From 828f2bfc38d77bc6f0018347eaf135f4191332da Mon Sep 17 00:00:00 2001 From: Vincent Shen Date: Fri, 15 May 2026 08:19:30 -0700 Subject: [PATCH] chore(deps): update all Go dependencies Co-Authored-By: Claude Opus 4.7 (1M context) --- go.mod | 244 +- go.sum | 607 +- .../go/buf/validate/validate.pb.go | 2322 +++-- .../buf/validate/validate_protoopaque.pb.go | 2276 +++-- vendor/cloud.google.com/go/auth/CHANGES.md | 2 + .../go/auth/httptransport/transport.go | 300 +- .../go/auth/internal/version.go | 4 +- vendor/connectrpc.com/connect/.gitignore | 1 + vendor/connectrpc.com/connect/.golangci.yml | 299 +- vendor/connectrpc.com/connect/MAINTAINERS.md | 1 + vendor/connectrpc.com/connect/Makefile | 3 +- vendor/connectrpc.com/connect/RELEASE.md | 2 +- .../connectrpc.com/connect/client_stream.go | 12 + vendor/connectrpc.com/connect/connect.go | 37 +- vendor/connectrpc.com/connect/context.go | 9 +- .../connect/duplex_http_call.go | 42 +- vendor/connectrpc.com/connect/error.go | 15 +- vendor/connectrpc.com/connect/handler.go | 4 + .../connectrpc.com/connect/handler_stream.go | 7 + vendor/connectrpc.com/connect/interceptor.go | 2 + .../connect/protocol_connect.go | 2 +- .../connectrpc.com/connect/protocol_grpc.go | 4 +- vendor/connectrpc.com/connect/recover.go | 4 +- .../go/oci/ociregistry/ociauth/authfile.go | 157 +- vendor/cuelang.org/go/cue/format/node.go | 4 +- vendor/cuelang.org/go/cue/parser/parser.go | 20 +- vendor/cuelang.org/go/cue/token/token.go | 16 +- .../cuelang.org/go/cue/token/token_string.go | 15 +- vendor/cuelang.org/go/encoding/json/json.go | 6 +- .../go/encoding/jsonschema/generate.go | 3 + .../go/encoding/jsonschema/jsonschema.go | 2 + .../cuelang.org/go/encoding/openapi/decode.go | 2 + .../go/encoding/protobuf/protobuf.go | 4 +- vendor/cuelang.org/go/encoding/toml/decode.go | 2 + .../go/encoding/xml/koala/decode.go | 2 + vendor/cuelang.org/go/encoding/yaml/yaml.go | 8 +- .../go/internal/astinternal/debug.go | 6 +- .../go/internal/core/compile/compile.go | 4 - .../go/internal/core/convert/go.go | 46 +- .../go/internal/core/export/adt.go | 7 +- .../go/internal/cueversion/version.go | 2 +- vendor/cuelang.org/go/pkg/encoding/hex/hex.go | 4 +- vendor/cuelang.org/go/pkg/html/html.go | 6 +- vendor/cuelang.org/go/pkg/list/sort.go | 2 +- vendor/cuelang.org/go/pkg/net/ip.go | 2 +- vendor/cuelang.org/go/pkg/regexp/manual.go | 12 +- vendor/cuelang.org/go/pkg/strings/manual.go | 14 +- vendor/cyphar.com/go-pathrs/handle_linux.go | 8 +- .../internal/libpathrs/libpathrs_linux.go | 76 +- .../go-pathrs/procfs/procfs_linux.go | 10 +- vendor/cyphar.com/go-pathrs/root_linux.go | 54 +- vendor/cyphar.com/go-pathrs/version_linux.go | 27 + .../github.com/aquasecurity/libbpfgo/Makefile | 51 +- .../aquasecurity/libbpfgo/Readme.md | 3 - .../aquasecurity/libbpfgo/libbpfgo.go | 4 +- .../github.com/aquasecurity/libbpfgo/map.go | 8 + .../aquasecurity/libbpfgo/module.go | 9 +- .../aws/aws-sdk-go-v2/aws/config.go | 4 + .../aws-sdk-go-v2/aws/go_module_metadata.go | 2 +- .../aws/restrict_file_permissions.go | 21 + .../aws-sdk-go-v2/aws/retry/jitter_backoff.go | 77 +- .../aws/aws-sdk-go-v2/aws/retry/middleware.go | 61 +- .../aws/aws-sdk-go-v2/aws/retry/retry.go | 13 + .../aws/aws-sdk-go-v2/aws/retry/standard.go | 108 +- .../aws/aws-sdk-go-v2/config/CHANGELOG.md | 57 + .../aws/aws-sdk-go-v2/config/config.go | 2 + .../aws/aws-sdk-go-v2/config/env_config.go | 34 + .../config/go_module_metadata.go | 2 +- .../{ => config}/internal/ini/errors.go | 0 .../{ => config}/internal/ini/ini.go | 0 .../{ => config}/internal/ini/parse.go | 0 .../{ => config}/internal/ini/sections.go | 0 .../{ => config}/internal/ini/strings.go | 0 .../{ => config}/internal/ini/token.go | 0 .../{ => config}/internal/ini/tokenize.go | 0 .../{ => config}/internal/ini/value.go | 0 .../aws/aws-sdk-go-v2/config/load_options.go | 16 + .../aws/aws-sdk-go-v2/config/provider.go | 16 + .../aws/aws-sdk-go-v2/config/resolve.go | 14 + .../config/resolve_credentials.go | 1 + .../aws/aws-sdk-go-v2/config/shared_config.go | 2 +- .../aws-sdk-go-v2/credentials/CHANGELOG.md | 53 + .../credentials/go_module_metadata.go | 2 +- .../credentials/logincreds/file.go | 4 +- .../credentials/logincreds/provider.go | 14 +- .../feature/ec2/imds/CHANGELOG.md | 36 + .../feature/ec2/imds/go_module_metadata.go | 2 +- .../smithy/v4signer_adapter_eventstream.go | 51 + .../internal/configsources/CHANGELOG.md | 36 + .../configsources/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/internal/context/context.go | 13 + .../internal/endpoints/v2/CHANGELOG.md | 36 + .../endpoints/v2/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/internal/ini/CHANGELOG.md | 296 - .../aws-sdk-go-v2/internal/v4a/CHANGELOG.md | 486 + .../internal/{ini => v4a}/LICENSE.txt | 0 .../aws-sdk-go-v2/internal/v4a/credentials.go | 141 + .../aws/aws-sdk-go-v2/internal/v4a/error.go | 17 + .../{ini => v4a}/go_module_metadata.go | 4 +- .../internal/v4a/internal/crypto/compare.go | 30 + .../internal/v4a/internal/crypto/ecc.go | 113 + .../internal/v4a/internal/v4/const.go | 36 + .../internal/v4a/internal/v4/header_rules.go | 82 + .../internal/v4a/internal/v4/headers.go | 68 + .../internal/v4a/internal/v4/hmac.go | 13 + .../internal/v4a/internal/v4/host.go | 75 + .../internal/v4a/internal/v4/time.go | 36 + .../internal/v4a/internal/v4/util.go | 64 + .../aws-sdk-go-v2/internal/v4a/middleware.go | 118 + .../internal/v4a/presign_middleware.go | 117 + .../aws/aws-sdk-go-v2/internal/v4a/smithy.go | 92 + .../aws/aws-sdk-go-v2/internal/v4a/v4a.go | 520 + .../service/ecrpublic/CHANGELOG.md | 10 + .../service/ecrpublic/go_module_metadata.go | 2 +- .../internal/accept-encoding/CHANGELOG.md | 20 + .../accept-encoding/go_module_metadata.go | 2 +- .../internal/presigned-url/CHANGELOG.md | 36 + .../presigned-url/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/service/signin/CHANGELOG.md | 45 + .../service/signin/api_client.go | 73 +- .../signin/api_op_CreateOAuth2Token.go | 57 +- ...DeleteConsoleAuthorizationConfiguration.go | 119 + ...pi_op_DeleteResourcePermissionStatement.go | 148 + ...op_GetConsoleAuthorizationConfiguration.go | 119 + .../signin/api_op_GetResourcePolicy.go | 106 + ...api_op_ListResourcePermissionStatements.go | 213 + ...op_PutConsoleAuthorizationConfiguration.go | 119 + .../api_op_PutResourcePermissionStatement.go | 168 + .../aws/aws-sdk-go-v2/service/signin/auth.go | 12 +- .../service/signin/deserializers.go | 2001 +++- .../aws-sdk-go-v2/service/signin/endpoints.go | 646 +- .../service/signin/generated.json | 7 + .../service/signin/go_module_metadata.go | 2 +- .../aws-sdk-go-v2/service/signin/options.go | 4 + .../service/signin/serializers.go | 589 ++ .../service/signin/types/enums.go | 9 + .../service/signin/types/errors.go | 96 + .../service/signin/types/types.go | 47 + .../service/signin/validators.go | 39 + .../aws-sdk-go-v2/service/sso/CHANGELOG.md | 45 + .../aws-sdk-go-v2/service/sso/api_client.go | 57 +- .../service/sso/api_op_GetRoleCredentials.go | 51 +- .../service/sso/api_op_ListAccountRoles.go | 50 +- .../service/sso/api_op_ListAccounts.go | 50 +- .../service/sso/api_op_Logout.go | 51 +- .../aws/aws-sdk-go-v2/service/sso/auth.go | 12 +- .../service/sso/deserializers.go | 3 +- .../aws-sdk-go-v2/service/sso/endpoints.go | 307 +- .../service/sso/go_module_metadata.go | 2 +- .../sso/internal/endpoints/endpoints.go | 5 + .../service/ssooidc/CHANGELOG.md | 48 + .../service/ssooidc/api_client.go | 57 +- .../service/ssooidc/api_op_CreateToken.go | 51 +- .../ssooidc/api_op_CreateTokenWithIAM.go | 51 +- .../service/ssooidc/api_op_RegisterClient.go | 51 +- .../api_op_StartDeviceAuthorization.go | 51 +- .../aws/aws-sdk-go-v2/service/ssooidc/auth.go | 12 +- .../service/ssooidc/endpoints.go | 307 +- .../service/ssooidc/go_module_metadata.go | 2 +- .../ssooidc/internal/endpoints/endpoints.go | 5 + .../aws-sdk-go-v2/service/sts/CHANGELOG.md | 42 + .../aws-sdk-go-v2/service/sts/api_client.go | 91 +- .../service/sts/api_op_AssumeRole.go | 51 +- .../service/sts/api_op_AssumeRoleWithSAML.go | 51 +- .../sts/api_op_AssumeRoleWithWebIdentity.go | 51 +- .../service/sts/api_op_AssumeRoot.go | 51 +- .../sts/api_op_DecodeAuthorizationMessage.go | 51 +- .../service/sts/api_op_GetAccessKeyInfo.go | 51 +- .../service/sts/api_op_GetCallerIdentity.go | 51 +- .../sts/api_op_GetDelegatedAccessToken.go | 51 +- .../service/sts/api_op_GetFederationToken.go | 51 +- .../service/sts/api_op_GetSessionToken.go | 51 +- .../service/sts/api_op_GetWebIdentityToken.go | 51 +- .../aws/aws-sdk-go-v2/service/sts/auth.go | 22 +- .../aws-sdk-go-v2/service/sts/endpoints.go | 965 +- .../aws-sdk-go-v2/service/sts/generated.json | 1 + .../service/sts/go_module_metadata.go | 2 +- .../aws/aws-sdk-go-v2/service/sts/options.go | 48 + vendor/github.com/aws/smithy-go/AGENTS.md | 172 + vendor/github.com/aws/smithy-go/CHANGELOG.md | 81 +- vendor/github.com/aws/smithy-go/README.md | 35 +- .../aws/smithy-go/document/document.go | 124 +- .../aws/smithy-go/encoding/json/value.go | 5 + .../endpoints/private/bdd/evaluate.go | 35 + .../endpoints/private/rulesfn/split.go | 16 + .../endpoints/private/rulesfn/string_slice.go | 18 + .../endpoints/private/rulesfn/uri.go | 3 + .../aws/smithy-go/eventstream/const.go | 24 + .../aws/smithy-go/eventstream/debug.go | 144 + .../aws/smithy-go/eventstream/decode.go | 218 + .../aws/smithy-go/eventstream/deserializer.go | 294 + .../aws/smithy-go/eventstream/encode.go | 167 + .../aws/smithy-go/eventstream/error.go | 23 + .../aws/smithy-go/eventstream/header.go | 175 + .../aws/smithy-go/eventstream/header_value.go | 521 + .../aws/smithy-go/eventstream/message.go | 99 + .../aws/smithy-go/eventstream/serializer.go | 228 + .../aws/smithy-go/eventstream/signer.go | 82 + .../aws/smithy-go/eventstream/types.go | 26 + .../aws/smithy-go/go_module_metadata.go | 2 +- vendor/github.com/aws/smithy-go/schema.go | 328 + vendor/github.com/aws/smithy-go/schema_ext.go | 37 + vendor/github.com/aws/smithy-go/serde.go | 229 + vendor/github.com/aws/smithy-go/sync/error.go | 53 + vendor/github.com/aws/smithy-go/trait.go | 21 + .../github.com/aws/smithy-go/traits/http.go | 69 + .../github.com/aws/smithy-go/traits/index.go | 107 + .../github.com/aws/smithy-go/traits/serde.go | 56 + .../github.com/aws/smithy-go/traits/traits.go | 72 + .../aws/smithy-go/transport/http/auth.go | 9 + .../smithy-go/transport/http/eventstream.go | 209 + .../transport/http/eventstream_middleware.go | 69 + .../aws/smithy-go/transport/http/host.go | 2 +- .../aws/smithy-go/transport/http/protocol.go | 27 + .../github.com/aws/smithy-go/type_registry.go | 70 + .../buildkite/agent/v3/version/VERSION | 2 +- .../stargz-snapshotter/estargz/LICENSE | 202 - .../stargz-snapshotter/estargz/build.go | 756 -- .../estargz/errorutil/errors.go | 40 - .../stargz-snapshotter/estargz/estargz.go | 1232 --- .../stargz-snapshotter/estargz/gzip.go | 237 - .../stargz-snapshotter/estargz/testutil.go | 2403 ----- .../stargz-snapshotter/estargz/types.go | 342 - .../cyphar/filepath-securejoin/CHANGELOG.md | 11 + .../cyphar/filepath-securejoin/VERSION | 2 +- .../pathrs-lite/open_libpathrs.go | 2 +- vendor/github.com/docker/cli/AUTHORS | 17 +- .../docker/cli/cli/config/configfile/file.go | 133 +- .../cli/config/credentials/default_store.go | 17 +- .../cli/cli/config/credentials/file_store.go | 11 +- .../cli/cli/config/memorystore/store.go | 2 +- vendor/github.com/docker/distribution/LICENSE | 202 - .../registry/client/auth/challenge/addr.go | 27 - .../github.com/fsnotify/fsnotify/.cirrus.yml | 14 - .../github.com/fsnotify/fsnotify/CHANGELOG.md | 49 + .../fsnotify/fsnotify/CONTRIBUTING.md | 2 + vendor/github.com/fsnotify/fsnotify/README.md | 56 +- .../fsnotify/fsnotify/backend_fen.go | 4 +- .../fsnotify/fsnotify/backend_inotify.go | 84 +- .../fsnotify/fsnotify/backend_kqueue.go | 68 +- .../fsnotify/fsnotify/backend_windows.go | 78 +- .../github.com/fsnotify/fsnotify/fsnotify.go | 72 +- .../fsnotify/fsnotify/internal/darwin.go | 19 - .../fsnotify/internal/debug_darwin.go | 42 - .../fsnotify/internal/debug_dragonfly.go | 18 - .../fsnotify/internal/debug_freebsd.go | 34 +- .../fsnotify/internal/debug_kqueue.go | 2 +- .../fsnotify/internal/debug_netbsd.go | 10 - .../fsnotify/internal/debug_openbsd.go | 12 - .../fsnotify/fsnotify/internal/freebsd.go | 11 - .../fsnotify/fsnotify/internal/unix.go | 11 - .../fsnotify/fsnotify/internal/unix2.go | 18 + .../fsnotify/fsnotify/internal/windows.go | 1 - vendor/github.com/fxamacker/cbor/v2/README.md | 26 +- vendor/github.com/fxamacker/cbor/v2/decode.go | 2 +- vendor/github.com/fxamacker/cbor/v2/doc.go | 20 +- vendor/github.com/fxamacker/cbor/v2/stream.go | 173 +- vendor/github.com/fxamacker/cbor/v2/tag.go | 5 + .../go-jose/go-jose/v4/asymmetric.go | 10 +- .../go-jose/go-jose/v4/cipher/key_wrap.go | 10 +- .../go-jose/go-jose/v4/symmetric.go | 26 +- .../github.com/go-openapi/analysis/.gitignore | 2 + .../go-openapi/analysis/CONTRIBUTORS.md | 29 +- .../github.com/go-openapi/analysis/README.md | 19 +- .../go-openapi/analysis/analyzer.go | 41 +- .../github.com/go-openapi/analysis/flatten.go | 1 + .../go-openapi/analysis/flatten_name.go | 4 +- .../go-openapi/analysis/flatten_options.go | 14 +- .../go-openapi/analysis/go.work.sum | 47 - .../github.com/go-openapi/analysis/mixin.go | 71 +- .../github.com/go-openapi/analysis/options.go | 21 + .../github.com/go-openapi/errors/.gitignore | 1 - .../go-openapi/errors/CONTRIBUTORS.md | 6 +- vendor/github.com/go-openapi/errors/README.md | 2 +- .../go-openapi/jsonpointer/.cliff.toml | 181 - .../go-openapi/jsonpointer/.gitignore | 1 - .../go-openapi/jsonpointer/CONTRIBUTORS.md | 7 +- .../github.com/go-openapi/jsonpointer/NOTICE | 2 +- .../go-openapi/jsonpointer/README.md | 54 +- .../go-openapi/jsonpointer/errors.go | 26 +- .../go-openapi/jsonpointer/ifaces.go | 47 + .../go-openapi/jsonpointer/options.go | 86 + .../go-openapi/jsonpointer/pointer.go | 348 +- .../go-openapi/jsonreference/.gitignore | 1 - .../go-openapi/jsonreference/CONTRIBUTORS.md | 22 +- .../go-openapi/jsonreference/README.md | 22 +- .../go-openapi/loads/CONTRIBUTORS.md | 6 +- vendor/github.com/go-openapi/loads/README.md | 2 +- .../github.com/go-openapi/runtime/.gitignore | 1 + .../go-openapi/runtime/CONTRIBUTORS.md | 82 + .../github.com/go-openapi/runtime/README.md | 25 +- .../go-openapi/runtime/client/request.go | 38 +- .../go-openapi/runtime/client/runtime.go | 30 +- vendor/github.com/go-openapi/runtime/go.work | 2 +- .../github.com/go-openapi/runtime/go.work.sum | 109 - .../go-openapi/runtime/middleware/context.go | 3 +- .../go-openapi/runtime/middleware/router.go | 17 +- .../runtime/middleware/validation.go | 54 +- .../github.com/go-openapi/runtime/statuses.go | 2 +- vendor/github.com/go-openapi/spec/.gitignore | 1 - .../github.com/go-openapi/spec/.golangci.yml | 3 + .../go-openapi/spec/CONTRIBUTORS.md | 6 +- vendor/github.com/go-openapi/spec/README.md | 18 +- vendor/github.com/go-openapi/spec/header.go | 6 +- .../go-openapi/spec/schema_loader.go | 2 +- .../github.com/go-openapi/strfmt/.gitignore | 2 +- .../go-openapi/strfmt/.golangci.yml | 1 + .../go-openapi/strfmt/CONTRIBUTORS.md | 4 +- vendor/github.com/go-openapi/strfmt/README.md | 21 +- .../github.com/go-openapi/strfmt/default.go | 8 + .../github.com/go-openapi/strfmt/duration.go | 322 +- vendor/github.com/go-openapi/strfmt/go.work | 2 +- .../github.com/go-openapi/strfmt/go.work.sum | 16 - vendor/github.com/go-openapi/swag/.gitignore | 1 - .../go-openapi/swag/CONTRIBUTORS.md | 6 +- vendor/github.com/go-openapi/swag/README.md | 18 +- vendor/github.com/go-openapi/swag/SECURITY.md | 28 +- vendor/github.com/go-openapi/swag/go.work | 2 +- .../swag/jsonname/go_name_provider.go | 286 + .../go-openapi/swag/jsonname/ifaces.go | 14 + .../go-openapi/swag/jsonname/name_provider.go | 2 + .../github.com/go-openapi/swag/loading/doc.go | 24 + .../go-openapi/swag/loading/loading.go | 36 +- .../go-openapi/swag/loading/options.go | 47 +- .../go-openapi/validate/CONTRIBUTORS.md | 6 +- .../github.com/go-openapi/validate/README.md | 2 +- .../internal/estargz/estargz.go | 54 - .../go-containerregistry/internal/gzip/zip.go | 18 +- .../internal/limit/limit.go | 36 + .../pkg/authn/keychain.go | 3 +- .../go-containerregistry/pkg/name/registry.go | 8 +- .../pkg/name/repository.go | 9 +- .../pkg/v1/google/auth.go | 13 +- .../pkg/v1/google/list.go | 37 +- .../pkg/v1/layout/blob.go | 46 +- .../go-containerregistry/pkg/v1/manifest.go | 2 + .../pkg/v1/mutate/image.go | 141 +- .../pkg/v1/mutate/mutate.go | 154 +- .../pkg/v1/partial/with.go | 13 +- .../pkg/v1/remote/catalog.go | 2 +- .../pkg/v1/remote/fetcher.go | 131 +- .../pkg/v1/remote/image.go | 40 +- .../pkg/v1/remote/index.go | 8 +- .../internal/authchallenge}/authchallenge.go | 111 +- .../pkg/v1/remote/limiter.go | 55 + .../pkg/v1/remote/list.go | 70 +- .../pkg/v1/remote/options.go | 3 + .../pkg/v1/remote/pusher.go | 8 +- .../pkg/v1/remote/referrers.go | 4 +- .../pkg/v1/remote/transport/bearer.go | 94 +- .../pkg/v1/remote/transport/error.go | 16 +- .../pkg/v1/remote/transport/ping.go | 2 +- .../pkg/v1/remote/transport/scope.go | 6 +- .../pkg/v1/remote/write.go | 63 +- .../pkg/v1/tarball/image.go | 5 +- .../pkg/v1/tarball/layer.go | 57 +- .../pkg/v1/tarball/write.go | 28 +- .../client/client.go | 4 +- .../client/util/util.go | 2 +- .../googleapis/gax-go/v2/CHANGES.md | 9 + .../googleapis/gax-go/v2/feature.go | 8 +- .../googleapis/gax-go/v2/internal/version.go | 2 +- .../github.com/googleapis/gax-go/v2/invoke.go | 1 + .../googleapis/gax-go/v2/telemetry.go | 26 +- .../protoc-gen-openapiv2/options/BUILD.bazel | 2 +- .../grpc-gateway/v2/runtime/mux.go | 18 +- .../go-which/.release-please-manifest.json | 2 +- .../hairyhenderson/go-which/CHANGELOG.md | 15 + .../hairyhenderson/go-which/Dockerfile | 4 +- .../jedisct1/go-minisign/minisign.go | 10 +- .../github.com/jedisct1/go-minisign/sign.go | 383 + .../jellydator/ttlcache/v3/README.md | 12 +- .../jellydator/ttlcache/v3/cache.go | 30 +- .../klauspost/compress/.gitattributes | 1 + .../github.com/klauspost/compress/README.md | 1400 +-- .../klauspost/compress/fse/README.md | 156 +- .../klauspost/compress/huff0/README.md | 178 +- .../github.com/lestrrat-go/httprc/v3/Changes | 7 + .../lestrrat-go/httprc/v3/README.md | 52 + .../lestrrat-go/httprc/v3/resource.go | 4 + .../lestrrat-go/httprc/v3/whitelist.go | 23 + .../mattn/go-colorable/colorable_windows.go | 26 +- .../mattn/go-isatty/isatty_others.go | 4 +- .../mattn/go-isatty/isatty_windows.go | 15 +- .../github.com/mattn/go-runewidth/SECURITY.md | 25 + .../mattn/go-runewidth/runewidth.go | 203 +- .../opa/capabilities/v1.15.2.json | 4916 ++++++++++ .../opa/v1/version/version.go | 2 +- .../cgroups/.golangci-extra.yml | 8 + .../opencontainers/cgroups/CODEOWNERS | 2 +- .../opencontainers/cgroups/cgroups.go | 3 + .../opencontainers/cgroups/config_linux.go | 76 +- .../opencontainers/cgroups/config_rdma.go | 4 +- .../cgroups/devices/config/device.go | 4 +- .../opencontainers/cgroups/stats.go | 164 +- .../opencontainers/cgroups/utils.go | 2 +- .../opencontainers/cgroups/v1_utils.go | 2 +- .../runc/internal/pathrs/mkdirall.go | 18 +- .../internal/pathrs/mkdirall_pathrslite.go | 15 +- .../runc/internal/pathrs/root_pathrslite.go | 55 +- .../libcontainer/configs/cgroup_deprecated.go | 29 - .../runc/libcontainer/configs/config.go | 11 - .../runc/libcontainer/configs/config_linux.go | 26 +- .../runc/libcontainer/configs/memorypolicy.go | 19 - .../runc/libcontainer/configs/mount_linux.go | 6 +- .../runc/libcontainer/internal/userns/doc.go | 2 + .../internal/userns/usernsfd_linux.go | 3 +- .../runc/libcontainer/seccomp/config.go | 1 + .../runc/libcontainer/seccomp/doc.go | 3 + .../runc/libcontainer/seccomp/patchbpf/doc.go | 3 + .../seccomp/patchbpf/enosys_linux.go | 12 + .../libcontainer/seccomp/seccomp_linux.go | 5 + .../github.com/openshift/api/config/v1/doc.go | 1 + .../openshift/api/config/v1/register.go | 2 + .../api/config/v1/types_apiserver.go | 7 +- .../api/config/v1/types_authentication.go | 391 +- .../api/config/v1/types_cluster_operator.go | 5 +- .../api/config/v1/types_cluster_version.go | 25 +- .../types_crio_credential_provider_config.go | 186 + .../openshift/api/config/v1/types_image.go | 30 + .../api/config/v1/types_infrastructure.go | 35 +- .../api/config/v1/types_kmsencryption.go | 264 +- .../openshift/api/config/v1/types_network.go | 30 + .../api/config/v1/types_tlssecurityprofile.go | 122 +- .../api/config/v1/zz_generated.deepcopy.go | 443 +- ..._generated.featuregated-crd-manifests.yaml | 35 +- .../api/config/v1/zz_generated.model_name.go | 1566 +++ .../v1/zz_generated.swagger_doc_generated.go | 255 +- .../github.com/pelletier/go-toml/v2/README.md | 16 - .../github.com/pelletier/go-toml/v2/strict.go | 2 +- .../pelletier/go-toml/v2/unstable/parser.go | 15 +- .../pkg/apis/monitoring/register.go | 2 +- .../pkg/apis/monitoring/resource.go | 2 +- .../apis/monitoring/v1/alertmanager_types.go | 16 +- .../pkg/apis/monitoring/v1/dns_types.go | 2 +- .../pkg/apis/monitoring/v1/doc.go | 2 +- .../pkg/apis/monitoring/v1/http_config.go | 2 +- .../apis/monitoring/v1/podmonitor_types.go | 2 +- .../pkg/apis/monitoring/v1/probe_types.go | 2 +- .../apis/monitoring/v1/prometheus_types.go | 98 +- .../monitoring/v1/prometheusrule_types.go | 2 +- .../pkg/apis/monitoring/v1/register.go | 2 +- .../monitoring/v1/servicemonitor_types.go | 2 +- .../pkg/apis/monitoring/v1/thanos_types.go | 6 +- .../pkg/apis/monitoring/v1/tls_types.go | 39 +- .../pkg/apis/monitoring/v1/types.go | 2 +- .../monitoring/v1/zz_generated.deepcopy.go | 110 +- .../protocolbuffers/txtpbfmt/impl/impl.go | 13 + .../go-securesystemslib/dsse/envelope.go | 26 +- .../go-securesystemslib/dsse/verify.go | 22 +- .../cosign/v2/cmd/cosign/cli/verify/verify.go | 23 +- .../cosign/cli/verify/verify_attestation.go | 22 +- .../cli/verify/verify_blob_attestation.go | 41 +- .../sigstore/cosign/v2/pkg/cosign/verify.go | 4 +- .../gen/pb-go/bundle/v1/sigstore_bundle.pb.go | 104 +- .../gen/pb-go/common/v1/sigstore_common.pb.go | 278 +- .../gen/pb-go/dsse/envelope.pb.go | 36 +- .../gen/pb-go/rekor/v1/sigstore_rekor.pb.go | 105 +- .../trustroot/v1/sigstore_trustroot.pb.go | 221 +- .../sigstore/rekor/pkg/client/rekor_client.go | 34 + .../entries/create_log_entry_parameters.go | 3 - .../entries/create_log_entry_responses.go | 3 - .../client/entries/entries_client.go | 3 - .../get_log_entry_by_index_parameters.go | 3 - .../get_log_entry_by_index_responses.go | 3 - .../get_log_entry_by_uuid_parameters.go | 3 - .../get_log_entry_by_uuid_responses.go | 3 - .../entries/search_log_query_parameters.go | 3 - .../entries/search_log_query_responses.go | 3 - .../generated/client/index/index_client.go | 3 - .../client/index/search_index_parameters.go | 3 - .../client/index/search_index_responses.go | 3 - .../pubkey/get_public_key_parameters.go | 3 - .../client/pubkey/get_public_key_responses.go | 3 - .../generated/client/pubkey/pubkey_client.go | 3 - .../pkg/generated/client/rekor_client.go | 3 - .../client/tlog/get_log_info_parameters.go | 3 - .../client/tlog/get_log_info_responses.go | 3 - .../client/tlog/get_log_proof_parameters.go | 3 - .../client/tlog/get_log_proof_responses.go | 3 - .../pkg/generated/client/tlog/tlog_client.go | 3 - .../rekor/pkg/generated/models/alpine.go | 3 - .../pkg/generated/models/alpine_schema.go | 3 - .../generated/models/alpine_v001_schema.go | 3 - .../pkg/generated/models/consistency_proof.go | 3 - .../rekor/pkg/generated/models/cose.go | 3 - .../rekor/pkg/generated/models/cose_schema.go | 3 - .../pkg/generated/models/cose_v001_schema.go | 3 - .../rekor/pkg/generated/models/dsse.go | 3 - .../rekor/pkg/generated/models/dsse_schema.go | 3 - .../pkg/generated/models/dsse_v001_schema.go | 3 - .../rekor/pkg/generated/models/error.go | 3 - .../pkg/generated/models/hashedrekord.go | 3 - .../generated/models/hashedrekord_schema.go | 3 - .../models/hashedrekord_v001_schema.go | 3 - .../rekor/pkg/generated/models/helm.go | 3 - .../rekor/pkg/generated/models/helm_schema.go | 3 - .../pkg/generated/models/helm_v001_schema.go | 3 - .../models/inactive_shard_log_info.go | 3 - .../pkg/generated/models/inclusion_proof.go | 3 - .../rekor/pkg/generated/models/intoto.go | 3 - .../pkg/generated/models/intoto_schema.go | 3 - .../generated/models/intoto_v001_schema.go | 3 - .../generated/models/intoto_v002_schema.go | 3 - .../rekor/pkg/generated/models/jar.go | 3 - .../rekor/pkg/generated/models/jar_schema.go | 3 - .../pkg/generated/models/jar_v001_schema.go | 3 - .../rekor/pkg/generated/models/log_entry.go | 3 - .../rekor/pkg/generated/models/log_info.go | 3 - .../pkg/generated/models/proposed_entry.go | 3 - .../rekor/pkg/generated/models/rekord.go | 3 - .../pkg/generated/models/rekord_schema.go | 3 - .../generated/models/rekord_v001_schema.go | 3 - .../rekor/pkg/generated/models/rfc3161.go | 3 - .../pkg/generated/models/rfc3161_schema.go | 3 - .../generated/models/rfc3161_v001_schema.go | 3 - .../rekor/pkg/generated/models/rpm.go | 3 - .../rekor/pkg/generated/models/rpm_schema.go | 3 - .../pkg/generated/models/rpm_v001_schema.go | 3 - .../pkg/generated/models/search_index.go | 3 - .../pkg/generated/models/search_log_query.go | 5 +- .../rekor/pkg/generated/models/tuf.go | 3 - .../rekor/pkg/generated/models/tuf_schema.go | 3 - .../pkg/generated/models/tuf_v001_schema.go | 3 - .../sigstore/rekor/pkg/types/dsse/dsse.go | 4 + .../sigstore/rekor/pkg/types/entries.go | 31 + .../pkg/types/hashedrekord/hashedrekord.go | 4 + .../sigstore/rekor/pkg/types/intoto/intoto.go | 4 + .../sigstore/rekor/pkg/types/rekord/rekord.go | 4 + .../sigstore/rekor/pkg/types/types.go | 12 +- .../sigstore/pkg/cryptoutils/privatekey.go | 34 + .../sigstore/pkg/oauth/interactive.go | 6 - .../sigstore/pkg/signature/dsse/dsse.go | 36 +- .../sigstore/pkg/signature/dsse/multidsse.go | 55 +- .../sigstore/pkg/signature/dsse/options.go | 53 + .../v2/pkg/verification/verify.go | 69 +- .../go-tuf/v2/metadata/marshal.go | 4 + .../go-tuf/v2/metadata/metadata.go | 21 +- vendor/github.com/vbatts/tar-split/LICENSE | 28 - .../vbatts/tar-split/archive/tar/common.go | 724 -- .../vbatts/tar-split/archive/tar/format.go | 307 - .../vbatts/tar-split/archive/tar/reader.go | 944 -- .../tar-split/archive/tar/stat_actime1.go | 20 - .../tar-split/archive/tar/stat_actime2.go | 20 - .../vbatts/tar-split/archive/tar/stat_unix.go | 96 - .../vbatts/tar-split/archive/tar/strconv.go | 326 - .../vbatts/tar-split/archive/tar/writer.go | 656 -- .../vektah/gqlparser/v2/parser/schema.go | 9 +- .../gqlparser/v2/validator/core/walk.go | 1 + .../v2/validator/rules/scalar_leafs.go | 58 +- .../rules/unique_directives_per_location.go | 2 +- .../validator/rules/values_of_correct_type.go | 16 +- .../rules/variables_in_allowed_position.go | 29 + .../vektah/gqlparser/v2/validator/schema.go | 54 +- .../gqlparser/v2/validator/schema_test.yml | 59 + .../vektah/gqlparser/v2/validator/vars.go | 13 +- vendor/github.com/youmark/pkcs8/.gitignore | 23 + vendor/github.com/youmark/pkcs8/LICENSE | 21 + vendor/github.com/youmark/pkcs8/README | 1 + vendor/github.com/youmark/pkcs8/README.md | 22 + vendor/github.com/youmark/pkcs8/cipher.go | 60 + .../github.com/youmark/pkcs8/cipher_3des.go | 24 + vendor/github.com/youmark/pkcs8/cipher_aes.go | 84 + vendor/github.com/youmark/pkcs8/kdf_pbkdf2.go | 91 + vendor/github.com/youmark/pkcs8/kdf_scrypt.go | 62 + vendor/github.com/youmark/pkcs8/pkcs8.go | 309 + .../http/otelhttp/internal/semconv/server.go | 4 +- .../net/http/otelhttp/version.go | 2 +- vendor/go.opentelemetry.io/otel/.golangci.yml | 11 + vendor/go.opentelemetry.io/otel/CHANGELOG.md | 46 +- vendor/go.opentelemetry.io/otel/Makefile | 4 + vendor/go.opentelemetry.io/otel/RELEASING.md | 41 +- .../otel/attribute/encoder.go | 4 +- .../otel/attribute/hash.go | 4 +- .../otel/attribute/internal/attribute.go | 103 +- .../go.opentelemetry.io/otel/attribute/kv.go | 2 +- .../otel/attribute/type_string.go | 6 +- .../otel/attribute/value.go | 61 +- .../otel/dependencies.Dockerfile | 2 +- .../internal/tracetransform/attribute.go | 1 + .../otlptracegrpc/internal/version.go | 2 +- .../otel/exporters/otlp/otlptrace/version.go | 2 +- .../otel/sdk/internal/x/features.go | 15 + .../otel/sdk/resource/config.go | 8 + .../otel/sdk/resource/host_id.go | 10 +- .../otel/sdk/resource/resource.go | 19 +- .../otel/sdk/trace/batch_span_processor.go | 6 +- .../otel/sdk/trace/internal/observ/tracer.go | 8 + .../otel/sdk/trace/provider.go | 9 +- .../otel/sdk/trace/sampling.go | 36 +- .../go.opentelemetry.io/otel/sdk/version.go | 2 +- .../go.opentelemetry.io/otel/trace/trace.go | 19 + vendor/go.opentelemetry.io/otel/version.go | 2 +- vendor/go.opentelemetry.io/otel/versions.yaml | 9 +- .../common/pkg/seccomp/default_linux.go | 12 +- .../common/pkg/seccomp/seccomp.json | 12 +- vendor/go.uber.org/zap/CHANGELOG.md | 4 + vendor/go.uber.org/zap/zapcore/entry.go | 32 +- vendor/golang.org/x/crypto/blake2b/go125.go | 11 - .../chacha20poly1305_amd64.go | 6 +- .../chacha20poly1305/chacha20poly1305_amd64.s | 8664 ++++------------- vendor/golang.org/x/crypto/hkdf/hkdf.go | 21 +- vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go | 73 +- vendor/golang.org/x/crypto/pkcs12/crypto.go | 4 + vendor/golang.org/x/crypto/pkcs12/mac.go | 8 + vendor/golang.org/x/crypto/ssh/certs.go | 18 +- vendor/golang.org/x/crypto/ssh/channel.go | 68 +- vendor/golang.org/x/crypto/ssh/cipher.go | 4 +- vendor/golang.org/x/crypto/ssh/client.go | 85 + vendor/golang.org/x/crypto/ssh/client_auth.go | 74 +- vendor/golang.org/x/crypto/ssh/connection.go | 10 +- vendor/golang.org/x/crypto/ssh/control.go | 155 + vendor/golang.org/x/crypto/ssh/kex.go | 75 +- vendor/golang.org/x/crypto/ssh/keys.go | 99 +- vendor/golang.org/x/crypto/ssh/mux.go | 39 +- vendor/golang.org/x/crypto/ssh/server.go | 165 +- vendor/golang.org/x/crypto/ssh/session.go | 3 + vendor/golang.org/x/net/http2/README.md | 19 + .../x/net/http2/client_conn_pool.go | 14 +- vendor/golang.org/x/net/http2/clientconn.go | 57 + vendor/golang.org/x/net/http2/config.go | 2 + vendor/golang.org/x/net/http2/http2.go | 2 +- vendor/golang.org/x/net/http2/server.go | 214 +- .../golang.org/x/net/http2/server_common.go | 221 + vendor/golang.org/x/net/http2/server_wrap.go | 217 + vendor/golang.org/x/net/http2/transport.go | 462 +- .../x/net/http2/transport_common.go | 447 + .../golang.org/x/net/http2/transport_wrap.go | 392 + vendor/golang.org/x/net/http2/writesched.go | 46 +- .../x/net/http2/writesched_common.go | 90 + .../net/http2/writesched_priority_rfc7540.go | 43 +- .../net/http2/writesched_priority_rfc9218.go | 2 + .../x/net/http2/writesched_random.go | 2 + .../x/net/http2/writesched_roundrobin.go | 2 + vendor/golang.org/x/net/idna/go118.go | 13 - .../x/net/idna/{idna10.0.0.go => idna.go} | 181 +- vendor/golang.org/x/net/idna/idna9.0.0.go | 717 -- vendor/golang.org/x/net/idna/pre_go118.go | 11 - vendor/golang.org/x/net/idna/punycode.go | 5 +- vendor/golang.org/x/net/idna/tables10.0.0.go | 4559 --------- vendor/golang.org/x/net/idna/tables11.0.0.go | 4653 --------- vendor/golang.org/x/net/idna/tables12.0.0.go | 4733 --------- vendor/golang.org/x/net/idna/tables13.0.0.go | 4959 ---------- vendor/golang.org/x/net/idna/tables15.0.0.go | 2 +- vendor/golang.org/x/net/idna/tables17.0.0.go | 5302 ++++++++++ vendor/golang.org/x/net/idna/tables9.0.0.go | 4486 --------- vendor/golang.org/x/net/idna/trie12.0.0.go | 30 - vendor/golang.org/x/net/idna/trie13.0.0.go | 30 - .../x/net/internal/httpcommon/request.go | 8 + vendor/golang.org/x/sync/errgroup/errgroup.go | 2 +- .../golang.org/x/sync/semaphore/semaphore.go | 10 +- .../x/sync/singleflight/singleflight.go | 8 +- vendor/golang.org/x/sys/cpu/cpu.go | 19 +- .../x/sys/cpu/cpu_darwin_arm64_other.go | 2 + .../golang.org/x/sys/cpu/cpu_linux_riscv64.go | 2 + vendor/golang.org/x/sys/cpu/cpu_loong64.go | 16 +- vendor/golang.org/x/sys/cpu/cpu_riscv64.go | 1 + vendor/golang.org/x/sys/cpu/cpu_windows.go | 26 + .../golang.org/x/sys/cpu/cpu_windows_arm64.go | 24 +- vendor/golang.org/x/sys/cpu/zcpu_windows.go | 48 + .../golang.org/x/sys/unix/affinity_linux.go | 128 +- vendor/golang.org/x/sys/unix/mkall.sh | 2 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 3 + vendor/golang.org/x/sys/unix/readv_unix.go | 103 + .../golang.org/x/sys/unix/syscall_darwin.go | 89 - vendor/golang.org/x/sys/unix/syscall_linux.go | 114 +- .../x/sys/unix/syscall_linux_arm.go | 3 + .../x/sys/unix/syscall_linux_arm64.go | 3 + .../x/sys/unix/syscall_linux_loong64.go | 3 + .../x/sys/unix/syscall_linux_riscv64.go | 3 + .../golang.org/x/sys/unix/syscall_openbsd.go | 4 + vendor/golang.org/x/sys/unix/zerrors_linux.go | 61 +- .../x/sys/unix/zerrors_linux_386.go | 7 +- .../x/sys/unix/zerrors_linux_amd64.go | 7 +- .../x/sys/unix/zerrors_linux_arm.go | 7 +- .../x/sys/unix/zerrors_linux_arm64.go | 7 +- .../x/sys/unix/zerrors_linux_loong64.go | 7 +- .../x/sys/unix/zerrors_linux_mips.go | 7 +- .../x/sys/unix/zerrors_linux_mips64.go | 7 +- .../x/sys/unix/zerrors_linux_mips64le.go | 7 +- .../x/sys/unix/zerrors_linux_mipsle.go | 7 +- .../x/sys/unix/zerrors_linux_ppc.go | 7 +- .../x/sys/unix/zerrors_linux_ppc64.go | 7 +- .../x/sys/unix/zerrors_linux_ppc64le.go | 7 +- .../x/sys/unix/zerrors_linux_riscv64.go | 1114 +-- .../x/sys/unix/zerrors_linux_s390x.go | 7 +- .../x/sys/unix/zerrors_linux_sparc64.go | 7 +- .../golang.org/x/sys/unix/zsyscall_linux.go | 12 +- .../x/sys/unix/zsyscall_openbsd_386.go | 84 + .../x/sys/unix/zsyscall_openbsd_386.s | 20 + .../x/sys/unix/zsyscall_openbsd_amd64.go | 84 + .../x/sys/unix/zsyscall_openbsd_amd64.s | 20 + .../x/sys/unix/zsyscall_openbsd_arm.go | 84 + .../x/sys/unix/zsyscall_openbsd_arm.s | 20 + .../x/sys/unix/zsyscall_openbsd_arm64.go | 84 + .../x/sys/unix/zsyscall_openbsd_arm64.s | 20 + .../x/sys/unix/zsyscall_openbsd_mips64.go | 84 + .../x/sys/unix/zsyscall_openbsd_mips64.s | 20 + .../x/sys/unix/zsyscall_openbsd_ppc64.go | 84 + .../x/sys/unix/zsyscall_openbsd_ppc64.s | 24 + .../x/sys/unix/zsyscall_openbsd_riscv64.go | 84 + .../x/sys/unix/zsyscall_openbsd_riscv64.s | 20 + .../x/sys/unix/zsysnum_linux_386.go | 4 + .../x/sys/unix/zsysnum_linux_amd64.go | 5 + .../x/sys/unix/zsysnum_linux_arm.go | 4 + .../x/sys/unix/zsysnum_linux_arm64.go | 4 + .../x/sys/unix/zsysnum_linux_loong64.go | 5 + .../x/sys/unix/zsysnum_linux_mips.go | 4 + .../x/sys/unix/zsysnum_linux_mips64.go | 4 + .../x/sys/unix/zsysnum_linux_mips64le.go | 4 + .../x/sys/unix/zsysnum_linux_mipsle.go | 4 + .../x/sys/unix/zsysnum_linux_ppc.