diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..5bc1ea8 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,42 @@ +# Test infrastructure (causes permission issues) +test-infrastructure/ + +# Git files +.git/ +.gitignore + +# Documentation +*.md +docs/ + +# Examples (not needed for build) +examples/ + +# Test files +*_test.go +test/ + +# IDE files +.vscode/ +.idea/ +*.swp +*.swo + +# OS files +.DS_Store +Thumbs.db + +# Build artifacts +bin/ +dist/ +*.exe +*.dll +*.so +*.dylib + +# Logs +*.log + +# Temporary files +tmp/ +temp/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..56e5c46 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +# Build stage +FROM golang:1.19-alpine AS builder + +WORKDIR /app +COPY go.mod go.sum ./ +RUN go mod download + +COPY . . +RUN CGO_ENABLED=0 GOOS=linux go build -o /secretize ./cmd/secretize + +# Final stage +FROM alpine:3.18 + +# Install ca-certificates for HTTPS connections +RUN apk --no-cache add ca-certificates + +COPY --from=builder /secretize /usr/local/bin/secretize + +# KRM functions run as nobody user +USER nobody + +ENTRYPOINT ["/usr/local/bin/secretize"] \ No newline at end of file diff --git a/README.md b/README.md index ea39a74..955d3af 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,31 @@ It is possible to use multiple providers at once. ## Installation +Secretize now supports multiple installation methods: + +### Method 1: KRM Function (Recommended) + +Secretize supports modern Kubernetes Resource Model (KRM) Functions, which work with Kustomize 4.0.0+: + +#### Exec KRM Function +Download the binary and use it directly: +```bash +curl -L https://github.com/bbl/secretize/releases/download/v0.0.1/secretize-v0.0.1-linux-amd64.tar.gz | tar -xz +chmod +x secretize +``` + +#### Containerized KRM Function +Use the Docker image (no installation required): +```yaml +# In your kustomization, reference the container image +annotations: + config.kubernetes.io/function: | + container: + image: ghcr.io/bbl/secretize:latest +``` + +### Method 2: Legacy Plugin (Deprecated) + Install secretize to your `$XDG_CONFIG_HOME/kustomize/plugin` folder: 1. Export the `XDG_CONFIG_HOME` variable if it's not already set: @@ -48,6 +73,62 @@ curl -L https://github.com/bbl/secretize/releases/download/v0.0.1/secretize-v0.0 ## Usage +### Using KRM Functions (Recommended) + +With KRM functions, add the `config.kubernetes.io/function` annotation to your SecretGenerator: + +#### Exec KRM Function Example +```yaml +# secret-generator.yaml +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: my-secrets + annotations: + config.kubernetes.io/function: | + exec: + path: ./secretize +sources: + - provider: env + literals: + - DATABASE_URL +``` + +Run with: `kustomize build --enable-alpha-plugins --enable-exec .` + +#### Containerized KRM Function Example +```yaml +# secret-generator.yaml +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: my-secrets + annotations: + config.kubernetes.io/function: | + container: + image: ghcr.io/bbl/secretize:latest +sources: + - provider: env + literals: + - DATABASE_URL +``` + +Run with: `kustomize build --enable-alpha-plugins .` + +### Legacy Plugin Usage + +For the legacy plugin, use without annotations: + +```yaml +# kustomization.yaml +generators: + - secret-generator.yaml +``` + +Run with: `kustomize build --enable-alpha-plugins .` + +### Provider Configuration + All providers can generate two types of secrets: `literals` and `kv` (Key-Value secrets). Literal secrets simply generate a single string output, while KV secrets will output with a dictionary of the key-value pairs. @@ -279,3 +360,29 @@ data: secret_key_1: c2VjcmV0X3ZhbHVlXzE= secret_key_2: c2VjcmV0X3ZhbHVlXzI= ``` + +## Examples + +Check out the [examples](./examples) directory for complete working examples: + +- [Legacy Plugin Example](./examples/legacy) - Traditional Kustomize plugin approach +- [Exec KRM Function Example](./examples/exec) - Modern exec-based KRM function +- [Containerized KRM Function Example](./examples/docker) - Docker-based KRM function + +## Test Infrastructure + +For comprehensive testing with real secret stores, see the [test-infrastructure](./test-infrastructure/) directory which provides: + +- **HashiCorp Vault** setup with test secrets +- **AWS Secrets Manager** emulation via LocalStack +- **Kubernetes** cluster with test secrets +- **Automated testing** for all providers and execution modes + +```bash +cd test-infrastructure +./test-all-providers.sh +``` + +## Documentation + +For detailed documentation on KRM Functions support, see [KRM Functions Documentation](./docs/KRM_FUNCTIONS.md). diff --git a/cmd/secretize/main.go b/cmd/secretize/main.go index 91ca4d9..bf8a951 100644 --- a/cmd/secretize/main.go +++ b/cmd/secretize/main.go @@ -2,20 +2,40 @@ package main import ( "fmt" + "io/ioutil" + "github.com/bbl/secretize/pkg/generator" "github.com/bbl/secretize/pkg/utils" log "github.com/sirupsen/logrus" - "io/ioutil" "os" "path/filepath" + + "sigs.k8s.io/kustomize/kyaml/fn/framework" + "sigs.k8s.io/kustomize/kyaml/fn/framework/command" + "sigs.k8s.io/kustomize/kyaml/yaml" ) func main() { + // Check if running as KRM function (no args or stdin has content) + if len(os.Args) == 1 || isKRMFunction() { + runAsKRMFunction() + } else { + // Legacy mode + runLegacyMode() + } +} + +// isKRMFunction checks if stdin has content (indicating KRM function mode) +func isKRMFunction() bool { + stat, _ := os.Stdin.Stat() + return (stat.Mode() & os.ModeCharDevice) == 0 +} +// runLegacyMode runs the original secretize behavior +func runLegacyMode() { if len(os.Args) < 2 { - log.Fatal( - "No argument passed, use `secretize /path/to/generator-config.yaml`") + log.Fatal("No argument passed, use `secretize /path/to/generator-config.yaml`") } filename, _ := filepath.Abs(os.Args[1]) @@ -33,3 +53,63 @@ func main() { utils.FatalErrCheck(err) fmt.Println(out) } + +// SecretGeneratorProcessor implements the KRM function processor +type SecretGeneratorProcessor struct{} + +// Process implements the framework.ResourceListProcessor interface +func (p SecretGeneratorProcessor) Process(rl *framework.ResourceList) error { + // Get the function config + if rl.FunctionConfig == nil { + return fmt.Errorf("no function config provided") + } + + // Convert function config to YAML string + fcString, err := rl.FunctionConfig.String() + if err != nil { + return fmt.Errorf("failed to marshal function config: %w", err) + } + + // Parse as SecretGenerator + secretGenerator, err := generator.ParseConfig([]byte(fcString)) + if err != nil { + return fmt.Errorf("failed to parse config: %w", err) + } + + // Generate secrets + secrets, err := secretGenerator.FetchSecrets(generator.ProviderRegistry) + if err != nil { + return fmt.Errorf("failed to fetch secrets: %w", err) + } + + // Generate the secret resource + secret := secretGenerator.Generate(secrets) + secretYaml, err := secret.ToYamlStr() + if err != nil { + return fmt.Errorf("failed to convert secret to yaml: %w", err) + } + + // Parse the generated secret as RNode + rNode, err := yaml.Parse(secretYaml) + if err != nil { + return fmt.Errorf("failed to parse generated secret: %w", err) + } + + // Append to items + rl.Items = append(rl.Items, rNode) + + return nil +} + +// runAsKRMFunction runs secretize as a KRM function +func runAsKRMFunction() { + processor := SecretGeneratorProcessor{} + cmd := command.Build(processor, command.StandaloneDisabled, false) + + // Add dockerfile generation support + command.AddGenerateDockerfile(cmd) + + if err := cmd.Execute(); err != nil { + os.Exit(1) + } +} diff --git a/examples/docker/env/README.md b/examples/docker/env/README.md new file mode 100644 index 0000000..3c4f7e1 --- /dev/null +++ b/examples/docker/env/README.md @@ -0,0 +1,80 @@ +# Containerized KRM Function Example (Environment Variables) + +This example demonstrates