62, 0xe7, 0x29, 0x9f, 0xcc, 0x79, 0x06, 0xd0, 0x62, 0x6a, 0xb7, 0x22, + 0x3c, 0x66, 0xb7, 0x1b, 0xcb, 0x9d, 0x1b, 0x9b, 0x6f, 0xe5, 0x2c, 0xe4, 0x5b, 0x72, 0x9b, 0x0d, + 0x04, 0x3a, 0xd7, 0x78, 0x73, 0xac, 0xc2, 0xba, 0x1f, 0x01, 0xca, 0x22, 0x9d, 0x4a, 0x75, 0x9f, + 0xd1, 0xe3, 0x4a, 0x53, 0xe7, 0x9c, 0xb0, 0xbd, 0xcf, 0xd8, 0x38, 0x46, 0x6f, 0x9c, 0x4f, 0x53, + 0x20, 0x1a, 0xbf, 0xab, 0x00, 0x24, 0x93, 0xaf, 0xec, 0x39, 0xbd, 0x15, 0x9f, 0x1a, 0x9e, 0x1a, + 0x5c, 0xc8, 0xa1, 0x97, 0x7b, 0x5e, 0x3e, 0xd1, 0xcf, 0x0b, 0x4f, 0x12, 0x2e, 0xe5, 0xad, 0x7e, + 0x65, 0x4f, 0xca, 0x16, 0xac, 0xa6, 0xcd, 0x2d, 0xce, 0xc9, 0x35, 0x98, 0x73, 0x09, 0x9e, 0xf0, + 0x42, 0xb0, 0xb1, 0xb9, 0x9c, 0x23, 0x96, 0xc9, 0x31, 0x8c, 0x8b, 0x50, 0xdf, 0x9d, 0xd8, 0x23, + 0x3c, 0x08, 0xf0, 0x90, 0xee, 0xe5, 0xd2, 0x81, 0xd8, 0x9f, 0x0f, 0x8c, 0x4d, 0xa8, 0xdd, 0xc3, + 0x47, 0x5f, 0xd0, 0x7d, 0x4f, 0xca, 0x9f, 0xf1, 0xf7, 0x12, 0xac, 0xb1, 0x70, 0xb7, 0x25, 0xcb, + 0x30, 0x13, 0x47, 0xfe, 0x34, 0x1c, 0xe2, 0x88, 0x99, 0x34, 0x98, 0x5a, 0x01, 0x0e, 0x5d, 0x9f, + 0xfb, 0x14, 0x35, 0x69, 0x30, 0xdd, 0x63, 0x00, 0x5a, 0xaa, 0xd1, 0xe9, 0x6f, 0xa6, 0xbe, 0xf0, + 0xad, 0x8a, 0x59, 0x1b, 0x06, 0xd3, 0xcf, 0xe9, 0x58, 0xae, 0x8d, 0x0e, 0xec, 0x10, 0x47, 0xb2, + 0xa0, 0x18, 0x06, 0xd3, 0x01, 0x03, 0xa0, 0x9b, 0x70, 0x66, 0x82, 0x27, 0x7e, 0x78, 0x64, 0x8d, + 0xdd, 0x89, 0x4b, 0x2c, 0xd7, 0xb3, 0x9e, 0x1c, 0x11, 0x1c, 0x09, 0xc7, 0x41, 0x7c, 0xf2, 0x3e, + 0x9d, 0xdb, 0xf5, 0x3e, 0xa6, 0x33, 0xc8, 0x80, 0xa6, 0xef, 0x4f, 0xac, 0x68, 0xe8, 0x87, 0xd8, + 0xb2, 0x9d, 0xa7, 0x2c, 0xde, 0x57, 0xcc, 0x86, 0xef, 0x4f, 0x06, 0x14, 0xd6, 0x73, 0x9e, 0x1a, + 0x36, 0x34, 0xb5, 0x42, 0x87, 0x26, 0xee, 0xac, 0xa2, 0x11, 0x89, 0x3b, 0xfd, 0xa6, 0xb0, 0xd0, + 0x1f, 0x4b, 0x3d, 0xb0, 0x6f, 0x0a, 0x23, 0x47, 0x81, 0xcc, 0xda, 0xd9, 0x37, 0x55, 0xd8, 0x18, + 0x1f, 0x8a, 0x3a, 0xb2, 0x6e, 0xf2, 0x81, 0xe1, 0x00, 0x6c, 0xd9, 0x81, 0xfd, 0xc4, 0x1d, 0xbb, + 0xe4, 0x08, 0x5d, 0x83, 0xb6, 0xed, 0x38, 0xd6, 0x50, 0x42, 0x5c, 0x2c, 0x8b, 0xfa, 0x45, 0xdb, + 0x71, 0xb6, 0x14, 0x30, 0x7a, 0x13, 0x96, 0x9c, 0xd0, 0x0f, 0x74, 0x5c, 0x5e, 0xe5, 0xb7, 0xe9, + 0x84, 0x8a, 0x6c, 0xfc, 0xbe, 0x02, 0xe7, 0x74, 0xb3, 0xa4, 0x4b, 0xc7, 0x5b, 0xb0, 0x90, 0xda, + 0xb5, 0xa4, 0x79, 0x50, 0xc2, 0xa4, 0xa9, 0x21, 0xa2, 0xf3, 0x00, 0x41, 0xe8, 0x1e, 0xba, 0x63, + 0x3c, 0xc2, 0xb2, 0x96, 0x55, 0x20, 0xf9, 0x35, 0x69, 0xe5, 0xc7, 0xa8, 0x49, 0x67, 0x7f, 0x48, + 0x4d, 0x3a, 0x97, 0xae, 0x49, 0xaf, 0xb0, 0x66, 0x8d, 0x9c, 0x67, 0xe5, 0x4e, 0x95, 0x77, 0x14, + 0x62, 0x1c, 0x4f, 0x36, 0x75, 0x52, 0xb5, 0xeb, 0xfc, 0x69, 0x6a, 0xd7, 0x5a, 0x61, 0xed, 0xfa, + 0xc7, 0x12, 0xac, 0xe8, 0x46, 0x12, 0xe5, 0xd0, 0x5d, 0xa8, 0x87, 0xf2, 0x14, 0x09, 0xc3, 0x6c, + 0xe8, 0xc9, 0x45, 0xf6, 0xb4, 0x99, 0xc9, 0x12, 0xf4, 0x79, 0x61, 0x55, 0x7b, 0xa5, 0x80, 0xcc, + 0x0b, 0xeb, 0xda, 0x1e, 0x2c, 0xc5, 0xc8, 0xc7, 0x96, 0xb5, 0x4a, 0x99, 0x5a, 0xd6, 0xcb, 0x54, + 0x0f, 0xaa, 0xdb, 0xf8, 0xd0, 0x1d, 0xe2, 0x1f, 0xa5, 0x97, 0xb3, 0x01, 0x8d, 0x00, 0x87, 0x13, + 0x37, 0x8a, 0x62, 0x07, 0xab, 0x9b, 0x2a, 0xc8, 0xf8, 0xe7, 0x1c, 0x2c, 0xa6, 0x35, 0xfb, 0x6e, + 0xa6, 0x2a, 0xee, 0x26, 0x1e, 0x9f, 0x96, 0x4f, 0xb9, 0xcd, 0xae, 0xca, 0x80, 0x59, 0x4e, 0xa5, + 0xc0, 0x71, 0x4c, 0x15, 0x41, 0x94, 0xca, 0x3f, 0xf4, 0x27, 0x13, 0xdb, 0x73, 0x64, 0x9f, 0x4d, + 0x0c, 0xa9, 0xb6, 0xec, 0x70, 0x44, 0xdd, 0x98, 0x82, 0xd9, 0x37, 0xba, 0x00, 0x0d, 0x9a, 0x4a, + 0xba, 0x1e, 0x2b, 0xaa, 0x99, 0x93, 0xd6, 0x4d, 0x10, 0xa0, 0x6d, 0x37, 0x44, 0x97, 0x61, 0x16, + 0x7b, 0x87, 0xf2, 0xde, 0x4a, 0x1a, 0x71, 0x32, 0x50, 0x9b, 0x6c, 0x1a, 0x5d, 0x81, 0xea, 0xc4, + 0x9f, 0x7a, 0x44, 0x26, 