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 4 + .../x/sys/unix/zsysnum_linux_riscv64.go | 4 + .../x/sys/unix/zsysnum_linux_s390x.go | 4 + .../x/sys/unix/zsysnum_linux_sparc64.go | 5 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 123 +- .../golang.org/x/sys/unix/ztypes_linux_386.go | 12 + .../x/sys/unix/ztypes_linux_amd64.go | 12 + .../golang.org/x/sys/unix/ztypes_linux_arm.go | 12 + .../x/sys/unix/ztypes_linux_arm64.go | 12 + .../x/sys/unix/ztypes_linux_loong64.go | 12 + .../x/sys/unix/ztypes_linux_mips.go | 12 + .../x/sys/unix/ztypes_linux_mips64.go | 12 + .../x/sys/unix/ztypes_linux_mips64le.go | 12 + .../x/sys/unix/ztypes_linux_mipsle.go | 12 + .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 12 + .../x/sys/unix/ztypes_linux_ppc64.go | 12 + .../x/sys/unix/ztypes_linux_ppc64le.go | 12 + .../x/sys/unix/ztypes_linux_riscv64.go | 12 + .../x/sys/unix/ztypes_linux_s390x.go | 12 + .../x/sys/unix/ztypes_linux_sparc64.go | 12 + .../golang.org/x/sys/windows/dll_windows.go | 37 +- .../x/sys/windows/security_windows.go | 6 +- .../x/sys/windows/syscall_windows.go | 16 +- .../golang.org/x/sys/windows/types_windows.go | 33 +- .../x/sys/windows/zsyscall_windows.go | 71 + vendor/golang.org/x/tools/go/ast/edge/edge.go | 24 +- .../golang.org/x/tools/go/packages/golist.go | 17 +- .../x/tools/go/packages/packages.go | 30 +- .../x/tools/go/types/objectpath/objectpath.go | 563 +- .../x/tools/internal/gcimporter/iexport.go | 3 + .../x/tools/internal/gcimporter/iimport.go | 26 +- .../gcimporter/{ureader_yes.go => ureader.go} | 134 +- .../x/tools/internal/gocommand/version.go | 8 +- .../x/tools/internal/imports/fix.go | 7 +- .../x/tools/internal/imports/imports.go | 4 + .../x/tools/internal/imports/mod.go | 6 +- .../tools/internal/imports/source_modindex.go | 100 - .../x/tools/internal/modindex/directories.go | 131 - .../x/tools/internal/modindex/index.go | 292 - .../x/tools/internal/modindex/lookup.go | 184 - .../x/tools/internal/modindex/modindex.go | 119 - .../x/tools/internal/modindex/symbols.go | 244 - .../x/tools/internal/pkgbits/version.go | 17 + .../x/tools/internal/typeparams/coretype.go | 8 +- .../x/tools/internal/typesinternal/element.go | 8 +- .../x/tools/internal/typesinternal/types.go | 76 + .../x/tools/internal/versions/features.go | 1 + .../google.golang.org/api/idtoken/idtoken.go | 50 +- .../google.golang.org/api/internal/version.go | 2 +- .../googleapis/api/annotations/client.pb.go | 1066 +- .../api/expr/v1alpha1/checked.pb.go | 795 +- .../googleapis/api/expr/v1alpha1/eval.pb.go | 282 +- .../api/expr/v1alpha1/explain.pb.go | 122 +- .../googleapis/api/expr/v1alpha1/syntax.pb.go | 974 +- .../googleapis/api/expr/v1alpha1/value.pb.go | 369 +- .../genproto/googleapis/rpc/code/code.pb.go | 2 +- .../rpc/errdetails/error_details.pb.go | 10 +- .../googleapis/rpc/status/status.pb.go | 7 +- .../grpc/attributes/attributes.go | 77 +- .../grpc/balancer/balancer.go | 32 +- .../grpc/balancer/base/balancer.go | 6 +- .../endpointsharding/endpointsharding.go | 11 +- .../grpc/balancer/pickfirst/pickfirst.go | 14 +- .../grpc_binarylog_v1/binarylog.pb.go | 2 +- vendor/google.golang.org/grpc/clientconn.go | 48 +- .../grpc/cmd/protoc-gen-go-grpc/grpc.go | 146 +- .../grpc/cmd/protoc-gen-go-grpc/main.go | 4 +- .../protoc-gen-go-grpc_test.sh | 2 +- .../google.golang.org/grpc/credentials/tls.go | 18 +- vendor/google.golang.org/grpc/dialoptions.go | 31 +- .../grpc/encoding/encoding.go | 3 + .../grpc/encoding/gzip/gzip.go | 14 +- .../balancer/weight/weight.go | 36 +- .../grpc/experimental/stats/metrics.go | 17 + .../grpc/health/grpc_health_v1/health.pb.go | 2 +- .../health/grpc_health_v1/health_grpc.pb.go | 2 +- .../grpc/internal/envconfig/envconfig.go | 126 +- .../grpc/internal/envconfig/xds.go | 20 + .../grpc/internal/grpcutil/encode_duration.go | 1 - .../grpc/internal/mem/buffer_pool.go | 349 + .../grpc/internal/resolver/config_selector.go | 30 +- .../grpc/internal/stats/labels.go | 60 +- .../grpc/internal/transport/client_stream.go | 36 +- .../grpc/internal/transport/controlbuf.go | 45 +- .../grpc/internal/transport/defaults.go | 1 + .../grpc/internal/transport/flowcontrol.go | 10 +- .../grpc/internal/transport/handler_server.go | 4 +- .../grpc/internal/transport/http2_client.go | 66 +- .../grpc/internal/transport/http2_server.go | 18 +- .../grpc/internal/transport/http_util.go | 54 +- .../internal/internal.go} | 20 +- .../transport/readyreader/raw_conn_linux.go | 39 + .../readyreader/raw_conn_nonlinux.go | 35 + .../transport/readyreader/ready_reader.go | 253 + .../grpc/internal/transport/transport.go | 22 + .../google.golang.org/grpc/mem/buffer_pool.go | 167 +- .../grpc/mem/buffer_slice.go | 2 +- vendor/google.golang.org/grpc/mem/buffers.go | 40 + .../google.golang.org/grpc/picker_wrapper.go | 4 +- vendor/google.golang.org/grpc/resolver/map.go | 34 + vendor/google.golang.org/grpc/rpc_util.go | 62 +- vendor/google.golang.org/grpc/server.go | 53 +- vendor/google.golang.org/grpc/stream.go | 3 +- vendor/google.golang.org/grpc/version.go | 2 +- vendor/gopkg.in/ini.v1/.golangci.yml | 5 - vendor/gopkg.in/ini.v1/data_source.go | 5 +- vendor/gopkg.in/ini.v1/file.go | 3 +- vendor/gopkg.in/ini.v1/key.go | 51 +- vendor/gopkg.in/ini.v1/struct.go | 38 +- .../apimachinery/pkg/api/validate/union.go | 15 +- .../pkg/api/validation/objectmeta.go | 2 +- .../pkg/internal/serialization.go | 2 +- .../go-json-experiment/json/README.md | 246 +- .../go-json-experiment/json/arshal.go | 521 +- .../go-json-experiment/json/arshal_any.go | 281 +- .../go-json-experiment/json/arshal_default.go | 1467 ++- .../go-json-experiment/json/arshal_funcs.go | 207 +- .../go-json-experiment/json/arshal_inlined.go | 121 +- .../go-json-experiment/json/arshal_methods.go | 326 +- .../go-json-experiment/json/arshal_time.go | 844 +- .../go-json-experiment/json/decode.go | 1655 ---- .../go-json-experiment/json/doc.go | 226 +- .../go-json-experiment/json/encode.go | 1170 --- .../go-json-experiment/json/errors.go | 407 +- .../go-json-experiment/json/fields.go | 501 +- .../go-json-experiment/json/intern.go | 6 +- .../json/internal/internal.go | 40 + .../json/internal/jsonflags/flags.go | 213 + .../json/internal/jsonopts/options.go | 200 + .../json/internal/jsonwire/decode.go | 627 ++ .../json/internal/jsonwire/encode.go | 288 + .../json/internal/jsonwire/wire.go | 215 + .../json/jsontext/decode.go | 1177 +++ .../go-json-experiment/json/jsontext/doc.go | 109 + .../json/jsontext/encode.go | 975 ++ .../json/jsontext/errors.go | 180 + .../json/jsontext/export.go | 75 + .../json/jsontext/options.go | 302 + .../json/{ => jsontext}/pools.go | 90 +- .../go-json-experiment/json/jsontext/quote.go | 39 + .../json/{ => jsontext}/state.go | 445 +- .../json/{ => jsontext}/token.go | 85 +- .../go-json-experiment/json/jsontext/value.go | 393 + .../go-json-experiment/json/migrate.sh | 48 + .../go-json-experiment/json/options.go | 287 + .../go-json-experiment/json/value.go | 381 - .../kube-openapi/pkg/schemaconv/openapi.go | 6 +- .../pkg/schemaconv/proto_models.go | 10 +- .../k8s.io/kube-openapi/pkg/spec3/encoding.go | 13 +- .../k8s.io/kube-openapi/pkg/spec3/example.go | 13 +- .../pkg/spec3/external_documentation.go | 13 +- .../k8s.io/kube-openapi/pkg/spec3/header.go | 13 +- .../kube-openapi/pkg/spec3/media_type.go | 13 +- .../kube-openapi/pkg/spec3/operation.go | 13 +- .../kube-openapi/pkg/spec3/parameter.go | 13 +- vendor/k8s.io/kube-openapi/pkg/spec3/path.go | 25 +- .../kube-openapi/pkg/spec3/request_body.go | 13 +- .../k8s.io/kube-openapi/pkg/spec3/response.go | 47 +- .../kube-openapi/pkg/spec3/security_scheme.go | 7 +- .../k8s.io/kube-openapi/pkg/spec3/server.go | 25 +- vendor/k8s.io/kube-openapi/pkg/spec3/spec.go | 5 +- .../pkg/validation/spec/header.go | 13 +- .../kube-openapi/pkg/validation/spec/info.go | 13 +- .../kube-openapi/pkg/validation/spec/items.go | 13 +- .../pkg/validation/spec/operation.go | 13 +- .../pkg/validation/spec/parameter.go | 13 +- .../pkg/validation/spec/path_item.go | 15 +- .../kube-openapi/pkg/validation/spec/paths.go | 11 +- .../pkg/validation/spec/response.go | 15 +- .../pkg/validation/spec/responses.go | 17 +- .../pkg/validation/spec/schema.go | 13 +- .../pkg/validation/spec/security_scheme.go | 13 +- .../pkg/validation/spec/swagger.go | 59 +- .../kube-openapi/pkg/validation/spec/tag.go | 13 +- vendor/k8s.io/utils/ptr/OWNERS | 2 + vendor/modules.txt | 360 +- vendor/oras.land/oras-go/v2/.goreleaser.yaml | 26 + vendor/oras.land/oras-go/v2/CODEOWNERS | 2 +- vendor/oras.land/oras-go/v2/Makefile | 2 - vendor/oras.land/oras-go/v2/OWNERS.md | 6 +- vendor/oras.land/oras-go/v2/README.md | 2 +- vendor/oras.land/oras-go/v2/RELEASES.md | 108 + .../oras.land/oras-go/v2/content/file/file.go | 60 +- vendor/oras.land/oras-go/v2/content/reader.go | 8 +- .../oras-go/v2/internal/cas/memory.go | 2 +- .../oras-go/v2/internal/graph/memory.go | 64 +- .../oras-go/v2/internal/syncutil/once.go | 4 +- .../oras-go/v2/registry/remote/auth/cache.go | 2 +- .../oras-go/v2/registry/remote/auth/client.go | 102 +- .../oras-go/v2/registry/remote/auth/scope.go | 2 +- .../oras-go/v2/registry/remote/manifest.go | 8 +- .../oras-go/v2/registry/remote/referrers.go | 4 +- .../oras-go/v2/registry/remote/repository.go | 29 + .../release-utils/command/command.go | 2 +- .../release-utils/helpers/common.go | 9 +- .../release-utils/helpers/tablewriter.go | 6 +- 909 files changed, 56197 insertions(+), 60833 deletions(-) create mode 100644 vendor/cyphar.com/go-pathrs/version_linux.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/aws/restrict_file_permissions.go rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/errors.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/ini.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/parse.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/sections.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/strings.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/token.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/tokenize.go (100%) rename vendor/github.com/aws/aws-sdk-go-v2/{ => config}/internal/ini/value.go (100%) create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter_eventstream.go delete mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md rename vendor/github.com/aws/aws-sdk-go-v2/internal/{ini => v4a}/LICENSE.txt (100%) create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/credentials.