how to use Secretize as a containerized KRM function with Kustomize, sourcing secrets from environment variables set directly in the function config. + +--- + +## How It Works + +- The containerized KRM function runs in an isolated environment and **does not inherit environment variables from your shell**. +- All required environment variables must be set explicitly in the `envs:` section of the function config in `secret-generator.yaml`. +- This approach is simple, reproducible, and works reliably with Kustomize and Secretize. + +--- + +## Step-by-Step Usage + +1. **(Optional) Build the Secretize Docker image (if using `image: secretize:local`):** + ```bash + cd ../../.. + docker build -t secretize:local . + cd examples/docker/env + ``` + +2. **Export the required environment variables in your shell:** + ```bash + export DATABASE_URL="postgresql://user:pass@localhost/db" + export API_KEY="your-secret-api-key" + export JWT_SECRET="your-jwt-secret" + export CONFIG_JSON='{"feature_new_ui": "true", "feature_beta": "false"}' + ``` + These variables will be referenced by the YAML configuration. + +3. **Reference the environment variables in your YAML file:** + In `secret-generator.yaml`, you can reference these variables using the `literals` and `kv` fields: + ```yaml + sources: + - provider: env + literals: + - DATABASE_URL # Reads from $DATABASE_URL + - API_KEY # Reads from $API_KEY + - JWT_SECRET # Reads from $JWT_SECRET + kv: + - CONFIG_JSON # Reads from $CONFIG_JSON and parses as JSON + ``` + - `literals`: Direct environment variable values + - `kv`: Environment variables containing JSON that gets parsed into key-value pairs + +4. **Run Kustomize build with containerized KRM function enabled:** + ```bash + kustomize build --enable-alpha-plugins . + ``` + +--- + +## Why Not YAML Anchors for Env Vars? +- YAML anchors are useful for repeating static YAML blocks, but **they do not help with dynamic environment variable substitution**. +- For dynamic values, set them directly in the `envs:` list as shown above. +- If you want to use exported environment variables from your shell, use the [exec approach](../exec/env/README.md) instead. + +--- + +## Troubleshooting + +- If secrets are not found, make sure you set all required env vars in the function config. +- If you see an error about `secretize:local` not found, make sure you built the image as described above. +- If you see errors about `$` or `${VAR}` in the output, make sure you have replaced all placeholders with actual values. + +--- + +## Security Considerations + +- **Never hardcode real secrets in your configs for production.** +- Use this approach for local development, testing, or with non-sensitive values. +- For production, consider using a secrets manager (like Vault) and the appropriate Secretize provider. + +--- + +## Reference: Using Host Environment Variables + +- If you want to use environment variables exported in your shell, use the [exec KRM function approach](../exec/env/README.md), which can access your host environment directly. \ No newline at end of file diff --git a/examples/docker/env/deployment.yaml b/examples/docker/env/deployment.yaml new file mode 100644 index 0000000..92a6edf --- /dev/null +++ b/examples/docker/env/deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: example-app +spec: + replicas: 1 + selector: + matchLabels: + app: example + template: + metadata: + labels: + app: example + spec: + containers: + - name: app + image: nginx:latest + envFrom: + - secretRef: + name: env-secrets \ No newline at end of file diff --git a/examples/docker/env/kustomization.yaml b/examples/docker/env/kustomization.yaml new file mode 100644 index 0000000..bc56b9c --- /dev/null +++ b/examples/docker/env/kustomization.yaml @@ -0,0 +1,9 @@ +# Legacy Kustomize plugin example +# This approach uses the traditional Kustomize plugin system +# where the plugin is installed in $XDG_CONFIG_HOME/kustomize/plugin + +generators: + - secret-generator.yaml + +resources: + - deployment.yaml \ No newline at end of file diff --git a/examples/docker/env/secret-generator.yaml b/examples/docker/env/secret-generator.yaml new file mode 100644 index 0000000..97eadbb --- /dev/null +++ b/examples/docker/env/secret-generator.yaml @@ -0,0 +1,21 @@ +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: docker-vault-secrets + annotations: + config.kubernetes.io/function: | + container: + image: secretize:local + envs: + - DATABASE_URL + - API_KEY + - JWT_SECRET + - CONFIG_JSON +sources: + - provider: env + literals: + - DATABASE_URL + - API_KEY + - JWT_SECRET + kv: + - CONFIG_JSON diff --git a/examples/docker/vault/README.md b/examples/docker/vault/README.md new file mode 100644 index 0000000..c2ebe8e --- /dev/null +++ b/examples/docker/vault/README.md @@ -0,0 +1,122 @@ +# Containerized KRM Function Example with HashiCorp Vault + +This example demonstrates how to use Secretize as a **containerized KRM function** with Kustomize, configured to fetch secrets from HashiCorp Vault. + +--- + +## Local Vault Testing with Docker Compose + +A minimal `docker-compose.yml` is provided in this directory to spin up a Vault instance and pre-populate it with all the secrets needed for this example. + +### Steps: +1. **Start Vault and initialize secrets:** + ```bash + docker-compose up -d + # Wait for both 'vault' and 'setup' containers to finish initializing + docker-compose ps + # Vault UI: http://localhost:8200 (token: myroot) + ``` +2. **Build the Secretize Docker image (if using `image: secretize:local`):** + ```bash + cd ../../.. + docker build -t secretize:local . + cd examples/docker/vault + ``` + - If you use `image: ghcr.io/bbl/secretize:latest` in your function config, you can skip this step. +3. **Export the required Vault environment variables in your shell:** + ```bash + export VAULT_ADDR="http://127.0.0.1:8200" + export VAULT_TOKEN="myroot" + ``` + These variables will be used by the Secretize function to connect to Vault. + - We use `127.0.0.1` since Vault is running on the host machine. +4. **Update the function config in `secret-generator.yaml` to set Vault environment variables:** + ```yaml + metadata: + annotations: + config.kubernetes.io/function: | + container: + image: secretize:local + envs: + - VAULT_ADDR + - VAULT_TOKEN + ``` + - We use `127.0.0.1` since Vault is running on the host machine. + +5. **Run Kustomize build with containerized KRM function enabled:** + ```bash + kustomize build --enable-alpha-plugins --network . + ``` + +--- + +## How it Works + +- Kustomize recognizes the `config.kubernetes.io/function` annotation with `container` configuration. +- It pulls and runs the specified Docker image with Vault environment variables. +- The container connects to Vault using the provided token. +- Kustomize sends a ResourceList to the container's stdin. +- The container fetches secrets from Vault and returns the generated Secret on stdout. +- The Secret is included in the final output. + +--- + +## Troubleshooting + +### 1. **Secrets Not Found** +- Double-check the secret paths in `secret-generator.yaml`. +- If you have a subfolder called `data` in Vault, your path should be: + ```yaml + - DATABASE_URL=secret/data/data/docker-app/database-url:value + ``` +- If not, use: + ```yaml + - DATABASE_URL=secret/data/docker-app/database-url:value + ``` +- You can confirm the path with: + ```bash + vault kv get + # Example: + vault kv get secret/data/docker-app/database-url + vault kv get secret/data/data/docker-app/database-url + ``` +- If using the API, try: + ```bash + curl -H "X-Vault-Token: myroot" http://127.0.0.1:8200/v1/secret/data/docker-app/database-url + curl -H "X-Vault-Token: myroot" http://127.0.0.1:8200/v1/secret/data/data/docker-app/database-url + ``` + +### 2. **Authentication Failed** +- Make sure `VAULT_TOKEN` is set and valid in the function config. +- The