0x95, 0xad, 0x18, 0x91, 0x75, 0xcf, 0x4c, 0x31, 0x8b, 0xae, 0xc1, 0xbc, + 0xc3, 0x6c, 0x20, 0x33, 0xc7, 0xc5, 0xa4, 0x30, 0x67, 0x70, 0x53, 0xce, 0xa3, 0x0f, 0xe2, 0x1b, + 0xb7, 0x9e, 0xba, 0x33, 0x53, 0x4a, 0xcd, 0xbd, 0x76, 0xef, 0xe9, 0xd7, 0x2e, 0x30, 0x12, 0xd7, + 0x0a, 0x49, 0x1c, 0x5f, 0x56, 0x9f, 0x85, 0xda, 0xd8, 0x1f, 0x71, 0x3f, 0x68, 0xf0, 0x6a, 0x67, + 0xec, 0x8f, 0x98, 0x1b, 0xac, 0xd0, 0x34, 0xc3, 0x71, 0xbd, 0xce, 0x02, 0x3b, 0x93, 0x7c, 0x40, + 0x6f, 0x0f, 0xf6, 0x61, 0xf9, 0xde, 0x10, 0x77, 0x9a, 0x6c, 0xaa, 0xce, 0x20, 0x0f, 0xbd, 0x21, + 0xbb, 0xdc, 0x08, 0x39, 0xea, 0xb4, 0x18, 0x9c, 0x7e, 0xa2, 0xff, 0x96, 0xa9, 0xfc, 0x22, 0xb3, + 0xef, 0xb9, 0x82, 0x63, 0xf2, 0xca, 0xd4, 0xed, 0x7f, 0x29, 0xc1, 0xea, 0x16, 0x4b, 0x8e, 0x94, + 0x48, 0x70, 0x8a, 0xba, 0x13, 0xbd, 0x13, 0x17, 0xf8, 0xe9, 0x22, 0x31, 0x2d, 0xac, 0xc0, 0x43, + 0x1f, 0x41, 0x4b, 0xd2, 0x14, 0x2b, 0x2b, 0x2f, 0x6a, 0x0d, 0x34, 0x23, 0x75, 0x68, 0x7c, 0x00, + 0x6b, 0x19, 0x9e, 0x45, 0x22, 0x73, 0x11, 0x16, 0x92, 0x88, 0x10, 0xb3, 0xdc, 0x88, 0x61, 0xbb, + 0x8e, 0x71, 0x1b, 0xce, 0x0c, 0x88, 0x1d, 0x92, 0x8c, 0xc0, 0x27, 0x58, 0xcb, 0xba, 0x03, 0xfa, + 0x5a, 0x51, 0xc0, 0x0f, 0x60, 0x65, 0x40, 0xfc, 0xe0, 0x25, 0x88, 0xd2, 0x93, 0x4e, 0xc5, 0xf6, + 0xa7, 0x44, 0x64, 0x2f, 0x72, 0x68, 0xac, 0xf1, 0x5e, 0x46, 0x76, 0xb7, 0xf7, 0x61, 0x95, 0xb7, + 0x12, 0x5e, 0x46, 0x88, 0xb3, 0xb2, 0x91, 0x91, 0xa5, 0xfb, 0xab, 0xb2, 0x12, 0xea, 0x0a, 0x6a, + 0x9f, 0xb7, 0xf5, 0xda, 0x67, 0x2d, 0x6b, 0x70, 0x2d, 0x1f, 0xcf, 0xba, 0x51, 0x25, 0xc7, 0x8d, + 0xcc, 0x4c, 0x81, 0x34, 0xcb, 0x4e, 0xfa, 0x9b, 0x59, 0xea, 0xff, 0xc1, 0xfa, 0x68, 0x97, 0xd7, + 0x47, 0xf1, 0xd6, 0x71, 0x4f, 0xe6, 0x9d, 0x54, 0x7d, 0xd4, 0x29, 0x62, 0x33, 0x2e, 0x8f, 0x7e, + 0x39, 0x0b, 0xf5, 0x78, 0x2e, 0xa3, 0xd3, 0xac, 0x92, 0xca, 0x39, 0x4a, 0x52, 0x2f, 0x9d, 0xca, + 0xcb, 0x5c, 0x3a, 0xb3, 0x2f, 0xba, 0x74, 0xd6, 0xa1, 0xce, 0x3e, 0xac, 0x10, 0xef, 0x8b, 0x4b, + 0xa4, 0xc6, 0x00, 0x26, 0xde, 0x4f, 0x0c, 0x5f, 0x3d, 0x91, 0xe1, 0xf5, 0x42, 0x6c, 0x3e, 0x5d, + 0x88, 0xbd, 0x1b, 0x5f, 0x0b, 0xfc, 0x02, 0x39, 0x9f, 0x25, 0x97, 0x7b, 0x21, 0xec, 0xe8, 0x17, + 0x02, 0xbf, 0x53, 0x5e, 0xcf, 0x59, 0xfc, 0xca, 0x96, 0x61, 0xf7, 0x79, 0x19, 0xa6, 0x7a, 0x95, + 0x88, 0x5e, 0x9b, 0x00, 0xf1, 0x41, 0x95, 0xb5, 0x18, 0xca, 0x8a, 0x66, 0x2a, 0x58, 0x34, 0x14, + 0x68, 0xfa, 0x4f, 0x1a, 0x87, 0x27, 0x08, 0x05, 0x7f, 0x56, 0x53, 0x9b, 0x82, 0x0e, 0xdb, 0xbb, + 0x99, 0xca, 0xfd, 0x64, 0x5e, 0xf7, 0xb6, 0x5e, 0xb8, 0x9f, 0xce, 0x5d, 0x32, 0x75, 0x3b, 0xbb, + 0x89, 0xed, 0x50, 0x4c, 0x8b, 0x24, 0x5c, 0x40, 0x7a, 0x84, 0xe6, 0x3f, 0xfb, 0xae, 0xe7, 0x46, + 0x07, 0x7c, 0xbe, 0xca, 0xe6, 0x41, 0x82, 0x7a, 0xec, 0xd9, 0x10, 0x3f, 0x77, 0x89, 0x35, 0xf4, + 0x1d, 0xcc, 0x9c, 0x71, 0xce, 0xac, 0x51, 0xc0, 0x96, 0xef, 0xe0, 0xe4, 0x80, 0xd4, 0x4e, 0x75, + 0x40, 0xea, 0xa9, 0x03, 0xb2, 0x0a, 0xd5, 0x10, 0xdb, 0x91, 0xef, 0x75, 0x80, 0x3f, 0x3e, 0xf2, + 0x11, 0x0d, 0xf0, 0x13, 0x1c, 0x45, 0x74, 0x03, 0x91, 0x75, 0x88, 0xa1, 0x92, 0x1b, 0x2d, 0x14, + 0xe5, 0x46, 0xc7, 0xb4, 0xf0, 0x52, 0xb9, 0x51, 0xb3, 0x28, 0x37, 0x3a, 0x49, 0x07, 0x4f, 0xc9, + 0xfc, 0x5a, 0xc7, 0x65, 0x7e, 0x3f, 0xe5, 0xc1, 0xb9, 0x07, 0x6b, 0x19, 0x57, 0x17, 0x27, 0xe7, + 0x9d, 0x54, 0xa3, 0xaf, 0x53, 0xa4, 0x85, 0xb8, 0xcf, 0xf7, 0x73, 0x58, 0xdc, 0x79, 0x8e, 0x87, + 0x83, 0x23, 0x6f, 0x78, 0x8a, 0xbb, 0xba, 0x0d, 0x95, 0xe1, 0xc4, 0x11, 0xe5, 0x32, 0xfd, 0x54, + 0x6f, 0xef, 0x8a, 0x7e, 0x7b, 0x5b, 0xd0, 0x4e, 0x76, 0x10, 0x7c, 0xae, 0x52, 0x3e, 0x1d, 0x8a, + 0x4c, 0x89, 0x2f, 0x98, 0x62, 0x24, 0xe0, 0x38, 0x0c, 0x99, 0xd4, 0x1c, 0x8e, 0xc3, 0x50, 0x77, + 0xdb, 0x8a, 0xee, 