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/error.go rename vendor/github.com/aws/aws-sdk-go-v2/internal/{ini => v4a}/go_module_metadata.go (74%) create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/compare.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/ecc.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/const.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/header_rules.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/headers.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/hmac.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/host.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/time.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/util.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/presign_middleware.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_DeleteConsoleAuthorizationConfiguration.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_DeleteResourcePermissionStatement.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_GetConsoleAuthorizationConfiguration.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_GetResourcePolicy.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_ListResourcePermissionStatements.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_PutConsoleAuthorizationConfiguration.go create mode 100644 vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_PutResourcePermissionStatement.go create mode 100644 vendor/github.com/aws/smithy-go/AGENTS.md create mode 100644 vendor/github.com/aws/smithy-go/endpoints/private/bdd/evaluate.go create mode 100644 vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go create mode 100644 vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/string_slice.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/const.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/debug.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/decode.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/deserializer.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/encode.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/error.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/header.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/header_value.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/message.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/serializer.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/signer.go create mode 100644 vendor/github.com/aws/smithy-go/eventstream/types.go create mode 100644 vendor/github.com/aws/smithy-go/schema.go create mode 100644 vendor/github.com/aws/smithy-go/schema_ext.go create mode 100644 vendor/github.com/aws/smithy-go/serde.go create mode 100644 vendor/github.com/aws/smithy-go/sync/error.go create mode 100644 vendor/github.com/aws/smithy-go/trait.go create mode 100644 vendor/github.com/aws/smithy-go/traits/http.go create mode 100644 vendor/github.com/aws/smithy-go/traits/index.go create mode 100644 vendor/github.com/aws/smithy-go/traits/serde.go create mode 100644 vendor/github.com/aws/smithy-go/traits/traits.go create mode 100644 vendor/github.com/aws/smithy-go/transport/http/eventstream.go create mode 100644 vendor/github.com/aws/smithy-go/transport/http/eventstream_middleware.go create mode 100644 vendor/github.com/aws/smithy-go/transport/http/protocol.go create mode 100644 vendor/github.com/aws/smithy-go/type_registry.go delete mode 100644 vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE delete mode 100644 vendor/github.com/containerd/stargz-snapshotter/estargz/build.go delete mode 100644 vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go delete mode 100644 vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go delete mode 100644 vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go delete mode 100644 vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go delete mode 100644 vendor/github.com/containerd/stargz-snapshotter/estargz/types.go delete mode 100644 vendor/github.com/docker/distribution/LICENSE delete mode 100644 vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go delete mode 100644 vendor/github.com/fsnotify/fsnotify/.cirrus.yml delete mode 100644 vendor/github.com/go-openapi/analysis/go.work.sum create mode 100644 vendor/github.com/go-openapi/analysis/options.go delete mode 100644 vendor/github.com/go-openapi/jsonpointer/.cliff.toml create mode 100644 vendor/github.com/go-openapi/jsonpointer/ifaces.go create mode 100644 vendor/github.com/go-openapi/jsonpointer/options.go create mode 100644 vendor/github.com/go-openapi/runtime/CONTRIBUTORS.md delete mode 100644 vendor/github.com/go-openapi/runtime/go.work.sum delete mode 100644 vendor/github.com/go-openapi/strfmt/go.work.sum create mode 100644 vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go create mode 100644 vendor/github.com/go-openapi/swag/jsonname/ifaces.go delete mode 100644 vendor/github.com/google/go-containerregistry/internal/estargz/estargz.go create mode 100644 vendor/github.com/google/go-containerregistry/internal/limit/limit.go rename vendor/github.com/{docker/distribution/registry/client/auth/challenge => google/go-containerregistry/pkg/v1/remote/internal/authchallenge}/authchallenge.go (65%) create mode 100644 vendor/github.com/google/go-containerregistry/pkg/v1/remote/limiter.go create mode 100644 vendor/github.com/jedisct1/go-minisign/sign.go create mode 100644 vendor/github.com/mattn/go-runewidth/SECURITY.md create mode 100644 vendor/github.com/open-policy-agent/opa/capabilities/v1.15.2.json delete mode 100644 vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_deprecated.go create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/internal/userns/doc.go create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/seccomp/doc.go create mode 100644 vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/doc.go create mode 100644 vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go create mode 100644 vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go create mode 100644 vendor/github.com/sigstore/sigstore/pkg/signature/dsse/options.go delete mode 100644 vendor/github.com/vbatts/tar-split/LICENSE delete mode 100644 vendor/github.com/vbatts/tar-split/archive/tar/common.go delete mode 100644 vendor/github.com/vbatts/tar-split/archive/tar/format.go delete mode 100644 vendor/github.com/vbatts/tar-split/archive/tar/reader.go delete mode 100644 vendor/github.com/vbatts/tar-split/archive/tar/stat_actime1.go delete mode 100644 vendor/github.com/vbatts/tar-split/archive/tar/stat_actime2.go delete mode 100644 vendor/github.com/vbatts/tar-split/archive/tar/stat_unix.go delete mode 100644 vendor/github.com/vbatts/tar-split/archive/tar/strconv.go delete mode 100644 vendor/github.com/vbatts/tar-split/archive/tar/writer.go create mode 100644 vendor/github.com/youmark/pkcs8/.gitignore create mode 100644 vendor/github.com/youmark/pkcs8/LICENSE create mode 100644 vendor/github.com/youmark/pkcs8/README create mode 100644 vendor/github.com/youmark/pkcs8/README.md create mode 100644 vendor/github.com/youmark/pkcs8/cipher.go create mode 100644 vendor/github.com/youmark/pkcs8/cipher_3des.go create mode 100644 vendor/github.com/youmark/pkcs8/cipher_aes.go create mode 100644 vendor/github.com/youmark/pkcs8/kdf_pbkdf2.go create mode 100644 vendor/github.com/youmark/pkcs8/kdf_scrypt.go create mode 100644 vendor/github.com/youmark/pkcs8/pkcs8.go delete mode 100644 vendor/golang.org/x/crypto/blake2b/go125.go create mode 100644 vendor/golang.org/x/crypto/ssh/control.go create mode 100644 vendor/golang.org/x/net/http2/README.md create mode 100644 vendor/golang.org/x/net/http2/clientconn.go create mode 100644 vendor/golang.org/x/net/http2/server_common.go create mode 100644 vendor/golang.org/x/net/http2/server_wrap.go create mode 100644 vendor/golang.org/x/net/http2/transport_common.go create mode 100644 vendor/golang.org/x/net/http2/transport_wrap.go create mode 100644 vendor/golang.org/x/net/http2/writesched_common.go delete mode 100644 vendor/golang.org/x/net/idna/go118.go rename vendor/golang.org/x/net/idna/{idna10.0.0.go => idna.go} (81%) delete mode 100644 vendor/golang.org/x/net/idna/idna9.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/pre_go118.go delete mode 100644 vendor/golang.org/x/net/idna/tables10.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/tables11.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/tables12.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/tables13.0.0.go create mode 100644 vendor/golang.org/x/net/idna/tables17.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/tables9.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/trie12.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/trie13.0.0.go create mode 100644 vendor/golang.org/x/sys/cpu/cpu_windows.go create mode 100644 vendor/golang.org/x/sys/cpu/zcpu_windows.go create mode 100644 vendor/golang.org/x/sys/unix/readv_unix.go rename vendor/golang.org/x/tools/internal/gcimporter/{ureader_yes.go => ureader.go} (85%) delete mode 100644 vendor/golang.org/x/tools/internal/imports/source_modindex.go delete mode 100644 vendor/golang.org/x/tools/internal/modindex/directories.go delete mode 100644 vendor/golang.org/x/tools/internal/modindex/index.go delete mode 100644 vendor/golang.org/x/tools/internal/modindex/lookup.go delete mode 100644 vendor/golang.org/x/tools/internal/modindex/modindex.go delete mode 100644 vendor/golang.org/x/tools/internal/modindex/symbols.go rename vendor/google.golang.org/grpc/{internal => experimental}/balancer/weight/weight.go (71%) create mode 100644 vendor/google.golang.org/grpc/internal/mem/buffer_pool.go rename vendor/google.golang.org/grpc/internal/{grpcutil/regex.go => transport/internal/internal.go} (59%) create mode 100644 vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go create mode 100644 vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go create mode 100644 vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go delete mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/decode.go delete mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/encode.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/internal.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonflags/flags.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonopts/options.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/decode.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/encode.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/internal/jsonwire/wire.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/decode.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/doc.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/encode.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/errors.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/export.