default token for the test setup is `myroot`. + +### 3. **Vault Not Reachable** +- Make sure `VAULT_ADDR` is set to `http://host.docker.internal:8200` (or `http://127.0.0.1:8200` if not using Docker Desktop). +- Ensure the Vault container is running and healthy. + +### 4. **Image Not Found** +- If you see an error about `secretize:local` not found, make sure you built the image as described above. + +--- + +## Technical Note: Vault Path Structure + +- The full path to a secret is: `/data//` for KV v2 API. +- In the Vault UI, you may see a subfolder called `data`—this is part of your logical path. +- If your secret is at `data/docker-app/api-key` in the UI under the `secret` mount, the full path is: + ```yaml + secret/data/docker-app/api-key + ``` +- If you have a subfolder called `data`, the path is: + ```yaml + secret/data/data/docker-app/api-key + ``` +- Always confirm with the Vault CLI or API if unsure. + +--- + +## Security Considerations + +- Never hardcode tokens in production. +- Use AppRole or Kubernetes authentication for production. +- Rotate tokens and audit secret access. \ No newline at end of file diff --git a/examples/docker/vault/deployment.yaml b/examples/docker/vault/deployment.yaml new file mode 100644 index 0000000..578356c --- /dev/null +++ b/examples/docker/vault/deployment.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: docker-example-app +spec: + replicas: 1 + selector: + matchLabels: + app: docker-example + template: + metadata: + labels: + app: docker-example + spec: + containers: + - name: app + image: nginx:latest + envFrom: + - secretRef: + name: docker-env-secrets + env: + - name: RUNTIME + value: "container" \ No newline at end of file diff --git a/examples/docker/vault/docker-compose.yml b/examples/docker/vault/docker-compose.yml new file mode 100644 index 0000000..8fe9cb2 --- /dev/null +++ b/examples/docker/vault/docker-compose.yml @@ -0,0 +1,52 @@ +version: '3.8' + +services: + # HashiCorp Vault for testing + vault: + image: hashicorp/vault:1.15 + container_name: secretize-vault-test + ports: + - "8200:8200" + environment: + VAULT_DEV_ROOT_TOKEN_ID: myroot + VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200 + VAULT_ADDR: http://127.0.0.1:8200 + cap_add: + - IPC_LOCK + command: vault server -dev -dev-root-token-id=myroot + healthcheck: + test: ["CMD", "vault", "status"] + interval: 5s + timeout: 3s + retries: 5 + volumes: + - ./vault-data:/vault/data + + # Setup container to initialize Vault with test secrets + setup: + image: hashicorp/vault:1.15 + container_name: secretize-vault-setup + depends_on: + vault: + condition: service_healthy + environment: + VAULT_ADDR: http://vault:8200 + VAULT_TOKEN: myroot + command: > + sh -c " + echo 'Waiting for Vault to be ready...' && + sleep 5 && + echo 'Creating test secrets...' && + vault kv put secret/data/docker-app/database-url value='postgresql://vault-user:vault-pass@vault-db:5432/vault_db' && + vault kv put secret/data/docker-app/api-key value='vault-api-key-12345' && + vault kv put secret/data/docker-app/jwt-secret value='super-secret-jwt-signing-key' && + vault kv put secret/data/docker-app/app-config debug=true log_level=info max_connections=100 timeout=30s && + vault kv put secret/data/docker-app/feature-flags new_ui=true beta_features=false experimental=true dark_mode=enabled && + echo 'Vault setup complete!' && + echo 'Vault UI: http://localhost:8200 (token: myroot)' + " + +networks: + default: + name: vault-network + driver: bridge \ No newline at end of file diff --git a/examples/docker/vault/kustomization.yaml b/examples/docker/vault/kustomization.yaml new file mode 100644 index 0000000..0bcb02e --- /dev/null +++ b/examples/docker/vault/kustomization.yaml @@ -0,0 +1,8 @@ +# Containerized KRM Function example +# This approach uses the KRM function specification with Docker container + +resources: + - deployment.yaml + +generators: + - secret-generator.yaml \ No newline at end of file diff --git a/examples/docker/vault/secret-generator.yaml b/examples/docker/vault/secret-generator.yaml new file mode 100644 index 0000000..2a34384 --- /dev/null +++ b/examples/docker/vault/secret-generator.yaml @@ -0,0 +1,23 @@ +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: docker-vault-secrets + annotations: + config.kubernetes.io/function: | + container: + image: secretize:local + network: true + envs: + - VAULT_ADDR + - VAULT_TOKEN +sources: + - provider: hashicorp-vault + literals: + # Single secret values from docker-app namespace + - DATABASE_URL=secret/data/data/docker-app/database-url:value + - API_KEY=secret/data/data/docker-app/api-key:value + - JWT_SECRET=secret/data/data/docker-app/jwt-secret:value + kv: + # KV secrets with all key-value pairs + - secret/data/data/docker-app/app-config + - secret/data/data/docker-app/feature-flags diff --git a/examples/exec/env/README.md b/examples/exec/env/README.md new file mode 100644 index 0000000..49fb7d0 --- /dev/null +++ b/examples/exec/env/README.md @@ -0,0 +1,88 @@ +# Exec KRM Function Example + +This example demonstrates how to use Secretize as an exec KRM function with Kustomize. + +## Prerequisites + +1. Install Kustomize (version 4.0.0 or later) +2. Build the secretize binary + +## Setup + +Build the secretize binary: + +```bash +cd ../.. +go build -o secretize ./cmd/secretize +cd examples/exec +``` + +## Usage + +1. Set the required environment variables: + +```bash +export DATABASE_URL="postgresql://user:pass@localhost/db" +export API_KEY="your-secret-api-key" +export RENAMED_VAR="this-will-be-renamed" +export CONFIG_JSON='{"feature_new_ui": "true", "feature_beta": "false"}' +``` + +2. Run Kustomize build with KRM functions enabled: + +```bash +kustomize build --enable-alpha-plugins --enable-exec . +``` + +## How it Works + +The exec KRM function approach: + +1. Kustomize recognizes the `config.kubernetes.io/function` annotation +2. It executes the specified binary path (`../../secretize`) +3. Kustomize sends a ResourceList to the binary's stdin +4. The binary processes the function config and returns modified ResourceList on stdout +5. The generated Secret is included in the final output + +## Key Differences from Legacy + +- Uses the KRM function specification +- Binary receives input via stdin/stdout instead of command-line arguments +- More flexible and follows the KRM standard +- Can process multiple resources in a pipeline + +## Configuration + +The `secret-generator.yaml` includes: +- `config.kubernetes.io/function`: Specifies the exec function path +- Standard SecretGenerator configuration for providers and secrets + +## Example Output + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: exec-env-secrets +data: + DATABASE_URL: cG9zdGdyZXNxbDovL3VzZXI6cGFzc0Bsb2NhbGhvc3QvZGI= + API_KEY: eW91ci1zZWNyZXQtYXBpLWtleQ== + newName: dGhpcy13aWxsLWJlLXJlbmFtZWQ= + feature_flags: ZmFsc2U= + new_ui: dHJ1ZQ== + beta: ZmFsc2U= +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: exec-example-app +spec: + # ... deployment spec ... +``` + +## Advanced Features + +The exec KRM function supports: +- Renaming keys with the `newName=originalName` syntax +- Processing JSON values into multiple key-value pairs +- All provider types (env, aws-sm, azure-vault, hashicorp-vault, k8s-secret) \ No newline at end of file diff --git a/examples/exec/env/deployment.yaml b/examples/exec/env/deployment.yaml new file mode 100644 index 0000000..6eac000 --- /dev/null +++ b/examples/exec/env/deployment.