0xb6, 0xc6, 0x53, 0x68, 0xd0, 0x0d, 0x7e, 0x10, 0xfb, 0x22, 0x85, 0xad, 0x24, + 0x29, 0x6c, 0x9c, 0x09, 0xcf, 0x2a, 0x99, 0xb0, 0xb1, 0x01, 0x0b, 0x7c, 0x2f, 0x21, 0x48, 0x1b, + 0x2a, 0xd3, 0x70, 0x2c, 0xed, 0x36, 0x0d, 0xc7, 0xc6, 0xff, 0x43, 0xb3, 0x47, 0x88, 0x3d, 0x3c, + 0x38, 0x05, 0x3f, 0xf1, 0x5e, 0x65, 0x75, 0x2f, 0x03, 0x5a, 0x92, 0x52, 0xe1, 0x6e, 0x7d, 0x40, + 0x7b, 0x7e, 0x48, 0x3e, 0xf1, 0xc3, 0x6f, 0xed, 0xd0, 0x39, 0x5d, 0xce, 0x8a, 0x60, 0x56, 0xfc, + 0x5f, 0x50, 0xb9, 0x3a, 0x67, 0xb2, 0x6f, 0xe3, 0x0d, 0x58, 0xd6, 0xe8, 0x15, 0x6e, 0x7c, 0x0b, + 0x1a, 0x2c, 0x2a, 0x88, 0xec, 0xe8, 0xaa, 0xda, 0x01, 0x3b, 0x2e, 0x74, 0xd0, 0xca, 0x97, 0x86, + 0x7d, 0x06, 0x8f, 0x63, 0xf4, 0x5b, 0xa9, 0x44, 0x62, 0x45, 0x5f, 0x9f, 0x4a, 0x22, 0xbe, 0x2b, + 0xc1, 0x1c, 0x83, 0x67, 0x82, 0xf4, 0x3a, 0xad, 0xf4, 0x03, 0xdf, 0x22, 0xf6, 0x28, 0xfe, 0x65, + 0x83, 0x02, 0x1e, 0xd9, 0xa3, 0x88, 0xfd, 0x71, 0x42, 0x27, 0x1d, 0x77, 0x84, 0x23, 0x22, 0xff, + 0xdb, 0x68, 0x50, 0xd8, 0x36, 0x07, 0x51, 0x95, 0x44, 0xee, 0x2f, 0x78, 0x86, 0x30, 0x6b, 0xb2, + 0x6f, 0xf9, 0xb0, 0xcc, 0x63, 0x2d, 0x7b, 0x58, 0xee, 0x42, 0x2d, 0xd5, 0xe3, 0x88, 0xc7, 0xc6, + 0x07, 0x80, 0x54, 0xf1, 0x84, 0xfe, 0xae, 0x40, 0x95, 0x49, 0x2f, 0x6f, 0xb3, 0x96, 0x2e, 0x9f, + 0x29, 0x66, 0x8d, 0xbb, 0x80, 0xb8, 0xc2, 0xb4, 0x1b, 0xec, 0xe4, 0xca, 0x7d, 0x1f, 0x96, 0xb5, + 0xf5, 0xf1, 0x93, 0xa1, 0x46, 0x20, 0xbd, 0xbb, 0x58, 0xfc, 0x8f, 0x12, 0x40, 0x6f, 0x4a, 0x0e, + 0x44, 0x6d, 0xaf, 0x4a, 0x59, 0xd2, 0xa5, 0xa4, 0x73, 0x81, 0x1d, 0x45, 0xdf, 0xfa, 0xa1, 0x4c, + 0xd1, 0xe2, 0x31, 0xab, 0xcb, 0xa7, 0xe4, 0x40, 0xf6, 0xee, 0xe8, 0x37, 0xba, 0x0c, 0x2d, 0xfe, + 0x53, 0x8d, 0x65, 0x3b, 0x4e, 0x88, 0xa3, 0x48, 0x34, 0xf1, 0x9a, 0x1c, 0xda, 0xe3, 0x40, 0x8a, + 0xe6, 0x3a, 0xd8, 0x23, 0x2e, 0x39, 0xb2, 0x88, 0xff, 0x0c, 0x7b, 0x22, 0xf9, 0x6a, 0x4a, 0xe8, + 0x23, 0x0a, 0xa4, 0x68, 0x21, 0x1e, 0xb9, 0x11, 0x09, 0x25, 0x9a, 0xec, 0x34, 0x09, 0x28, 0x43, + 0x33, 0xbe, 0x2f, 0x41, 0x7b, 0x6f, 0x3a, 0x1e, 0x73, 0x21, 0x4f, 0xab, 0x4b, 0xf4, 0x86, 0x90, + 0xa3, 0x9c, 0xea, 0xe4, 0x25, 0x2a, 0x12, 0xc2, 0xfd, 0xf0, 0x4a, 0x6e, 0x19, 0x96, 0x14, 0x46, + 0x45, 0x11, 0x72, 0x17, 0x10, 0xaf, 0x4f, 0x5e, 0x8e, 0x7f, 0xe3, 0x0c, 0x2c, 0x6b, 0xeb, 0x05, + 0xd9, 0xeb, 0xd0, 0x14, 0xef, 0x6f, 0xc2, 0xce, 0x67, 0xa1, 0x46, 0x83, 0xc5, 0xd0, 0x75, 0x64, + 0x5f, 0x76, 0x3e, 0xf0, 0x9d, 0x2d, 0xd7, 0x09, 0x8d, 0x3e, 0x34, 0x4d, 0x4e, 0x5e, 0xe0, 0xde, + 0x81, 0x96, 0x78, 0xad, 0xb3, 0xb4, 0xf7, 0xec, 0xa4, 0x89, 0xa8, 0xd1, 0x36, 0x9b, 0x9e, 0x3a, + 0x34, 0xbe, 0x86, 0xee, 0xe3, 0xc0, 0xa1, 0xd9, 0x8e, 0x4a, 0x55, 0x8a, 0x76, 0x07, 0xe4, 0x7f, + 0x5d, 0x45, 0xc4, 0xf5, 0x65, 0xcd, 0x50, 0x1d, 0x1a, 0xe7, 0x60, 0x3d, 0x97, 0xb8, 0x90, 0x3b, + 0x80, 0x76, 0x32, 0xe1, 0xb8, 0xb2, 0x1d, 0xcd, 0xda, 0xcc, 0x25, 0xa5, 0xcd, 0xbc, 0x1a, 0x5f, + 0xa1, 0x3c, 0x18, 0x8b, 0x91, 0x92, 0xd5, 0x54, 0x8a, 0xb2, 0x9a, 0x59, 0x2d, 0xab, 0x31, 0x3e, + 0x8b, 0xb5, 0x27, 0x52, 0xca, 0xf7, 0x58, 0x5e, 0xcb, 0xf7, 0x96, 0x91, 0xe0, 0x6c, 0x8e, 0x70, + 0x1c, 0xc3, 0x54, 0x90, 0x8d, 0x45, 0x68, 0x6a, 0x31, 0xc1, 0xf8, 0x08, 0x5a, 0xa9, 0x43, 0x7e, + 0x23, 0x75, 0xf7, 0x67, 0xd4, 0xa6, 0xdf, 0xfc, 0xd7, 0x5f, 0x83, 0x9a, 0xfc, 0xfd, 0x0c, 0xcd, + 0x43, 0xe5, 0xd1, 0xd6, 0x5e, 0x7b, 0x86, 0x7e, 0x3c, 0xde, 0xde, 0x6b, 0x97, 0xae, 0xdf, 0x86, + 0xc5, 0xd4, 0xcb, 0x12, 0x5a, 0x82, 0xe6, 0xa0, 0xd7, 0xdf, 0xfe, 0xf8, 0xe1, 0x97, 0x96, 0xb9, + 0xd3, 0xdb, 0xfe, 0xaa, 0x3d, 0x83, 0x56, 0xa0, 0x2d, 0x41, 0xfd, 0x87, 0x8f, 0x38, 0xb4, 0x74, + 0xfd, 0x19, 0xb4, 0xf4, 0xe4, 0x16, 0x9d, 0x81, 0xa5, 0xad, 0x87, 0xfd, 0x47, 0xbd, 0xdd, 0xfe, + 0x8e, 0x69, 0x6d, 