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/options.go rename vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/{ => jsontext}/pools.go (64%) create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/quote.go rename vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/{ => jsontext}/state.go (63%) rename vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/{ => jsontext}/token.go (87%) create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/jsontext/value.go create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/migrate.sh create mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/options.go delete mode 100644 vendor/k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json/value.go create mode 100644 vendor/oras.land/oras-go/v2/.goreleaser.yaml create mode 100644 vendor/oras.land/oras-go/v2/RELEASES.md diff --git a/go.mod b/go.mod index ac5c0b3df9..93035033db 100644 --- a/go.mod +++ b/go.mod @@ -9,62 +9,62 @@ exclude golang.org/x/tools v0.38.0 require ( dario.cat/mergo v1.0.2 github.com/acobaugh/osrelease v0.1.0 - github.com/aquasecurity/libbpfgo v0.9.2-libbpf-1.5.1 + github.com/aquasecurity/libbpfgo v0.10.0-libbpf-1.5.1 github.com/blang/semver/v4 v4.0.0 - github.com/cert-manager/cert-manager v1.20.1 + github.com/cert-manager/cert-manager v1.20.3 github.com/go-logr/logr v1.4.3 github.com/google/go-cmp v0.7.0 - github.com/google/go-containerregistry v0.21.3 + github.com/google/go-containerregistry v0.21.7 github.com/google/uuid v1.6.0 - github.com/hairyhenderson/go-which v0.2.2 - github.com/jellydator/ttlcache/v3 v3.4.0 - github.com/maxbrunsfeld/counterfeiter/v6 v6.12.1 + github.com/hairyhenderson/go-which v0.2.3 + github.com/jellydator/ttlcache/v3 v3.4.1 + github.com/maxbrunsfeld/counterfeiter/v6 v6.12.2 github.com/mogensen/kubernetes-split-yaml v0.4.0 github.com/nxadm/tail v1.4.11 github.com/opencontainers/image-spec v1.1.1 - github.com/opencontainers/runc v1.4.1 + github.com/opencontainers/runc v1.5.0 github.com/opencontainers/runtime-spec v1.3.0 - github.com/openshift/api v0.0.0-20260330162214-96f1f5ac7ff2 + github.com/openshift/api v0.0.0-20260629123346-784126000268 github.com/pjbgf/go-apparmor v0.1.3-0.20241107184909-1375e5e7aa89 - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.90.1 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.91.0 github.com/prometheus/client_golang v1.23.2 github.com/prometheus/client_model v0.6.2 github.com/seccomp/libseccomp-golang v0.11.1 - github.com/sigstore/cosign/v2 v2.6.2 + github.com/sigstore/cosign/v2 v2.6.3 github.com/stretchr/testify v1.11.1 github.com/urfave/cli/v2 v2.27.7 - go.podman.io/common v0.67.0 - golang.org/x/mod v0.34.0 - golang.org/x/sync v0.20.0 + go.podman.io/common v0.68.0 + golang.org/x/mod v0.37.0 + golang.org/x/sync v0.21.0 gomodules.xyz/jsonpatch/v2 v2.5.0 - google.golang.org/grpc v1.79.3 - google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.1 + google.golang.org/grpc v1.82.0 + google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.2 google.golang.org/protobuf v1.36.11 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.35.3 - k8s.io/apimachinery v0.35.3 - k8s.io/cli-runtime v0.35.3 - k8s.io/client-go v0.35.3 + k8s.io/api v0.35.6 + k8s.io/apimachinery v0.35.6 + k8s.io/cli-runtime v0.35.6 + k8s.io/client-go v0.35.6 k8s.io/klog/v2 v2.140.0 - oras.land/oras-go/v2 v2.6.0 + oras.land/oras-go/v2 v2.6.1 sigs.k8s.io/controller-runtime v0.23.3 sigs.k8s.io/controller-tools v0.20.0 - sigs.k8s.io/release-utils v0.12.3 + sigs.k8s.io/release-utils v0.12.4 sigs.k8s.io/yaml v1.6.0 ) require ( - buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1 // indirect - cel.dev/expr v0.25.1 // indirect - cloud.google.com/go/auth v0.19.0 // indirect + buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260415201107-50325440f8f2.1 // indirect + cel.dev/expr v0.25.2 // indirect + cloud.google.com/go/auth v0.20.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/compute/metadata v0.9.0 // indirect - connectrpc.com/connect v1.19.1 // indirect - cuelabs.dev/go/oci/ociregistry v0.0.0-20251212221603-3adeb8663819 // indirect - cuelang.org/go v0.16.0 // indirect - cyphar.com/go-pathrs v0.2.4 // indirect + connectrpc.com/connect v1.19.2 // indirect + cuelabs.dev/go/oci/ociregistry v0.0.0-20260618065901-6befdbcb3cf6 // indirect + cuelang.org/go v0.16.1 // indirect + cyphar.com/go-pathrs v0.2.5 // indirect github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.20.0 // indirect github.com/AliyunContainerService/ack-ram-tool/pkg/ecsmetadata v0.0.10 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect @@ -94,26 +94,26 @@ require ( github.com/aliyun/credentials-go v1.4.12 // indirect github.com/antlr4-go/antlr/v4 v4.13.1 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2 v1.41.5 // indirect - github.com/aws/aws-sdk-go-v2/config v1.32.13 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.19.13 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 // indirect + github.com/aws/aws-sdk-go-v2 v1.42.0 // indirect + github.com/aws/aws-sdk-go-v2/config v1.32.26 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.19.25 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.29 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.29 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.29 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.30 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.56.2 // indirect - github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.13 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 // indirect - github.com/aws/aws-sdk-go-v2/service/signin v1.0.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.30.14 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.18 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.41.10 // indirect - github.com/aws/smithy-go v1.24.2 // indirect + github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.15 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.12 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.29 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.2.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.31.4 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.7 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.43.4 // indirect + github.com/aws/smithy-go v1.27.3 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.12.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect - github.com/buildkite/agent/v3 v3.121.0 // indirect + github.com/buildkite/agent/v3 v3.121.1 // indirect github.com/buildkite/go-pipeline v0.16.0 // indirect github.com/buildkite/interpolate v0.1.5 // indirect github.com/buildkite/roko v1.4.0 // indirect @@ -125,53 +125,52 @@ require ( github.com/clipperhouse/uax29/v2 v2.7.0 // indirect github.com/cockroachdb/apd/v3 v3.2.3 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect - github.com/containerd/stargz-snapshotter/estargz v0.18.2 // indirect - github.com/coreos/go-oidc/v3 v3.17.0 // indirect + github.com/coreos/go-oidc/v3 v3.18.0 // indirect github.com/coreos/go-systemd/v22 v22.7.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect - github.com/cyphar/filepath-securejoin v0.6.1 // indirect + github.com/cyphar/filepath-securejoin v0.7.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.1 // indirect github.com/digitorus/pkcs7 v0.0.0-20250730155240-ffadbf3f398c // indirect github.com/digitorus/timestamp v0.0.0-20250524132541-c45532741eea // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/docker/cli v29.3.1+incompatible // indirect - github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker-credential-helpers v0.9.5 // indirect + github.com/docker/cli v29.5.3+incompatible // indirect + github.com/docker/docker-credential-helpers v0.9.8 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/emicklei/proto v1.14.3 // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect github.com/fatih/color v1.19.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fsnotify/fsnotify v1.9.0 // indirect - github.com/fxamacker/cbor/v2 v2.9.1 // indirect + github.com/fsnotify/fsnotify v1.10.1 // indirect + github.com/fxamacker/cbor/v2 v2.9.2 // indirect github.com/go-chi/chi/v5 v5.2.5 // indirect - github.com/go-jose/go-jose/v4 v4.1.3 // indirect + github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.25.0 // indirect - github.com/go-openapi/errors v0.22.7 // indirect - github.com/go-openapi/jsonpointer v0.22.5 // indirect - github.com/go-openapi/jsonreference v0.21.5 // indirect - github.com/go-openapi/loads v0.23.3 // indirect - github.com/go-openapi/runtime v0.29.3 // indirect - github.com/go-openapi/spec v0.22.4 // indirect - github.com/go-openapi/strfmt v0.26.1 // indirect - github.com/go-openapi/swag v0.25.5 // indirect - github.com/go-openapi/swag/cmdutils v0.25.5 // indirect - github.com/go-openapi/swag/conv v0.25.5 // indirect - github.com/go-openapi/swag/fileutils v0.25.5 // indirect - github.com/go-openapi/swag/jsonname v0.25.5 // indirect - github.com/go-openapi/swag/jsonutils v0.25.5 // indirect - github.com/go-openapi/swag/loading v0.25.5 // indirect - github.com/go-openapi/swag/mangling v0.25.5 // indirect - github.com/go-openapi/swag/netutils v0.25.5 // indirect - github.com/go-openapi/swag/stringutils v0.25.5 // indirect - github.com/go-openapi/swag/typeutils v0.25.5 // indirect - github.com/go-openapi/swag/yamlutils v0.25.5 // indirect - github.com/go-openapi/validate v0.25.2 // indirect + github.com/go-openapi/analysis v0.25.3 // indirect + github.com/go-openapi/errors v0.22.8 // indirect + github.com/go-openapi/jsonpointer v0.23.2 // indirect + github.com/go-openapi/jsonreference v0.21.6 // indirect + github.com/go-openapi/loads v0.23.4 // indirect + github.com/go-openapi/runtime v0.29.5 // indirect + github.com/go-openapi/spec v0.22.6 // indirect + github.com/go-openapi/strfmt v0.26.4 // indirect + github.com/go-openapi/swag v0.26.1 // indirect + github.com/go-openapi/swag/cmdutils v0.26.1 // indirect + github.com/go-openapi/swag/conv v0.26.1 // indirect + github.com/go-openapi/swag/fileutils v0.26.1 // indirect + github.com/go-openapi/swag/jsonname v0.26.1 // indirect + github.com/go-openapi/swag/jsonutils v0.26.1 // indirect + github.com/go-openapi/swag/loading v0.26.1 // indirect + github.com/go-openapi/swag/mangling v0.26.1 // indirect + github.com/go-openapi/swag/netutils v0.26.1 // indirect + github.com/go-openapi/swag/stringutils v0.26.1 // indirect + github.com/go-openapi/swag/typeutils v0.26.1 // indirect + github.com/go-openapi/swag/yamlutils v0.26.1 // indirect + github.com/go-openapi/validate v0.25.3 // indirect github.com/go-piv/piv-go/v2 v2.5.0 // indirect + github.com/go-quicktest/qt v1.101.1-0.20240301121107-c6c8733fa1e6 // indirect github.com/go-viper/mapstructure/v2 v2.5.0 // indirect github.com/gobuffalo/flect v1.0.3 // indirect github.com/gobwas/glob v0.2.3 // indirect @@ -186,29 +185,29 @@ require ( github.com/google/go-github/v73 v73.0.0 // indirect github.com/google/go-querystring v1.2.0 // indirect github.com/google/s2a-go v0.1.9 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect - github.com/googleapis/gax-go/v2 v2.20.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.17 // indirect + github.com/googleapis/gax-go/v2 v2.22.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.8 // indirect github.com/in-toto/attestation v1.2.0 // indirect github.com/in-toto/in-toto-golang v0.10.