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: exec-example-app +spec: + replicas: 1 + selector: + matchLabels: + app: exec-example + template: + metadata: + labels: + app: exec-example + spec: + containers: + - name: app + image: nginx:latest + envFrom: + - secretRef: + name: exec-env-secrets + env: + - name: SPECIAL_VAR + valueFrom: + secretKeyRef: + name: exec-env-secrets + key: newName \ No newline at end of file diff --git a/examples/exec/env/kustomization.yaml b/examples/exec/env/kustomization.yaml new file mode 100644 index 0000000..9d55a17 --- /dev/null +++ b/examples/exec/env/kustomization.yaml @@ -0,0 +1,8 @@ +# Exec KRM Function example +# This approach uses the KRM function specification with local executable + +resources: + - deployment.yaml + +generators: + - secret-generator.yaml \ No newline at end of file diff --git a/examples/exec/env/secret-generator.yaml b/examples/exec/env/secret-generator.yaml new file mode 100644 index 0000000..c6dba24 --- /dev/null +++ b/examples/exec/env/secret-generator.yaml @@ -0,0 +1,16 @@ +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: exec-env-secrets + annotations: + config.kubernetes.io/function: | + exec: + path: ../../../secretize +sources: + - provider: env + literals: + - DATABASE_URL + - API_KEY + - newName=RENAMED_VAR + kv: + - CONFIG_JSON \ No newline at end of file diff --git a/examples/exec/vault/README.md b/examples/exec/vault/README.md new file mode 100644 index 0000000..707c805 --- /dev/null +++ b/examples/exec/vault/README.md @@ -0,0 +1,111 @@ +# Exec KRM Function Example with HashiCorp Vault + +This example demonstrates how to use Secretize as an **exec KRM function** with Kustomize, configured to fetch secrets from HashiCorp Vault. + +--- + +## Local Vault Testing with Docker Compose + +A minimal `docker-compose.yml` is provided in this directory to spin up a Vault instance and pre-populate it with all the secrets needed for this example. + +### Steps: +1. **Start Vault and initialize secrets:** + ```bash + docker-compose up -d + # Wait for both 'vault' and 'setup' containers to finish initializing + docker-compose ps + # Vault UI: http://localhost:8200 (token: myroot) + ``` +2. **Set Vault environment variables:** + ```bash + export VAULT_ADDR="http://127.0.0.1:8200" + export VAULT_TOKEN="myroot" + ``` +3. **Build the Secretize binary:** + ```bash + cd ../../.. + go build -o secretize ./cmd/secretize + cd examples/exec/vault + ``` +4. **Run Kustomize build with exec KRM function enabled:** + ```bash + kustomize build --enable-alpha-plugins --enable-exec . + ``` + +--- + +## How it Works + +- Kustomize recognizes the `config.kubernetes.io/function` annotation with `exec` configuration. +- It executes the specified binary path (`../../../secretize`). +- Kustomize sends a ResourceList to the binary's stdin. +- The binary fetches secrets from Vault and returns the generated Secret on stdout. +- The Secret is included in the final output. + +--- + +## Troubleshooting + +### 1. **Secrets Not Found** +- Double-check the secret paths in `secret-generator.yaml`. +- If you have a subfolder called `data` in Vault, your path should be: + ```yaml + - DATABASE_URL=secret/data/data/docker-app/database-url:value + ``` +- If not, use: + ```yaml + - DATABASE_URL=secret/data/docker-app/database-url:value + ``` +- You can confirm the path with: + ```bash + vault kv get + # Example: + vault kv get secret/data/docker-app/database-url + vault kv get secret/data/data/docker-app/database-url + ``` +- If using the API, try: + ```bash + curl -H "X-Vault-Token: myroot" http://127.0.0.1:8200/v1/secret/data/docker-app/database-url + curl -H "X-Vault-Token: myroot" http://127.0.0.1:8200/v1/secret/data/data/docker-app/database-url + ``` + +### 2. **Authentication Failed** +- Make sure `VAULT_TOKEN` is set and valid. +- The default token for the test setup is `myroot`. + +### 3. **Vault Not Reachable** +- Make sure `VAULT_ADDR` is set to `http://127.0.0.1:8200` (or your Vault address). +- Ensure the Vault container is running and healthy. + +### 4. **Plugin Path Issues** +- The `path` in the annotation should be correct relative to this folder: + ```yaml + annotations: + config.kubernetes.io/function: | + exec: + path: ../../../secretize + ``` + +--- + +## Technical Note: Vault Path Structure + +- The full path to a secret is: `/data//` for KV v2 API. +- In the Vault UI, you may see a subfolder called `data`—this is part of your logical path. +- If your secret is at `data/docker-app/api-key` in the UI under the `secret` mount, the full path is: + ```yaml + secret/data/docker-app/api-key + ``` +- If you have a subfolder called `data`, the path is: + ```yaml + secret/data/data/docker-app/api-key + ``` +- Always confirm with the Vault CLI or API if unsure. + +--- + +## Security Considerations + +- Never hardcode tokens in production. +- Use AppRole or Kubernetes authentication for production. +- Rotate tokens and audit secret access. \ No newline at end of file diff --git a/examples/exec/vault/deployment.yaml b/examples/exec/vault/deployment.yaml new file mode 100644 index 0000000..578356c --- /dev/null +++ b/examples/exec/vault/deployment.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: docker-example-app +spec: + replicas: 1 + selector: + matchLabels: + app: docker-example + template: + metadata: + labels: + app: docker-example + spec: + containers: + - name: app + image: nginx:latest + envFrom: + - secretRef: + name: docker-env-secrets + env: + - name: RUNTIME + value: "container" \ No newline at end of file diff --git a/examples/exec/vault/docker-compose.yml b/examples/exec/vault/docker-compose.yml new file mode 100644 index 0000000..8fe9cb2 --- /dev/null +++ b/examples/exec/vault/docker-compose.yml @@ -0,0 +1,52 @@ +version: '3.8' + +services: + # HashiCorp Vault for testing + vault: + image: hashicorp/vault:1.15 + container_name: secretize-vault-test + ports: + - "8200:8200" + environment: + VAULT_DEV_ROOT_TOKEN_ID: myroot + VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200 + VAULT_ADDR: http://127.0.0.1:8200 + cap_add: + - IPC_LOCK + command: vault server -dev -dev-root-token-id=myroot + healthcheck: + test: ["CMD", "vault", "status"] + interval: 5s + timeout: 3s + retries: 5 + volumes: + - ./vault-data:/vault/data + + # Setup container to initialize Vault with test secrets + setup: + image: hashicorp/vault:1.15 + container_name: secretize-vault-setup + depends_on: + vault: + condition: service_healthy + environment: + VAULT_ADDR: http://vault:8200 + VAULT_TOKEN: myroot + command: > + sh -c " + echo 'Waiting for Vault to be ready...' && + sleep 5 && + echo 'Creating test secrets...' && + vault kv put secret/data/docker-app/database-url value='postgresql://vault-user:vault-pass@vault-db:5432/vault_db' && + vault kv put secret/data/docker-app/api-key value='vault-api-key-12345' && + vault kv put secret/data/docker-app/jwt-secret value='super-secret-jwt-signing-key' && + vault kv put secret/data/docker-app/app-config debug=true log_level=info max_connections=100 timeout=30s && + vault kv put secret/data/docker-app/feature-flags new_ui=true beta_features=false experimental=true dark_mode=enabled && + echo 'Vault setup complete!' && + echo 'Vault UI: http://localhost:8200 (token: myroot)' + " + +networks: + default: + name: vault-network + driver: bridge \ No newline at end of file diff --git a/examples/exec/vault/kustomization.yaml b/examples/exec/vault/kustomization.yaml new file mode 100644 index 0000000..0bcb02e --- /dev/null +++ b/examples/exec/vault/kustomization.yaml @@ -0,0 +1,8 @@ +# Containerized KRM Function example +# This approach uses the KRM function specification with Docker container + +resources: + - deployment.yaml + +generators: + - secret-generator.yaml \ No newline at end of file diff --git a/examples/exec/vault/secret-generator.yaml b/examples/exec/vault/secret-generator.yaml new file mode 100644 index 0000000..3fb02fc --- /dev/null +++ b/examples/exec/vault/secret-generator.yaml @@ -0,0 +1,19 @@ +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: docker-vault-secrets + annotations: + config.kubernetes.io/function: | + exec: + path: ../../../secretize +sources: + - provider: hashicorp-vault + literals: + # Single secret values from docker-app namespace (with extra 'data' subfolder) + - DATABASE_URL=secret/data/data/docker-app/database-url:value + - API_KEY=secret/data/data/docker-app/api-key:value + - JWT_SECRET=secret/data/data/docker-app/jwt-secret:value + kv: + # KV secrets with all key-value pairs (with extra 'data' subfolder) + - secret/data/data/docker-app/app-config + - secret/data/data/docker-app/feature-flags diff --git a/examples/legacy/env/README.md b/examples/legacy/env/README.md new file mode 100644 index 0000000..c5906f3 --- /dev/null +++ b/examples/legacy/env/README.md @@ -0,0 +1,151 @@ +# Legacy Kustomize Plugin Example + +⚠️ **DEPRECATED** ⚠️ + +This example demonstrates the **legacy** Kustomize plugin system, which is **deprecated** and may not work with newer versions of Kustomize (v4.0.0+). + +## ⚠️ Important Notice + +**This approach is deprecated and may not work with current Kustomize versions.