0x99, 0x3b, 0xbd, 0x47, 0x3b, 0xdb, 0xed, 0x19, 0x1d, 0x6c, 0x3e, 0xee, 0xf7, + 0x77, 0xfb, 0x9f, 0xb6, 0x4b, 0x94, 0x6a, 0x02, 0xde, 0xf9, 0x72, 0x97, 0x22, 0x97, 0x75, 0xe4, + 0xc7, 0xfd, 0x7b, 0xfd, 0x87, 0x3f, 0xeb, 0xb7, 0x2b, 0x9b, 0x7f, 0x6a, 0x40, 0x4b, 0x0a, 0x88, + 0x43, 0xd6, 0x0f, 0xbd, 0x0b, 0xf3, 0xf2, 0xcf, 0xc0, 0x24, 0xdd, 0xd6, 0x7f, 0x63, 0xec, 0x76, + 0xb2, 0x13, 0xc2, 0x51, 0x66, 0xd0, 0x1e, 0x33, 0x9c, 0xf2, 0x8a, 0x77, 0x4e, 0x55, 0x65, 0xe6, + 0x99, 0xb0, 0x7b, 0xbe, 0x68, 0x3a, 0xa6, 0x38, 0xa0, 0xd6, 0x52, 0x7f, 0xa7, 0x40, 0xc9, 0x9a, + 0xdc, 0xdf, 0x34, 0xba, 0x17, 0x0a, 0xe7, 0x63, 0xa2, 0x5f, 0x41, 0x3b, 0xfd, 0x23, 0x05, 0x4a, + 0xfa, 0xda, 0x05, 0x3f, 0x69, 0x74, 0x2f, 0x1e, 0x83, 0xa1, 0x92, 0xce, 0xfc, 0x72, 0xb0, 0x51, + 0xfc, 0x68, 0x9c, 0x21, 0x5d, 0xf4, 0x12, 0xcd, 0x55, 0xa1, 0xbf, 0xbe, 0x21, 0xf5, 0xa1, 0x3f, + 0xe7, 0x15, 0x56, 0x51, 0x45, 0xfe, 0xb3, 0x9d, 0x31, 0x83, 0xbe, 0x80, 0xc5, 0x54, 0x2b, 0x0c, + 0x25, 0xab, 0xf2, 0x1b, 0x7b, 0xdd, 0x8d, 0x62, 0x04, 0xdd, 0x6e, 0x6a, 0xa3, 0x4b, 0xb3, 0x5b, + 0x4e, 0xf7, 0x4c, 0xb3, 0x5b, 0x6e, 0x87, 0x8c, 0xb9, 0x97, 0xd6, 0xce, 0x52, 0xdc, 0x2b, 0xaf, + 0x77, 0xd6, 0x3d, 0x5f, 0x34, 0xad, 0x8a, 0x9f, 0x6a, 0x65, 0x29, 0xe2, 0xe7, 0x77, 0xc8, 0xba, + 0x1b, 0xc5, 0x08, 0x69, 0x5b, 0x25, 0x25, 0x7a, 0xca, 0x56, 0x99, 0x8e, 0x50, 0xca, 0x56, 0xd9, + 0xda, 0x5e, 0xd8, 0x2a, 0x55, 0x6b, 0x5f, 0x28, 0x2c, 0x53, 0xb2, 0xb6, 0xca, 0xaf, 0x7c, 0x8c, + 0x19, 0xd4, 0x83, 0x9a, 0xac, 0x33, 0x50, 0x72, 0xba, 0x53, 0xc5, 0x4d, 0xf7, 0x6c, 0xce, 0x4c, + 0x4c, 0xe2, 0x7f, 0x61, 0x96, 0x42, 0xd1, 0x8a, 0x86, 0x24, 0x97, 0x9e, 0x49, 0x41, 0xe3, 0x65, + 0xef, 0x43, 0x95, 0x27, 0xea, 0x28, 0x89, 0xb9, 0x5a, 0x0d, 0xd0, 0x5d, 0xcb, 0xc0, 0xe3, 0xc5, + 0x9f, 0xf1, 0xbf, 0x85, 0x45, 0xc6, 0x8d, 0xd6, 0xb5, 0x7f, 0xf4, 0xf4, 0xbc, 0xbe, 0xfb, 0x5a, + 0xfe, 0x64, 0x4c, 0xeb, 0x09, 0x2c, 0xe7, 0x5c, 0x81, 0x28, 0x69, 0x0b, 0x15, 0xdf, 0xbe, 0xdd, + 0x4b, 0xc7, 0x23, 0xa9, 0xc2, 0x0a, 0xab, 0xad, 0xaa, 0xae, 0xae, 0x18, 0x6b, 0x2d, 0x03, 0x97, + 0x8b, 0x37, 0xff, 0x5a, 0x86, 0x05, 0x9e, 0xa8, 0x88, 0x50, 0xfd, 0x29, 0x40, 0x92, 0x2e, 0xa3, + 0xae, 0xe6, 0x3d, 0x5a, 0x89, 0xd0, 0x5d, 0xcf, 0x9d, 0x53, 0xd5, 0xa8, 0x64, 0xbe, 0x8a, 0x1a, + 0xb3, 0xf9, 0xb4, 0xa2, 0xc6, 0x9c, 0x64, 0xd9, 0x98, 0x41, 0xdb, 0x50, 0x8f, 0xd3, 0x31, 0xa4, + 0x64, 0x71, 0xa9, 0x5c, 0xb2, 0xdb, 0xcd, 0x9b, 0x52, 0x39, 0x52, 0xf2, 0x2f, 0x85, 0xa3, 0x6c, + 0x56, 0xa7, 0x70, 0x94, 0x97, 0xb2, 0xcd, 0xfc, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x6b, 0xf3, 0x7c, + 0x10, 0x9b, 0x2f, 0x00, 0x00, } diff --git a/pkg/kubelet/api/v1alpha1/runtime/api.proto b/pkg/kubelet/api/v1alpha1/runtime/api.proto index 4e42518dd22..5503ad40166 100644 --- a/pkg/kubelet/api/v1alpha1/runtime/api.proto +++ b/pkg/kubelet/api/v1alpha1/runtime/api.proto @@ -160,9 +160,8 @@ message LinuxSandboxSecurityContext { optional NamespaceOption namespace_options = 1; // Optional SELinux context to be applied. optional SELinuxOption selinux_options = 2; - // User to run the entrypoint of the sandbox process. Can be either UID or - // user name. - optional string run_as_user = 3; + // UID to run sandbox processes as, when applicable. + optional int64 run_as_user = 3; // If set, the root filesystem of the sandbox is read-only. optional bool readonly_rootfs = 4; // List of groups applied to the first process run in the sandbox, in @@ -441,15 +440,18 @@ message LinuxContainerSecurityContext { optional NamespaceOption namespace_options = 3; // SELinux context to be optionally applied. optional SELinuxOption selinux_options = 4; - // The user to run the the