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/jedisct1/go-minisign v0.0.0-20241212093149-d2f9f49435c7 // indirect + github.com/jedisct1/go-minisign v0.0.0-20260527172527-a09352b57a22 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.18.5 // indirect + github.com/klauspost/compress v1.18.7 // indirect github.com/lestrrat-go/blackmagic v1.0.4 // indirect github.com/lestrrat-go/dsig v1.0.0 // indirect github.com/lestrrat-go/dsig-secp256k1 v1.0.0 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect - github.com/lestrrat-go/httprc/v3 v3.0.5 // indirect + github.com/lestrrat-go/httprc/v3 v3.0.6 // indirect github.com/lestrrat-go/jwx/v3 v3.0.13 // indirect github.com/lestrrat-go/option/v2 v2.0.0 // indirect github.com/letsencrypt/boulder v0.20260324.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect - github.com/mattn/go-colorable v0.1.14 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.21 // indirect + github.com/mattn/go-colorable v0.1.15 // indirect + github.com/mattn/go-isatty v0.0.22 // indirect + github.com/mattn/go-runewidth v0.0.24 // indirect github.com/miekg/pkcs11 v1.1.2 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect @@ -226,32 +225,33 @@ require ( github.com/olekukonko/errors v1.2.0 // indirect github.com/olekukonko/ll v0.1.8 // indirect github.com/olekukonko/tablewriter v1.1.4 // indirect - github.com/open-policy-agent/opa v1.15.1 // indirect - github.com/opencontainers/cgroups v0.0.6 // indirect + github.com/open-policy-agent/opa v1.15.2 // indirect + github.com/opencontainers/cgroups v0.0.7 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/opencontainers/selinux v1.15.1 // indirect github.com/pborman/uuid v1.2.1 // indirect - github.com/pelletier/go-toml/v2 v2.3.0 // indirect + github.com/pelletier/go-toml/v2 v2.3.1 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/common v0.67.5 // indirect github.com/prometheus/procfs v0.20.1 // indirect - github.com/protocolbuffers/txtpbfmt v0.0.0-20260217160748-a481f6a22f94 // indirect + github.com/protocolbuffers/txtpbfmt v0.0.0-20260420112717-c39628bde8b5 // indirect github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 // indirect github.com/rogpeppe/go-internal v1.14.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sagikazarmark/locafero v0.12.0 // indirect github.com/sassoftware/relic v7.2.1+incompatible // indirect - github.com/secure-systems-lab/go-securesystemslib v0.10.0 // indirect + github.com/secure-systems-lab/go-securesystemslib v0.11.0 // indirect github.com/segmentio/asm v1.2.1 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect - github.com/sigstore/fulcio v1.8.5 // indirect - github.com/sigstore/protobuf-specs v0.5.0 // indirect - github.com/sigstore/rekor v1.5.1 // indirect + github.com/sigstore/fulcio v1.8.7 // indirect + github.com/sigstore/protobuf-specs v0.5.1 // indirect + github.com/sigstore/rekor v1.5.2 // indirect github.com/sigstore/rekor-tiles/v2 v2.2.1 // indirect - github.com/sigstore/sigstore v1.10.5 // indirect + github.com/sigstore/sigstore v1.10.8 // indirect github.com/sigstore/sigstore-go v1.1.4 // indirect - github.com/sigstore/timestamp-authority/v2 v2.0.5 // indirect + github.com/sigstore/timestamp-authority/v2 v2.0.6 // indirect github.com/sirupsen/logrus v1.9.4 // indirect github.com/spf13/afero v1.15.0 // indirect github.com/spf13/cast v1.10.0 // indirect @@ -264,56 +264,56 @@ require ( github.com/tchap/go-patricia/v2 v2.3.3 // indirect github.com/thales-e-security/pool v0.0.2 // indirect github.com/theupdateframework/go-tuf v0.7.0 // indirect - github.com/theupdateframework/go-tuf/v2 v2.4.1 // indirect + github.com/theupdateframework/go-tuf/v2 v2.4.2 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect - github.com/transparency-dev/formats v0.1.0 // indirect + github.com/transparency-dev/formats v0.1.1 // indirect github.com/transparency-dev/merkle v0.0.2 // indirect github.com/valyala/fastjson v1.6.10 // indirect - github.com/vbatts/tar-split v0.12.2 // indirect - github.com/vektah/gqlparser/v2 v2.5.32 // indirect + github.com/vektah/gqlparser/v2 v2.5.35 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 // indirect github.com/yashtewari/glob-intersection v0.2.0 // indirect + github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect gitlab.com/gitlab-org/api/client-go v1.46.0 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect - go.opentelemetry.io/otel v1.42.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.42.0 // indirect - go.opentelemetry.io/otel/metric v1.42.0 // indirect - go.opentelemetry.io/otel/sdk v1.42.0 // indirect - go.opentelemetry.io/otel/trace v1.42.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 // indirect + go.opentelemetry.io/otel v1.43.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 // indirect + go.opentelemetry.io/otel/metric v1.43.0 // indirect + go.opentelemetry.io/otel/sdk v1.43.0 // indirect + go.opentelemetry.io/otel/trace v1.43.0 // indirect go.opentelemetry.io/proto/otlp v1.10.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.27.1 // indirect + go.uber.org/zap v1.28.0 // indirect go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.49.0 // indirect - golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 // indirect - golang.org/x/net v0.52.0 // indirect + golang.org/x/crypto v0.53.0 // indirect + golang.org/x/exp v0.0.0-20260611194520-c48552f49976 // indirect + golang.org/x/net v0.56.0 // indirect golang.org/x/oauth2 v0.36.0 // indirect - golang.org/x/sys v0.42.0 // indirect - golang.org/x/term v0.41.0 // indirect - golang.org/x/text v0.35.0 // indirect + golang.org/x/sys v0.46.0 // indirect + golang.org/x/term v0.44.0 // indirect + golang.org/x/text v0.38.0 // indirect golang.org/x/time v0.15.0 // indirect - golang.org/x/tools v0.43.0 // indirect - google.golang.org/api v0.273.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20260330182312-d5a96adf58d8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20260330182312-d5a96adf58d8 // indirect + golang.org/x/tools v0.46.0 // indirect + google.golang.org/api v0.280.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260622175928-b703f567277d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260622175928-b703f567277d // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/ini.v1 v1.67.1 // indirect + gopkg.in/ini.v1 v1.67.3 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect - k8s.io/apiextensions-apiserver v0.35.3 // indirect - k8s.io/apiserver v0.35.3 // indirect - k8s.io/code-generator v0.35.3 // indirect - k8s.io/component-base v0.35.3 // indirect + k8s.io/apiextensions-apiserver v0.35.6 // indirect + k8s.io/apiserver v0.35.6 // indirect + k8s.io/code-generator v0.35.6 // indirect + k8s.io/component-base v0.35.6 // indirect k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b // indirect - k8s.io/kube-openapi v0.0.0-20260330154417-16be699c7b31 // indirect - k8s.io/utils v0.0.0-20260319190234-28399d86e0b5 // indirect + k8s.io/kube-openapi v0.0.0-20260624041617-8f3fa4921821 // indirect + k8s.io/utils v0.0.0-20260626114624-be93311217bd // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect sigs.k8s.io/gateway-api v1.5.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect diff --git a/go.sum b/go.sum index bebee50a0e..9641cc174d 100644 --- a/go.sum +++ b/go.sum @@ -1,36 +1,38 @@ al.essio.dev/pkg/shellescape v1.6.0 h1:NxFcEqzFSEVCGN2yq7Huv/9hyCEGVa/TncnOOBBeXHA= al.essio.dev/pkg/shellescape v1.6.0/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1 h1:PMmTMyvHScV9Mn8wc6ASge9uRcHy0jtqPd+fM35LmsQ= -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM= -cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4= -cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260415201107-50325440f8f2.1 h1:s6hzCXtND/ICdGPTMGk7C+/BFlr2Jg5GyH0NKf4XGXg= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260415201107-50325440f8f2.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM= +cel.dev/expr v0.25.2 h1:K6j46C81hXtZQfuX60cVWQFBJahKSE2gfRbNuvr5bFs= +cel.dev/expr v0.25.2/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.123.0 h1:2NAUJwPR47q+E35uaJeYoNhuNEM9kM8SjgRgdeOJUSE= cloud.google.com/go v0.123.0/go.mod h1:xBoMV08QcqUGuPW65Qfm1o9Y4zKZBpGS+7bImXLTAZU= -cloud.google.com/go/auth v0.19.0 h1:DGYwtbcsGsT1ywuxsIoWi1u/vlks0moIblQHgSDgQkQ= -cloud.google.com/go/auth v0.19.0/go.mod h1:2Aph7BT2KnaSFOM0JDPyiYgNh6PL9vGMiP8CUIXZ+IY= +cloud.google.com/go/auth v0.20.0 h1:kXTssoVb4azsVDoUiF8KvxAqrsQcQtB53DcSgta74CA= +cloud.google.com/go/auth v0.20.0/go.mod h1:942/yi/itH1SsmpyrbnTMDgGfdy2BUqIKyd0cyYLc5Q= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs= cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10= -cloud.google.com/go/iam v1.5.3 h1:+vMINPiDF2ognBJ97ABAYYwRgsaqxPbQDlMnbHMjolc= -cloud.google.com/go/iam v1.5.3/go.mod h1:MR3v9oLkZCTlaqljW6Eb2d3HGDGK5/bDv93jhfISFvU= -cloud.google.com/go/kms v1.26.0 h1:cK9mN2cf+9V63D3H1f6koxTatWy39aTI/hCjz1I+adU= -cloud.google.com/go/kms v1.26.0/go.mod h1:pHKOdFJm63hxBsiPkYtowZPltu9dW0MWvBa6IA4HM58= -cloud.google.com/go/longrunning v0.8.0 h1:LiKK77J3bx5gDLi4SMViHixjD2ohlkwBi+mKA7EhfW8= -cloud.google.com/go/longrunning v0.8.0/go.mod h1:UmErU2Onzi+fKDg2gR7dusz11Pe26aknR4kHmJJqIfk= -connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14= -connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w= -cuelabs.dev/go/oci/ociregistry v0.0.0-20251212221603-3adeb8663819 h1:Zh+Ur3OsoWpvALHPLT45nOekHkgOt+IOfutBbPqM17I= -cuelabs.dev/go/oci/ociregistry v0.0.0-20251212221603-3adeb8663819/go.mod h1:WjmQxb+W6nVNCgj8nXrF24lIz95AHwnSl36tpjDZSU8= -cuelang.org/go v0.16.0 h1:mmt9SL/IzfSIiBKuP5wxdO4xLjvIHr3urpbjCDdMV5U= -cuelang.org/go v0.16.0/go.mod h1:4veMX+GpsK0B91b1seGXoozG80LJCczvG1M1Re/knxo= -cyphar.com/go-pathrs v0.2.4 h1:iD/mge36swa1UFKdINkr1Frkpp6wZsy3YYEildj9cLY= -cyphar.com/go-pathrs v0.2.4/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc= +cloud.google.com/go/iam v1.7.0 h1:JD3zh0C6LHl16aCn5Akff0+GELdp1+4hmh6ndoFLl8U= +cloud.google.com/go/iam v1.7.0/go.mod h1:tetWZW1PD/m6vcuY2Zj/aU0eCHNPuxedbnbRTyKXvdY= +cloud.google.com/go/kms v1.31.0 h1:LS8N92OxFDgOLg5NCo3OmbvjtQAIVT5gUHVLKIDHaFE= +cloud.google.com/go/kms v1.31.0/go.mod h1:YIyXZym11R5uovJJt4oN5eUL3oPmirF3yKeIh6QAf4U= +cloud.google.com/go/longrunning v0.9.0 h1:0EzbDEGsAvOZNbqXopgniY0w0a1phvu5IdUFq8grmqY= +cloud.google.com/go/longrunning v0.9.0/go.mod h1:pkTz846W7bF4o2SzdWJ40Hu0Re+UoNT6Q5t+igIcb8E= +connectrpc.com/connect v1.19.2 h1:McQ83FGdzL+t60peksi0gXC7MQ/iLKgLduAnThbM0mo= +connectrpc.com/connect v1.19.2/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w= +cuelabs.dev/go/oci/ociregistry v0.0.0-20260618065901-6befdbcb3cf6 h1:kcpQNPyadaMvi8O9qkIRbkLAGiQr1RO1RUbrLms43XQ= +cuelabs.dev/go/oci/ociregistry v0.0.0-20260618065901-6befdbcb3cf6/go.mod h1:WjmQxb+W6nVNCgj8nXrF24lIz95AHwnSl36tpjDZSU8= +cuelang.org/go v0.16.1 h1:iPN1lHZd2J0hjcr8hfq9PnIGk7VfPkKFfxH4de+m9sE= +cuelang.org/go v0.16.1/go.mod h1:/aW3967FeWC5Hc1cDrN4Z4ICVApdMi83wO5L3uF/1hM= +cyphar.com/go-pathrs v0.2.5 h1:SnX9FBvnoyn3lUs1dkMgZ52bAETpirNu3FTRh5HlRik= +cyphar.com/go-pathrs v0.2.5/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= -filippo.io/edwards25519 v1.1.1 h1:YpjwWWlNmGIDyXOn8zLzqiD+9TyIlPhGFG96P39uBpw= -filippo.io/edwards25519 