** The legacy plugin system has been replaced by the Kubernetes Resource Model (KRM) Functions. + +### Recommended Alternative + +For new projects, use the **KRM Function approach** instead: + +- **Exec KRM Function**: See [`../../exec/env/`](../../exec/env/) for a working example +- **Container KRM Function**: See [`../../docker/`](../../docker/) for container-based approach + +The modern approach is more reliable, follows standards, and works with current Kustomize versions. + +## Why This May Not Work + +The legacy plugin system has several issues with newer Kustomize versions: + +1. **Plugin Interface Changes**: The plugin execution interface has changed, causing "no function config provided" errors +2. **Deprecated Architecture**: The `$XDG_CONFIG_HOME/kustomize/plugin/` directory structure is no longer the recommended approach +3. **Limited Compatibility**: May not work with Kustomize v4.0.0+ due to architectural changes + +### Technical Root Cause + +The fundamental issue is that **Kustomize v4.0.0+ changed how it calls plugins**: + +- **Older Kustomize versions (v3.x)**: Called plugins with command-line arguments +- **Newer Kustomize versions (v4.0.0+)**: Call plugins via stdin in KRM Function format + +The Secretize plugin detects stdin input and switches to KRM Function mode, but then fails because: +- Kustomize sends the config via stdin +- The plugin expects a `ResourceList` format with `FunctionConfig` field +- But Kustomize is sending just the raw YAML config +- The plugin fails with "no function config provided" because it can't find the `FunctionConfig` field + +**Why direct execution works**: When calling `"$SECRETIZE_DIR/SecretGenerator" secret-generator.yaml` directly, it uses the legacy mode (command-line arguments), which still works perfectly. + +This explains why the legacy plugin system is fundamentally incompatible with newer Kustomize versions - the interface has changed completely. + +## Prerequisites + +1. Install Kustomize (version 3.x or earlier for best compatibility) +2. Install Secretize plugin to the Kustomize plugin directory + +## Installation + +```bash +# Set XDG_CONFIG_HOME if not already set +export XDG_CONFIG_HOME=~/.config + +# Create plugin directory +export SECRETIZE_DIR="$XDG_CONFIG_HOME/kustomize/plugin/secretize/v1/secretgenerator" +mkdir -p "$SECRETIZE_DIR" + +# Build and install the plugin +go build -o "$SECRETIZE_DIR/SecretGenerator" ../../../cmd/secretize +``` + +## Usage + +1. Set the required environment variables: + +```bash +export DATABASE_URL="postgresql://user:pass@localhost/db" +export API_KEY="your-secret-api-key" +export CONFIG_JSON='{"feature_new_ui": "true", "feature_beta": "false"}' +``` + +2. Run Kustomize build: + +```bash +kustomize build --enable-alpha-plugins . +``` + +**Note**: This command may fail with newer Kustomize versions due to the deprecated plugin system. + +### Alternative: Direct Plugin Execution + +If the Kustomize integration fails, you can run the plugin directly: + +```bash +"$SECRETIZE_DIR/SecretGenerator" secret-generator.yaml +``` + +This will generate the secret directly without Kustomize integration. + +## How it Works + +The legacy plugin system works by: + +1. Kustomize looks for a binary named `SecretGenerator` in the plugin directory path based on the apiVersion and kind +2. It executes the binary with the YAML configuration file as an argument +3. The plugin reads the configuration, fetches secrets from the specified providers, and outputs a Kubernetes Secret resource +4. Kustomize includes the generated Secret in the final output + +## Configuration + +The `secret-generator.yaml` file specifies: +- `provider`: The secret provider to use (env, aws-sm, azure-vault, etc.) +- `literals`: Single string values to fetch +- `kv`: JSON values to parse as key-value pairs + +## Example Output + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: env-secrets +data: + DATABASE_URL: cG9zdGdyZXNxbDovL3VzZXI6cGFzc0Bsb2NhbGhvc3QvZGI= + API_KEY: eW91ci1zZWNyZXQtYXBpLWtleQ== + feature_flags: dHJ1ZQ== +``` + +## Migration to Modern Approach + +To migrate from this legacy approach to the modern KRM Function approach: + +1. **Update your secret-generator.yaml**: + ```yaml + apiVersion: secretize/v1 + kind: SecretGenerator + metadata: + name: env-secrets + annotations: + config.kubernetes.io/function: | + exec: + path: ../../../secretize # Path to your secretize binary + sources: + - provider: env + literals: + - DATABASE_URL + - API_KEY + kv: + - CONFIG_JSON + ``` + +2. **Update your build command**: + ```bash + kustomize build --enable-alpha-plugins --enable-exec . + ``` + +3. **Remove the legacy plugin installation** - no longer needed with KRM Functions + +See [`../../exec/env/README.md`](../../exec/env/README.md) for a complete working example. \ No newline at end of file diff --git a/examples/legacy/env/deployment.yaml b/examples/legacy/env/deployment.yaml new file mode 100644 index 0000000..92a6edf --- /dev/null +++ b/examples/legacy/env/deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: example-app +spec: + replicas: 1 + selector: + matchLabels: + app: example + template: + metadata: + labels: + app: example + spec: + containers: + - name: app + image: nginx:latest + envFrom: + - secretRef: + name: env-secrets \ No newline at end of file diff --git a/examples/legacy/env/kustomization.yaml b/examples/legacy/env/kustomization.yaml new file mode 100644 index 0000000..bc56b9c --- /dev/null +++ b/examples/legacy/env/kustomization.yaml @@ -0,0 +1,9 @@ +# Legacy Kustomize plugin example +# This approach uses the traditional Kustomize plugin system +# where the plugin is installed in $XDG_CONFIG_HOME/kustomize/plugin + +generators: + - secret-generator.yaml + +resources: + - deployment.yaml \ No newline at end of file diff --git a/examples/legacy/env/secret-generator.yaml b/examples/legacy/env/secret-generator.yaml new file mode 100644 index 0000000..3ffe2b3 --- /dev/null +++ b/examples/legacy/env/secret-generator.yaml @@ -0,0 +1,11 @@ +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: env-secrets +sources: + - provider: env + literals: + - DATABASE_URL + - API_KEY + kv: + - CONFIG_JSON \ No newline at end of file diff --git a/examples/legacy/vault/README.md b/examples/legacy/vault/README.md new file mode 100644 index 0000000..72ebb34 --- /dev/null +++ b/examples/legacy/vault/README.md @@ -0,0 +1,121 @@ +# Legacy Kustomize Plugin Example with HashiCorp Vault + +⚠️ **DEPRECATED** ⚠️ + +This example demonstrates the **legacy** Kustomize plugin system with HashiCorp Vault, which is **deprecated** and may not work with newer versions of Kustomize (v4.0.0+). + +## ⚠️ Important Notice + +**This approach is deprecated and may not work with current Kustomize versions.