container process as. Can be either UID or user - // name. - // Defaults to user specified in image metadata if unspecified. - optional string run_as_user = 5; + // UID to run the container process as. Only one of run_as_user and + // run_as_username can be specified at a time. + optional int64 run_as_user = 5; + // User name to run the container process as. If specified, the user MUST + // exist in the container image (i.e. in the /etc/passwd inside the image), + // and be resolved there by the runtime; otherwise, the runtime MUST error. + optional string run_as_username = 6; // If set, the root filesystem of the container is read-only. - optional bool readonly_rootfs = 6; + optional bool readonly_rootfs = 7; // List of groups applied to the first process run in the container, in // addition to the container's primary GID. - repeated int64 supplemental_groups = 7; + repeated int64 supplemental_groups = 8; } // LinuxContainerConfig contains platform-specific configuration for @@ -761,8 +763,13 @@ message Image { repeated string repo_digests = 3; // Size of the image in bytes. optional uint64 size = 4; - // User that will run the command(s). - optional string user = 5; + // UID that will run the command(s). This is used as a default if no user is + // specified when creating the container. UID and the following user name + // are mutually exclusive. + optional int64 uid = 5; + // User name that will run the command(s). This is used if UID is not set + // and no user is specified when creating container. + optional string username = 6; } message ListImagesResponse { diff --git a/pkg/kubelet/dockershim/convert.go b/pkg/kubelet/dockershim/convert.go index cf028378a2c..709f801065e 100644 --- a/pkg/kubelet/dockershim/convert.go +++ b/pkg/kubelet/dockershim/convert.go @@ -24,7 +24,6 @@ import ( dockertypes "github.com/docker/engine-api/types" runtimeApi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime" - "k8s.io/kubernetes/pkg/kubelet/dockertools" ) // This file contains helper functions to convert docker API types to runtime @@ -57,14 +56,15 @@ func imageInspectToRuntimeAPIImage(image *dockertypes.ImageInspect) (*runtimeApi } size := uint64(image.VirtualSize) - user := dockertools.GetUserFromImageUser(image.Config.User) - return &runtimeApi.Image{ + runtimeImage := &runtimeApi.Image{ Id: &image.ID, RepoTags: image.RepoTags, RepoDigests: image.RepoDigests, Size_: &size, - User: &user, - }, nil + } + + runtimeImage.Uid, runtimeImage.Username = getUserFromImageUser(image.Config.User) + return runtimeImage, nil } func toPullableImageID(id string, image *dockertypes.ImageInspect) string { diff --git a/pkg/kubelet/dockershim/helpers.go b/pkg/kubelet/dockershim/helpers.go index 9d7ec54d5aa..936a590363f 100644 --- a/pkg/kubelet/dockershim/helpers.go +++ b/pkg/kubelet/dockershim/helpers.go @@ -264,3 +264,21 @@ func (f *dockerFilter) Add(key, value string) { func (f *dockerFilter) AddLabel(key, value string) { f.Add("label", fmt.Sprintf("%s=%s", key, value)) } + +// getUserFromImageUser gets uid or user name of the image user. +// If user is numeric, it will be treated as uid; or else, it is treated as user name. +func getUserFromImageUser(imageUser string) (*int64, *string) { + user := dockertools.GetUserFromImageUser(imageUser) + // return both nil if user is not specified in the image. + if user == "" { + return nil, nil + } + // user could be either uid or user name. Try to interpret as numeric uid. + uid, err := strconv.ParseInt(user, 10, 64) + if err != nil { + // If user is non numeric, assume it's user name. + return nil, &user + } + // If user is a numeric uid. + return &uid, nil +} diff --git a/pkg/kubelet/dockershim/helpers_test.go b/pkg/kubelet/dockershim/helpers_test.go index 0312e22e670..0fa927f1a68 100644 --- a/pkg/kubelet/dockershim/helpers_test.go +++ b/pkg/kubelet/dockershim/helpers_test.go @@ -187,3 +187,43 @@ func TestGetSystclsFromAnnotations(t *testing.T) { assert.Equal(t, test.expectedSysctls, actual, "TestCase[%d]", i) } } + +// TestGetUserFromImageUser tests the logic of getting image uid or user name of image user. +func TestGetUserFromImageUser(t *testing.T) { + newI64 := func(i int64) *int64 { return &i } + newStr := func(s string) *string { return &s } + for c, test := range map[string]struct { + user string + uid *int64 + name *string + }{ + "no gid": { + user: "0", + uid: newI64(0), + }, + "uid/gid": { + user: "0:1", + uid: newI64(0), + }, + "empty user": { + user: "", + }, + "multiple spearators": { + user: "1:2:3", + uid: newI64(1), + }, + "root username": { + user: "root:root", + name: newStr("root"), + }, + "username": { + user: "test:test", + name: newStr("test"), + }, + } { + t.Logf("TestCase - %q", c) + actualUID, actualName := getUserFromImageUser(test.user) + assert.Equal(t, test.uid, actualUID) + assert.Equal(t, test.name, actualName) + } +} diff --git a/pkg/kubelet/dockershim/security_context.go b/pkg/kubelet/dockershim/security_context.go index a33aee09626..b323db8e9f8 100644 --- a/pkg/kubelet/dockershim/security_context.go +++ b/pkg/kubelet/dockershim/security_context.go @@ -61,7 +61,15 @@ func applyContainerSecurityContext(lc *runtimeapi.LinuxContainerConfig, sandboxI // modifyContainerConfig applies container security context config to dockercontainer.Config. func modifyContainerConfig(sc *runtimeapi.LinuxContainerSecurityContext, config *dockercontainer.Config) { - config.User = sc.GetRunAsUser() + if sc == nil { + return + } + if sc.RunAsUser != nil { + config.User = strconv.FormatInt(sc.GetRunAsUser(), 10) + } + if sc.RunAsUsername != nil { + config.User = sc.GetRunAsUsername() + } } // modifyHostConfig applies security context config to dockercontainer.HostConfig. diff --git a/pkg/kubelet/dockershim/security_context_test.go b/pkg/kubelet/dockershim/security_context_test.go index 65a74acfba7..f3d2a69ae46 100644 --- a/pkg/kubelet/dockershim/security_context_test.go +++ b/pkg/kubelet/dockershim/security_context_test.go @@ -18,6 +18,7 @@ package dockershim import ( "fmt" + "strconv" "testing" dockercontainer "github.com/docker/engine-api/types/container" @@ -28,7 +29,8 @@ import ( ) func TestModifyContainerConfig(t *testing.T) { - var uid string = "123" + var uid int64 = 123 + var username string = "testuser" cases := []struct { name string @@ -41,7 +43,16 @@ func TestModifyContainerConfig(t *testing.T) { RunAsUser: &uid, }, expected: &dockercontainer.Config{ - User: uid, + User: strconv.FormatInt(uid, 10), + }, + }, + { + name: "container.SecurityContext.RunAsUsername set", + sc: &runtimeapi.LinuxContainerSecurityContext{ + RunAsUsername: &username, + }, + expected: &dockercontainer.Config{ + User: username, }, }, { diff --git a/pkg/kubelet/kuberuntime/BUILD b/pkg/kubelet/kuberuntime/BUILD index 38844e71891..0af69177f01 100644 --- a/pkg/kubelet/kuberuntime/BUILD +++ b/pkg/kubelet/kuberuntime/BUILD @@ -58,7 +58,6 @@ go_library( "//vendor:github.com/coreos/go-semver/semver", "//vendor:github.com/docker/docker/pkg/jsonlog", "//vendor:github.com/fsnotify/fsnotify", - "//vendor:github.com/gogo/protobuf/proto", "//vendor:github.com/golang/glog", "//vendor:github.com/google/cadvisor/info/v1", ], diff --git a/pkg/kubelet/kuberuntime/helpers.go b/pkg/kubelet/kuberuntime/helpers.go