** The legacy plugin system has been replaced by the Kubernetes Resource Model (KRM) Functions. + +### Recommended Alternative + +For new projects, use the **KRM Function approach** instead: +- See [`../../exec/vault/`](../../exec/vault/) for a working example + +The modern approach is more reliable, follows standards, and works with current Kustomize versions. + +## Why This May Not Work + +The legacy plugin system has several issues with newer Kustomize versions: + +1. **Plugin Interface Changes**: The plugin execution interface has changed, causing "no function config provided" errors +2. **Deprecated Architecture**: The `$XDG_CONFIG_HOME/kustomize/plugin/` directory structure is no longer the recommended approach +3. **Limited Compatibility**: May not work with Kustomize v4.0.0+ due to architectural changes + +### Technical Root Cause + +The fundamental issue is that **Kustomize v4.0.0+ changed how it calls plugins**: +- **Older Kustomize versions (v3.x)**: Called plugins with command-line arguments +- **Newer Kustomize versions (v4.0.0+)**: Call plugins via stdin in KRM Function format + +The Secretize plugin detects stdin input and switches to KRM Function mode, but then fails because: +- Kustomize sends the config via stdin +- The plugin expects a `ResourceList` format with `FunctionConfig` field +- But Kustomize is sending just the raw YAML config +- The plugin fails with "no function config provided" because it can't find the `FunctionConfig` field + +**Why direct execution works**: When calling `"$SECRETIZE_DIR/SecretGenerator" secret-generator.yaml` directly, it uses the legacy mode (command-line arguments), which still works perfectly. + +This explains why the legacy plugin system is fundamentally incompatible with newer Kustomize versions - the interface has changed completely. + +--- + +## Prerequisites + +1. Install Kustomize (version 3.x or earlier for best compatibility) +2. Install Docker +3. Install Secretize plugin to the Kustomize plugin directory + +--- + +## Local Vault Testing with Minimal Docker Compose + +You can use the provided `docker-compose.yml` in this folder to spin up a local Vault instance with all the secrets needed for this example. + +### Steps: + +1. **Start Vault and initialize secrets:** + ```bash + docker-compose up -d + # Wait for both 'vault' and 'setup' containers to finish initializing + docker-compose ps + # Vault UI: http://localhost:8200 (token: myroot) + ``` + +2. **Set up the legacy plugin:** + ```bash + export XDG_CONFIG_HOME=~/.config + export SECRETIZE_DIR="$XDG_CONFIG_HOME/kustomize/plugin/secretize/v1/secretgenerator" + mkdir -p "$SECRETIZE_DIR" + go build -o "$SECRETIZE_DIR/SecretGenerator" ../../../cmd/secretize + ``` + +3. **Run the plugin directly (recommended for legacy):** + + Before running, set the Vault address and token environment variables to match your local Vault instance: + ```bash + export VAULT_ADDR="http://127.0.0.1:8200" + export VAULT_TOKEN="myroot" + "$SECRETIZE_DIR/SecretGenerator" secret-generator.yaml + ``` + This will output the generated Kubernetes Secret using the secrets from Vault. + +4. **(Optional) Try Kustomize build (may fail on modern versions):** + ```bash + kustomize build --enable-alpha-plugins . + ``` + **Note:** This will likely fail with modern Kustomize due to the reasons explained above. + +--- + +## Vault Secrets Used + +The setup container in `docker-compose.yml` will create these secrets: +- `secret/data/docker-app/database-url` +- `secret/data/docker-app/api-key` +- `secret/data/docker-app/jwt-secret` +- `secret/data/docker-app/app-config` +- `secret/data/docker-app/feature-flags` + +--- + +## Example Output + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: legacy-vault-secrets +data: + DATABASE_URL: + API_KEY: + JWT_SECRET: + ... +``` + +--- + +## Migration to Modern Approach + +To migrate from this legacy approach to the modern KRM Function approach, see [`../../exec/vault/`](../../exec/vault/). \ No newline at end of file diff --git a/examples/legacy/vault/deployment.yaml b/examples/legacy/vault/deployment.yaml new file mode 100644 index 0000000..578356c --- /dev/null +++ b/examples/legacy/vault/deployment.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: docker-example-app +spec: + replicas: 1 + selector: + matchLabels: + app: docker-example + template: + metadata: + labels: + app: docker-example + spec: + containers: + - name: app + image: nginx:latest + envFrom: + - secretRef: + name: docker-env-secrets + env: + - name: RUNTIME + value: "container" \ No newline at end of file diff --git a/examples/legacy/vault/docker-compose.yml b/examples/legacy/vault/docker-compose.yml new file mode 100644 index 0000000..7429807 --- /dev/null +++ b/examples/legacy/vault/docker-compose.yml @@ -0,0 +1,51 @@ +version: '3.8' + +services: + # HashiCorp Vault for testing + vault: + image: hashicorp/vault:1.15 + container_name: secretize-vault-test + ports: + - "8200:8200" + environment: + VAULT_DEV_ROOT_TOKEN_ID: myroot + VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200 + VAULT_ADDR: http://127.0.0.1:8200 + cap_add: + - IPC_LOCK + command: vault server -dev -dev-root-token-id=myroot + healthcheck: + test: ["CMD", "vault", "status"] + interval: 5s + timeout: 3s + retries: 5 + volumes: + - ./vault-data:/vault/data + + # Setup container to initialize Vault with test secrets + setup: + image: hashicorp/vault:1.15 + container_name: secretize-vault-setup + depends_on: + vault: + condition: service_healthy + environment: + VAULT_ADDR: http://vault:8200 + VAULT_TOKEN: myroot + command: > + sh -c " + echo 'Waiting for Vault to be ready...' && + sleep 5 && + echo 'Creating test secrets...' && + vault kv put secret/data/docker-app/database-url value='postgresql://vault-user:vault-pass@vault-db:5432/vault_db' && + vault kv put secret/data/docker-app/api-key value='vault-api-key-12345' && + vault kv put secret/data/docker-app/jwt-secret value='super-secret-jwt-signing-key' && + vault kv put secret/data/docker-app/app-config debug=true log_level=info max_connections=100 timeout=30s && + vault kv put secret/data/docker-app/feature-flags new_ui=true beta_features=false experimental=true dark_mode=enabled && + echo 'Vault setup complete!' && + echo 'Vault UI: http://localhost:8200 (token: myroot)' + " + +networks: + default: + name: secretize-vault-test \ No newline at end of file diff --git a/examples/legacy/vault/kustomization.yaml b/examples/legacy/vault/kustomization.yaml new file mode 100644 index 0000000..0bcb02e --- /dev/null +++ b/examples/legacy/vault/kustomization.yaml @@ -0,0 +1,8 @@ +# Containerized KRM Function example +# This approach uses the KRM function specification with Docker container + +resources: + - deployment.yaml + +generators: + - secret-generator.yaml \ No newline at end of file diff --git a/examples/legacy/vault/secret-generator.yaml b/examples/legacy/vault/secret-generator.yaml new file mode 100644 index 0000000..39b4088 --- /dev/null +++ b/examples/legacy/vault/secret-generator.yaml @@ -0,0 +1,15 @@ +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: legacy-vault-secrets +sources: + - provider: hashicorp-vault + literals: + # Single secret values from docker-app namespace (with extra 'data' subfolder) + - DATABASE_URL=secret/data/data/docker-app/database-url:value + - API_KEY=secret/data/data/docker-app/api-key:value + - JWT_SECRET=secret/data/data/docker-app/jwt-secret:value + kv: + # KV secrets with all key-value pairs (with extra 'data' subfolder) + - secret/data/data/docker-app/app-config + - secret/data/data/docker-app/feature-flags \ No newline at end of file diff --git a/go.mod b/go.mod index 9d09277..2081b95 100644 --- a/go.mod +++ b/go.mod @@ -1,23 +1,88 @@ module github.com/bbl/secretize -go 1.13 +go 1.19 require ( github.com/Azure/azure-sdk-for-go v46.4.0+incompatible github.com/Azure/go-autorest/autorest v0.11.6 github.com/Azure/go-autorest/autorest/azure/auth v0.5.2 - github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect - github.com/Azure/go-autorest/autorest/validation v0.3.0 // indirect github.com/aws/aws-sdk-go v1.35.1 github.com/hashicorp/vault/api v1.0.4 - github.com/kr/pretty v0.2.0 // indirect - github.com/magiconair/properties v1.8.0 github.com/sirupsen/logrus v1.6.0 - github.com/stretchr/testify v1.4.0 - golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 // indirect - gopkg.in/yaml.v2 v2.3.0 + github.com/stretchr/testify v1.8.1 + gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.17.0 k8s.io/apimachinery v0.17.0 k8s.io/client-go v0.17.0 sigs.k8s.io/kustomize/api v0.6.2 + sigs.k8s.io/kustomize/kyaml v0.14.3 +) + +require ( + github.com/Azure/go-autorest v14.2.0+incompatible // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.4 // indirect + github.com/Azure/go-autorest/autorest/azure/cli v0.4.1 // indirect + github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect + github.com/Azure/go-autorest/autorest/to v0.4.1 // indirect + github.com/Azure/go-autorest/autorest/validation v0.3.2 // indirect + github.com/Azure/go-autorest/logger v0.2.0 // indirect + github.com/Azure/go-autorest/tracing v0.6.0 // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect + github.com/dimchansky/utfbom v1.1.0 // indirect + github.com/evanphx/json-patch v4.5.0+incompatible // indirect + github.com/go-errors/errors v1.4.2 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/snappy v0.0.1 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.5.9 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d // indirect + github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/go-cleanhttp v0.5.1 // indirect + github.com/hashicorp/go-multierror v1.0.0 // indirect + github.com/hashicorp/go-retryablehttp v0.5.4 // indirect + github.com/hashicorp/go-rootcerts v1.0.1 // indirect + github.com/hashicorp/go-sockaddr v1.0.2 // indirect + github.com/hashicorp/hcl v1.0.0 // indirect + github.com/hashicorp/vault/sdk v0.1.13 // indirect + github.com/imdario/mergo v0.3.5 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/mapstructure v1.1.2 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect + github.com/pierrec/lz4 v2.0.5+incompatible // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/ryanuber/go-glob v1.0.0 // indirect + github.com/spf13/cobra v1.7.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/xlab/treeprint v1.2.0 // indirect + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect + golang.org/x/net v0.4.0 // indirect + golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 // indirect + golang.org/x/sys v0.8.0 // indirect + golang.org/x/text v0.5.0 // indirect + golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect + google.golang.org/appengine v1.5.0 // indirect + google.golang.org/protobuf v1.30.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/square/go-jose.v2 v2.3.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/klog v1.0.0 // indirect + k8s.io/kube-openapi v0.0.0-20230601164746-7562a1006961 // indirect + k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect + sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 768cdec..c035cc9 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,5 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= github.com/360EntSecGroup-Skylar/excelize v1.4.1/go.mod h1:vnax29X2usfl7HHkBrX5EvSCJcmH3dT9luvxzu8iGAE= github.com/Azure/azure-sdk-for-go v46.4.0+incompatible h1:fCN6Pi+tEiEwFa8RSmtVlFHRXEZ+DJm9gfx/MKqYWw4= @@ -24,10 +23,10 @@ github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxB github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.0 h1:3I9AAI63HfcLtphd9g39ruUwRI+Ca+z/f36KHPFRUss= -github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= +github.com/Azure/go-autorest/autorest/to v0.4.1 h1:CxNHBqdzTr7rLtdrtb5CMjJcDut+WNGCVv7OmS5+lTc= +github.com/Azure/go-autorest/autorest/to v0.4.1/go.mod h1:EtaofgU4zmtvn1zT2ARsjRFdq9vXx0YWtmElwL+GZ9M= +github.com/Azure/go-autorest/autorest/validation v0.3.2 h1:myD3tcvs+Fk1bkJ1Xx7xidop4z4FWvWADiMGMXeVd2E= +github.com/Azure/go-autorest/autorest/validation v0.3.2/go.mod h1:4z7eU88lSINAB5XL8mhfPumiUdoAQo/c7qXwbsM8Zhc= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/logger v0.2.0 h1:e4RVHVZKC5p6UANLJHkM4OfR1UKZPj8Wt8Pcx+3oqrE= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= @@ -55,6 +54,8 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.35.1 h1:dGBUiVpdG6Zho3taAqGJKxuhn+qIrP3OdjfrtqowDyc= github.com/aws/aws-sdk-go v1.35.1/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -75,10 +76,14 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4= @@ -90,6 +95,7 @@ github.com/dustmop/soup v1.1.2-0.20190516214245-38228baa104e/go.mod h1:CgNC6SGbT github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M= github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= @@ -100,6 +106,8 @@ github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0 github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/go-critic/go-critic v0.3.5-0.20190904082202-d79a9f0c64db/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc= github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM= @@ -120,11 +128,15 @@ github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwds github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= @@ -149,6 +161,8 @@ github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/ github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.8/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= @@ -183,6 +197,10 @@ github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= @@ -201,50 +219,62 @@ github.com/golangci/revgrep v0.0.0-20180526074752-d9c87f5ffaf0/go.mod h1:qOQCunE github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= -github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4 h1:hU4mGcQI4DaAYW+IbTun+2qEZVFxK0ySjQLTbS0VQKc= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d h1:7XGaL1e6bYS1yIonGp9761ExpPPV1ui0SAC59Yube9k= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= -github.com/gordonklaus/ineffassign v0.0.0-20200809085317-e36bfde3bb78 h1:U/zHjaVG/sECz5xhnh7kPH+Fv/maPbhZPcaTquo5sPg= -github.com/gordonklaus/ineffassign v0.0.0-20200809085317-e36bfde3bb78/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= +github.com/hashicorp/go-retryablehttp v0.5.4 h1:1BZvpawXoJCWX6pNtow9+rpEj+3itIlutiqnntI6jOE= github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= +github.com/hashicorp/go-rootcerts v1.0.1 h1:DMo4fmknnz0E0evoNYnV48RjWndOsmd6OW+09R3cEP8= github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I= +github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/vault/api v1.0.4 h1:j08Or/wryXT4AcHj1oCbMd7IijXcKzYUGw59LGu9onU= github.com/hashicorp/vault/api v1.0.4/go.mod h1:gDcqh3WGcR1cpF5AJz/B1UFheUEneMoIospckxBxk6Q= +github.com/hashicorp/vault/sdk v0.1.13 h1:mOEPeOhT7jl0J4AMl1E705+BcmeRs1VmKNb9F0sMLy8= github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= @@ -252,14 +282,19 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -274,16 +309,16 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -291,6 +326,8 @@ github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -301,20 +338,25 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -325,20 +367,25 @@ github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQ github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/paulmach/orb v0.1.3/go.mod h1:VFlX/8C+IQ1p6FTRRKzKoOPJnvEtA5G0Veuqwbu//Vk= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -354,12 +401,16 @@ github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4do github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc= github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= @@ -378,6 +429,8 @@ github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTd github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= +github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= +github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -388,11 +441,19 @@ github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/y