index 51ac999dc11..91088e56136 100644 --- a/pkg/kubelet/kuberuntime/helpers.go +++ b/pkg/kubelet/kuberuntime/helpers.go @@ -146,19 +146,24 @@ func getContainerSpec(pod *api.Pod, containerName string) *api.Container { return nil } -// getImageUID gets uid that will run the command(s) from image. -func (m *kubeGenericRuntimeManager) getImageUser(image string) (string, error) { +// getImageUser gets uid or user name that will run the command(s) from image. The function +// guarantees that only one of them is set. +func (m *kubeGenericRuntimeManager) getImageUser(image string) (*int64, *string, error) { imageStatus, err := m.imageService.ImageStatus(&runtimeApi.ImageSpec{Image: &image}) if err != nil { - return "", err + return nil, nil, err } - user := imageStatus.GetUser() - // kuberuntime treats empty user as root. - if user == "" { - return "0", nil + if imageStatus != nil && imageStatus.Uid != nil { + // If uid is set, return uid. + return imageStatus.Uid, nil, nil } - return user, nil + if imageStatus != nil && imageStatus.Username != nil { + // If uid is not set, but user name is set, return user name. + return nil, imageStatus.Username, nil + } + // If non of them is set, treat it as root. + return new(int64), nil, nil } // isContainerFailed returns true if container has exited and exitcode is not zero. diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container.go b/pkg/kubelet/kuberuntime/kuberuntime_container.go index dc0ffe33dd4..b781770e30a 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_container.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_container.go @@ -135,13 +135,17 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *api.Conta return nil, err } - // Verify RunAsNonRoot. - imageUser, err := m.getImageUser(container.Image) + uid, username, err := m.getImageUser(container.Image) if err != nil { return nil, err } - if err := verifyRunAsNonRoot(pod, container, imageUser); err != nil { - return nil, err + if uid != nil { + // Verify RunAsNonRoot. Non-root verification only supports numeric user. + if err := verifyRunAsNonRoot(pod, container, *uid); err != nil { + return nil, err + } + } else { + glog.Warningf("Non-root verification doesn't support non-numeric user (%s)", *username) } command, args := kubecontainer.ExpandContainerCommandAndArgs(container, opts.Envs) @@ -164,7 +168,7 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *api.Conta Stdin: &container.Stdin, StdinOnce: &container.StdinOnce, Tty: &container.TTY, - Linux: m.generateLinuxContainerConfig(container, pod, imageUser), + Linux: m.generateLinuxContainerConfig(container, pod, uid, username), } // set environment variables @@ -182,10 +186,10 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *api.Conta } // generateLinuxContainerConfig generates linux container config for kubelet runtime api. -func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *api.Container, pod *api.Pod, imageUser string) *runtimeApi.LinuxContainerConfig { +func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *api.Container, pod *api.Pod, uid *int64, username *string) *runtimeApi.LinuxContainerConfig { lc := &runtimeApi.LinuxContainerConfig{ Resources: &runtimeApi.LinuxContainerResources{}, - SecurityContext: m.determineEffectiveSecurityContext(pod, container, imageUser), + SecurityContext: m.determineEffectiveSecurityContext(pod, container, uid, username), } // set linux container resources diff --git a/pkg/kubelet/kuberuntime/kuberuntime_sandbox.go b/pkg/kubelet/kuberuntime/kuberuntime_sandbox.go index 7cf4d03a898..2374ecd4e31 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_sandbox.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_sandbox.go @@ -146,7 +146,7 @@ func (m *kubeGenericRuntimeManager) generatePodSandboxLinuxConfig(pod *api.Pod, HostIpc: &sc.HostIPC, HostPid: &sc.HostPID, }, - RunAsUser: convertToRuntimeRunAsUser(sc.RunAsUser), + RunAsUser: sc.RunAsUser, } if sc.FSGroup != nil { diff --git a/pkg/kubelet/kuberuntime/security_context.go b/pkg/kubelet/kuberuntime/security_context.go index 3b163220382..fc5940dee5c 100644 --- a/pkg/kubelet/kuberuntime/security_context.go +++ b/pkg/kubelet/kuberuntime/security_context.go @@ -18,10 +18,6 @@ package kuberuntime import ( "fmt" - "strconv" - - "github.com/gogo/protobuf/proto" - "github.com/golang/glog" "k8s.io/kubernetes/pkg/api" runtimeapi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime" @@ -29,7 +25,7 @@ import ( ) // determineEffectiveSecurityContext gets container's security context from api.Pod and api.Container. -func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.Pod, container *api.Container, imageUser string) *runtimeapi.LinuxContainerSecurityContext { +func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.Pod, container *api.Container, uid *int64, username *string) *runtimeapi.LinuxContainerSecurityContext { effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container) synthesized := convertToRuntimeSecurityContext(effectiveSc) if synthesized == nil { @@ -38,7 +34,8 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.P // set RunAsUser. if synthesized.RunAsUser == nil { - synthesized.RunAsUser = &imageUser + synthesized.RunAsUser = uid + synthesized.RunAsUsername = username } // set namespace options and supplemental groups. @@ -65,7 +62,7 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.P } // verifyRunAsNonRoot verifies RunAsNonRoot. -func verifyRunAsNonRoot(pod *api.Pod, container *api.Container, imageUser string) error { +func verifyRunAsNonRoot(pod *api.Pod, container *api.Container, uid int64) error { effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container) if effectiveSc == nil || effectiveSc.RunAsNonRoot == nil { return nil @@ -78,15 +75,6 @@ func verifyRunAsNonRoot(pod *api.Pod, container *api.Container, imageUser string return nil } - // Non-root verification only supports numeric user now. For non-numeric user, - // just return nil to by-pass the verfication. - // TODO: Support non-numeric user. - uid, err := strconv.ParseInt(imageUser, 10, 64) - if err != nil { - glog.Warningf("Non-root verification doesn't support non-numeric user (%s)", imageUser) - return nil - } - if uid == 0 { return fmt.Errorf("container has runAsNonRoot and image will run as root") } @@ -101,7 +89,7 @@ func convertToRuntimeSecurityContext(securityContext *api.SecurityContext) *runt } return &runtimeapi.LinuxContainerSecurityContext{ - RunAsUser: convertToRuntimeRunAsUser(securityContext.RunAsUser), + RunAsUser: securityContext.RunAsUser, Privileged: securityContext.Privileged, ReadonlyRootfs: securityContext.ReadOnlyRootFilesystem, Capabilities: convertToRuntimeCapabilities(securityContext.Capabilities), @@ -109,14 +97,6 @@ func convertToRuntimeSecurityContext(securityContext *api.SecurityContext) *runt } } -// convertToRuntimeRunAsUser converts RunAsUser from *int64 to *string. -func convertToRuntimeRunAsUser(runAsUser *int64) *string { - if runAsUser == nil { - return nil - } - return proto.String(strconv.FormatInt(*runAsUser, 10)) -} - // convertToRuntimeSELinuxOption converts api.SELinuxOptions to runtimeapi.SELinuxOption. func convertToRuntimeSELinuxOption(opts *api.SELinuxOptions) *runtimeapi.SELinuxOption { if opts == nil {