github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.3-0.20181224173747-660f15d67dbb/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -409,13 +470,14 @@ github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= +github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= +github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yujunz/go-getter v1.4.1-lite/go.mod h1:sbmqxXjyLunH1PkF3n7zSlnVeMvmYUuIl9ZVs/7NyCc= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.opencensus.io v0.21.0 h1:mU6zScU4U1YAFPHEHYk+3JC4SY7JxgkqS10ZOSyksNg= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.starlark.net v0.0.0-20190528202925-30ae18b8564f/go.mod h1:c1/X6cHgvdXj6pUlmWKMkuqRnW4K8x2vwt6JAaaircg= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= @@ -460,8 +522,9 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= @@ -491,14 +554,17 @@ golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 h1:5/PjkGUjvEU5Gl6BxmvKRPpqo2uNMv4rcHBMwzk/st8= -golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -525,7 +591,7 @@ golang.org/x/tools v0.0.0-20190930201159-7c411dea38b0/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0 h1:KKgc1aqhV8wDPbDzlDtpvyjZFY3vjz85FP7p4wcQUyI= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -534,22 +600,28 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7 h1:ZUjXAXmrAyrmmCPHgCA/vChHcpsX27MZ3yBonD/z1KE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= @@ -557,9 +629,13 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200121175148-a6ecf24a6d71/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -576,16 +652,23 @@ k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo= +k8s.io/kube-openapi v0.0.0-20230601164746-7562a1006961 h1:pqRVJGQJz6oeZby8qmPKXYIBjyrcv7EHCe/33UkZMYA= +k8s.io/kube-openapi v0.0.0-20230601164746-7562a1006961/go.mod h1:l8HTwL5fqnlns4jOveW1L75eo7R9KFHxiE0bsPGy428= k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= +k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/kustomize/api v0.6.2 h1:qZzMiyllvwBv6KQ8V3VsF452INpDW4eWEHOfyeKvkHw= sigs.k8s.io/kustomize/api v0.6.2/go.mod h1:OL467fU5FuolXnIPUqhBLSXUUD00/IBjHs+dBdAS75E= sigs.k8s.io/kustomize/kyaml v0.8.1/go.mod h1:UTm64bSWVdBUA8EQoYCxVOaBQxUdIOr5LKWxA4GNbkw= +sigs.k8s.io/kustomize/kyaml v0.14.3 h1:WpabVAKZe2YEp/irTSHwD6bfjwZnTtSDewd2BVJGMZs= +sigs.k8s.io/kustomize/kyaml v0.14.3/go.mod h1:npvh9epWysfQ689Rtt/U+dpOJDTBn8kUnF1O6VzvmZA= sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/pkg/generator/generator.go b/pkg/generator/generator.go index 8a76ebc..fb43f18 100644 --- a/pkg/generator/generator.go +++ b/pkg/generator/generator.go @@ -2,19 +2,20 @@ package generator import ( "encoding/base64" + "strings" + "github.com/bbl/secretize/internal/k8s" "github.com/bbl/secretize/internal/providers" "github.com/bbl/secretize/pkg/utils" "gopkg.in/yaml.v2" "sigs.k8s.io/kustomize/api/types" - "strings" ) type RegistryFunc func(params map[string]string) map[string]func() (providers.SecretsProvider, error) func ProviderRegistry(params map[string]string) map[string]func() (providers.SecretsProvider, error) { return map[string]func() (providers.SecretsProvider, error){ - "aws-sm": providers.NewAwsSMProvider, + "aws-sm": providers.NewAwsSMProvider, "hashicorp-vault": providers.NewHashicorpVaultProvider, "azure-vault": func() (providers.SecretsProvider, error) { return providers.NewAzureVaultProvider(params["name"]) @@ -64,9 +65,10 @@ func (l *Literal) UnmarshalYAML(unmarshal func(interface{}) error) error { return nil } - res := strings.Split(stringLiteral, "=") - l.Key = res[0] - l.Value = res[1] + // Split on the first "=" only + idx := strings.Index(stringLiteral, "=") + l.Key = stringLiteral[:idx] + l.Value = stringLiteral[idx+1:] return nil } diff --git a/pkg/generator/krm_integration_test.go b/pkg/generator/krm_integration_test.go new file mode 100644 index 0000000..5cf56f1 --- /dev/null +++ b/pkg/generator/krm_integration_test.go @@ -0,0 +1,198 @@ +package generator + +import ( + "encoding/base64" + "os" + "testing" + + "github.com/stretchr/testify/assert" + "gopkg.in/yaml.v2" + "sigs.k8s.io/kustomize/api/types" +) + +func TestKRMIntegrationWithMultipleProviders(t *testing.T) { + // Set up test environment variables + os.Setenv("TEST_LITERAL", "literal-value") + os.Setenv("TEST_JSON", `{"key1": "value1", "key2": "value2"}`) + defer func() { + os.Unsetenv("TEST_LITERAL") + os.Unsetenv("TEST_JSON") + }() + + // Test configuration with multiple sources + config := &SecretGenerator{ + Meta: types.ObjectMeta{ + Name: "multi-source-secret", + }, + Sources: []SecretSource{ + { + Provider: "env", + SecretsSpec: SecretsSpec{ + Literals: []Literal{ + {Key: "literal1", Value: "TEST_LITERAL"}, + {Key: "renamed", Value: "TEST_LITERAL"}, + }, + KVLiterals: []string{"TEST_JSON"}, + }, + }, + }, + } + + // Fetch secrets + secrets, err := config.FetchSecrets(ProviderRegistry) + assert.NoError(t, err) + assert.NotEmpty(t, secrets) + + // Verify literals + assert.Equal(t, "literal-value", secrets["literal1"]) + assert.Equal(t, "literal-value", secrets["renamed"]) + + // Verify KV expansion + assert.Equal(t, "value1", secrets["key1"]) + assert.Equal(t, "value2", secrets["key2"]) + + // Generate the secret + secret := config.Generate(secrets) + assert.Equal(t, "multi-source-secret", secret.Meta.Name) + + // Verify base64 encoding + for key, value := range secrets { + encoded := base64.StdEncoding.EncodeToString([]byte(value)) + assert.Equal(t, encoded, secret.Data[key]) + } +} + +func TestKRMFunctionConfigParsing(t *testing.T) { + // Test parsing various valid configurations + testCases := []struct { + name string + yaml string + valid bool + errMsg string + }{ + { + name: "valid basic config", + yaml: ` +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: test +sources: + - provider: env + literals: + - TEST_VAR +`, + valid: true, + }, + { + name: "config with annotations", + yaml: ` +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: test + annotations: + config.kubernetes.io/function: | + exec: + path: ./secretize +sources: + - provider: env + literals: + - TEST_VAR +`, + valid: true, + }, + { + name: "empty sources", + yaml: ` +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: test +sources: [] +`, + valid: true, + }, + { + name: "multiple providers", + yaml: ` +apiVersion: secretize/v1 +kind: SecretGenerator +metadata: + name: test +sources: + - provider: env + literals: + - VAR1 + - provider: env + literals: + - VAR2 +`, + valid: true, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + config, err := ParseConfig([]byte(tc.yaml)) + if tc.valid { + assert.NoError(t, err) + assert.NotNil(t, config) + } else { + assert.Error(t, err) + if tc.errMsg != "" { + assert.Contains(t, err.Error(), tc.errMsg) + } + } + }) + } +} + +func TestLiteralParsing(t *testing.T) { + testCases := []struct { + input string + expectedKey string + expectedVal string + }{ + {"simple", "simple", "simple"}, + {"key=value", "key", "value"}, + {"key=value=with=equals", "key", "value=with=equals"}, + {"", "", ""}, + } + + for _, tc := range testCases { + t.Run(tc.input, func(t *testing.T) { + var literal Literal + err := yaml.Unmarshal([]byte(tc.input), &literal) + assert.NoError(t, err) + assert.Equal(t, tc.expectedKey, literal.Key) + assert.Equal(t, tc.expectedVal, literal.Value) + }) + } +} + +func TestSecretTypeHandling(t *testing.T) { + config := &SecretGenerator{ + Meta: types.ObjectMeta{ + Name: "typed-secret", + }, + Type: "kubernetes.io/tls", + Sources: []SecretSource{ + { + Provider: "env", + SecretsSpec: SecretsSpec{ + Literals: []Literal{ + {Key: "tls.crt", Value: "HOME"}, + {Key: "tls.key", Value: "USER"}, + }, + }, + }, + }, + } + + secrets, err := config.FetchSecrets(ProviderRegistry) + assert.NoError(t, err) + + secret := config.Generate(secrets) + assert.Equal(t, "kubernetes.io/tls", secret.Type) +}