v1.1.1/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo= +filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc= +filippo.io/mldsa v0.0.0-20260215214346-43d0283efc3e h1:VsUbObBMxXlc23Eb9VeeJYE4jvTs87qa5RqSN2U5FJU= +filippo.io/mldsa v0.0.0-20260215214346-43d0283efc3e/go.mod h1:32qQ5yj3R24Eu03iWFWchdC3OB653wPvoepWejkefbY= github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjqpY4C7H15HjRPEenkS4SAn3Jy2eRRjkjZbGR30TOg= github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d/go.mod h1:XNqJ7hv2kY++g8XEHREpi+JqZo3+0l+CH2egBVN4yqM= github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.20.0 h1:LU830/Tuj5c6xSpEjyrymfY5fGInchwMWRp1aSBXbS8= @@ -39,12 +41,12 @@ github.com/AliyunContainerService/ack-ram-tool/pkg/ecsmetadata v0.0.10 h1:03PGMq github.com/AliyunContainerService/ack-ram-tool/pkg/ecsmetadata v0.0.10/go.mod h1:QM3VKYNyD5thMEWqKef+uOfpNmZG7RjG7wOsCdavj9w= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 h1:fou+2+WFTib47nS+nz/ozhEBnvU96bKHy6LjRsY4E28= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0/go.mod h1:t76Ruy8AHvUAC8GfMWJMa0ElSbuIcO03NLpynfbgsPA= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1 h1:jHb/wfvRikGdxMXYV3QG/SzUOPYN9KEUUuC0Yd0/vC0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1/go.mod h1:pzBXCYn05zvYIrwLgtK8Ap8QcjRg+0i76tMQdWN6wOk= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0 h1:fhqpLE3UEXi9lPaBRpQ6XuRW0nU7hgg4zlmZZa+a9q4= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0/go.mod h1:7dCRMLwisfRH3dBupKeNCioWYUZ4SS09Z14H+7i8ZoY= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.4.0 h1:E4MgwLBGeVB5f2MdcIVD3ELVAWpr+WD6MUe1i+tM/PA= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.4.0/go.mod h1:Y2b/1clN4zsAoUd/pgNAQHjLDnTis/6ROkUfyob6psM= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 h1:nCYfgcSyHZXJI8J0IWE5MsCGlb2xp9fJiXyxWgmOFg4= @@ -77,8 +79,8 @@ github.com/Azure/go-autorest/logger v0.2.2/go.mod h1:I5fg9K52o+iuydlWfa9T5K6WFos github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/Azure/go-autorest/tracing v0.6.1 h1:YUMSrC/CeD1ZnnXcNYU4a/fzsO35u2Fsful9L/2nyR0= github.com/Azure/go-autorest/tracing v0.6.1/go.mod h1:/3EgjbsjraOqiicERAeu3m7/z0x1TzjQGAwDrJrXGkc= -github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0 h1:4iB+IesclUXdP0ICgAabvq2FYLXrJWKx1fJQ+GxSo3Y= -github.com/AzureAD/microsoft-authentication-library-for-go v1.7.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk= +github.com/AzureAD/microsoft-authentication-library-for-go v1.7.1 h1:edShSHV3DV90+kt+CMaEXEzR9QF7wFrPJxVGz2blMIU= +github.com/AzureAD/microsoft-authentication-library-for-go v1.7.1/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= @@ -142,52 +144,50 @@ github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmP github.com/aliyun/credentials-go v1.4.5/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= github.com/aliyun/credentials-go v1.4.12 h1:7D8eXGotNwthZuUEgAMgBoqxmIHwfaPVwW+/04LIJSQ= github.com/aliyun/credentials-go v1.4.12/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= -github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= -github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= -github.com/aquasecurity/libbpfgo v0.9.2-libbpf-1.5.1 h1:TDN+16Nim3gimjuTxd+sFhb4v06mEeYH0JfRWAFowA0= -github.com/aquasecurity/libbpfgo v0.9.2-libbpf-1.5.1/go.mod h1:JQNC5NuGwyYC7IZum6JqPNVHarFAuab+h4lO6t0jIhc= +github.com/aquasecurity/libbpfgo v0.10.0-libbpf-1.5.1 h1:i/6EeKnBR3XVeLmOyMbM0Oq+kIC08n613zwkD8lix8w= +github.com/aquasecurity/libbpfgo v0.10.0-libbpf-1.5.1/go.mod h1:veHe4u3xEpl0TBV+wX0AFJWOsnteNPOhNklRbYf3d+k= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ= github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk= -github.com/aws/aws-sdk-go-v2 v1.41.5 h1:dj5kopbwUsVUVFgO4Fi5BIT3t4WyqIDjGKCangnV/yY= -github.com/aws/aws-sdk-go-v2 v1.41.5/go.mod h1:mwsPRE8ceUUpiTgF7QmQIJ7lgsKUPQOUl3o72QBrE1o= -github.com/aws/aws-sdk-go-v2/config v1.32.13 h1:5KgbxMaS2coSWRrx9TX/QtWbqzgQkOdEa3sZPhBhCSg= -github.com/aws/aws-sdk-go-v2/config v1.32.13/go.mod h1:8zz7wedqtCbw5e9Mi2doEwDyEgHcEE9YOJp6a8jdSMY= -github.com/aws/aws-sdk-go-v2/credentials v1.19.13 h1:mA59E3fokBvyEGHKFdnpNNrvaR351cqiHgRg+JzOSRI= -github.com/aws/aws-sdk-go-v2/credentials v1.19.13/go.mod h1:yoTXOQKea18nrM69wGF9jBdG4WocSZA1h38A+t/MAsk= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21 h1:NUS3K4BTDArQqNu2ih7yeDLaS3bmHD0YndtA6UP884g= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21/go.mod h1:YWNWJQNjKigKY1RHVJCuupeWDrrHjRqHm0N9rdrWzYI= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 h1:Rgg6wvjjtX8bNHcvi9OnXWwcE0a2vGpbwmtICOsvcf4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21/go.mod h1:A/kJFst/nm//cyqonihbdpQZwiUhhzpqTsdbhDdRF9c= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 h1:PEgGVtPoB6NTpPrBgqSE5hE/o47Ij9qk/SEZFbUOe9A= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21/go.mod h1:p+hz+PRAYlY3zcpJhPwXlLC4C+kqn70WIHwnzAfs6ps= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 h1:qYQ4pzQ2Oz6WpQ8T3HvGHnZydA72MnLuFK9tJwmrbHw= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6/go.mod h1:O3h0IK87yXci+kg6flUKzJnWeziQUKciKrLjcatSNcY= +github.com/aws/aws-sdk-go-v2 v1.42.0 h1:XvXMJTkFQtpBKIWZnmr9ZEOc2InWM2yldjXEJ/bymhA= +github.com/aws/aws-sdk-go-v2 v1.42.0/go.mod h1:27+ACypSLljLAEKsCYOmrjKh83vuTRkuAe9Uv/3A4bg= +github.com/aws/aws-sdk-go-v2/config v1.32.26 h1:JI+W5B3jUA8UBz2ggbICGd9UCR6/+SB21G8EFl0SFTQ= +github.com/aws/aws-sdk-go-v2/config v1.32.26/go.mod h1:RLE2Ls/wRstvdSz1GPrIWNnXcKZ/znDdWyMuiQxdBoY= +github.com/aws/aws-sdk-go-v2/credentials v1.19.25 h1:TzPVjfUZ1hsKafvYE+DIzKXIik2KufQxsPHanlkttbo= +github.com/aws/aws-sdk-go-v2/credentials v1.19.25/go.mod h1:K4hw0buguVvtC74HnVfTRr0LzQQHAWPqJbBU9QGk2Pg= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.29 h1:r6qZHbT+wxgWO/e9vYNUEtg7lv5+UN3pRqKhLXvnArg= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.29/go.mod h1:QRnaRcTVGKPGRy8w78HMQtKUGRYcnMZAANATkeVA6Mo= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.29 h1:f3vKqSo13fhTYb+JEcXwXefZQE26I1FB5eTSniU67ko= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.29/go.mod h1:MzoLFUArKGpGD+ukmPiTPG1X5x4o6M2kq4v2dr1FiEc= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.29 h1:RdwIf/CuUsvJX3RgJagbOyotl/cxoLY4xviKuE7p2GY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.29/go.mod h1:71wt8W2EgswdZy9Mf9KNnzxZ3TiZlv4caKghPktDOkA= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.30 h1:VTGy885W5DKBxWRUJbym9hytNaYzsyaPkCHGRRMAOhU= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.30/go.mod h1:AS0HycUvJRFvTt613AYDOgO2jzw+00cVSMny8XB3yMY= github.com/aws/aws-sdk-go-v2/service/ecr v1.56.2 h1:B/psparkCzFM8Ct1MHyOLQ9I6GxpC8GaIgWLMgp1uv8= github.com/aws/aws-sdk-go-v2/service/ecr v1.56.2/go.mod h1:BcTorrilUv1q7JyC3X8qiVc48qJpttMTIb3bdVV92lA= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.13 h1:mRgG1o6IKIDYiOtpLmQ18yf1GxDOSCzqv2ch4gf9kZU= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.13/go.mod h1:9NhDlaA8e8G5r64GicBAHiIC/1ZOIIZqrKP9D6/WwLg= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 h1:5EniKhLZe4xzL7a+fU3C2tfUN4nWIqlLesfrjkuPFTY= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7/go.mod h1:x0nZssQ3qZSnIcePWLvcoFisRXJzcTVvYpAAdYX8+GI= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 h1:c31//R3xgIJMSC8S6hEVq+38DcvUlgFY0FM6mSI5oto= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21/go.mod h1:r6+pf23ouCB718FUxaqzZdbpYFyDtehyZcmP5KL9FkA= -github.com/aws/aws-sdk-go-v2/service/kms v1.50.3 h1:s/zDSG/a/Su9aX+v0Ld9cimUCdkr5FWPmBV8owaEbZY= -github.com/aws/aws-sdk-go-v2/service/kms v1.50.3/go.mod h1:/iSgiUor15ZuxFGQSTf3lA2FmKxFsQoc2tADOarQBSw= -github.com/aws/aws-sdk-go-v2/service/signin v1.0.9 h1:QKZH0S178gCmFEgst8hN0mCX1KxLgHBKKY/CLqwP8lg= -github.com/aws/aws-sdk-go-v2/service/signin v1.0.9/go.mod h1:7yuQJoT+OoH8aqIxw9vwF+8KpvLZ8AWmvmUWHsGQZvI= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.14 h1:GcLE9ba5ehAQma6wlopUesYg/hbcOhFNWTjELkiWkh4= -github.com/aws/aws-sdk-go-v2/service/sso v1.30.14/go.mod h1:WSvS1NLr7JaPunCXqpJnWk1Bjo7IxzZXrZi1QQCkuqM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.18 h1:mP49nTpfKtpXLt5SLn8Uv8z6W+03jYVoOSAl/c02nog= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.18/go.mod h1:YO8TrYtFdl5w/4vmjL8zaBSsiNp3w0L1FfKVKenZT7w= -github.com/aws/aws-sdk-go-v2/service/sts v1.41.10 h1:p8ogvvLugcR/zLBXTXrTkj0RYBUdErbMnAFFp12Lm/U= -github.com/aws/aws-sdk-go-v2/service/sts v1.41.10/go.mod h1:60dv0eZJfeVXfbT1tFJinbHrDfSJ2GZl4Q//OSSNAVw= -github.com/aws/smithy-go v1.24.2 h1:FzA3bu/nt/vDvmnkg+R8Xl46gmzEDam6mZ1hzmwXFng= -github.com/aws/smithy-go v1.24.2/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.15 h1:nW/zPIjkAgHV1xv8NHdLQtGMoHVj2toMj8/H6SMqjVw= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.15/go.mod h1:FXDXpYy2PKdkQQr4ERMoRzVKcga0O/hmtRbMaQSpe8U= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.12 h1:ZD2+BSw9vFsNlKYIasSNt3uDbjqqXIBcM13UJv/Lx2k= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.12/go.mod h1:Ms4zlcVBbXbiP7EVLhl+lgjvA/a7YphqQ3Ih3174EmI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.29 h1:DRebniUGZ2MqiiIVmQJ04vIXr918hubdHMnarSLEWyU= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.29/go.mod h1:LfRkPCD8YHDM2E5eTkos2UpwYeZnBcVarTa8L59bJHA= +github.com/aws/aws-sdk-go-v2/service/kms v1.51.1 h1:zuSf4olLKZW8cF/W9Y5wvGT+/0raY/3kVp49KsGs0QY= +github.com/aws/aws-sdk-go-v2/service/kms v1.51.1/go.mod h1:Y0+uxvxz6ib4KktRdK0V4X45Vcs/JyYoz8H71pO8xeI= +github.com/aws/aws-sdk-go-v2/service/signin v1.2.1 h1:BeJmkm5YOZs6lGRGcNoIuLSoTTtGLLCEqlSiRKYodfM= +github.com/aws/aws-sdk-go-v2/service/signin v1.2.1/go.mod h1:LxYujSTLPRlp2vTtcUO/+1ilrew8ytt6SvQyOgejzFQ= +github.com/aws/aws-sdk-go-v2/service/sso v1.31.4 h1:i465b/3c7xJd++pobNIDOggouekCuiWOnB0goQJy+94= +github.com/aws/aws-sdk-go-v2/service/sso v1.31.4/go.mod h1:Lk7PlmoTYryQmyBG0EXqj5BcUbj3whXdU2s3yGI3EAc= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.7 h1:xbmJAnBbyYPkTzoCNCF/bpJ6ymQHRdXX1vquYfDIGYk= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.7/go.mod h1:Q5N6icH+KJZDLh+ESNwzdv6cZ6vLFF/egy3IOxWhmz4= +github.com/aws/aws-sdk-go-v2/service/sts v1.43.4 h1:Np0vmL7op0Zs5xGacYMMX3v5O5pvZ46xhb5LwDgPj8M= +github.com/aws/aws-sdk-go-v2/service/sts v1.43.4/go.mod h1:r8wkDOuLaaMFqFiYAb8dGY2A3gJCOujMc6CFOVC4Zhc= +github.com/aws/smithy-go v1.27.3 h1:F3Zb497UhhskkfpJmfkXswyo+t0sh9OTBnIHjogWbVY= +github.com/aws/smithy-go v1.27.3/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.12.0 h1:JFWXO6QPihCknDdnL6VaQE57km4ZKheHIGd9YiOGcTo= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.12.0/go.mod h1:046/oLyFlYdAghYQE2yHXi/E//VM5Cf3/dFmA+3CZ0c= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -196,8 +196,8 @@ github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdn github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/buildkite/agent/v3 v3.121.0 h1:3XZilxC68EDHetNIxrkGgYGiBktIEHi7USkspTMe1Is= -github.com/buildkite/agent/v3 v3.121.0/go.mod h1:wH8bnT10nFhpxgUJ2ToLf1OZ4WaQh5Y/RxybFYkEVsY= +github.com/buildkite/agent/v3 v3.121.1 h1:oGLVkNBo1OYR97aSPSuq9WDIKCLc0mAbDs9P46ny3Lw= +github.com/buildkite/agent/v3 v3.121.1/go.mod h1:O0n8NcsBVBz/fvEzg5AAJUHVHip2X2jVWreGA0r3y3M= github.com/buildkite/go-pipeline v0.16.0 h1:wEgWUMRAgSg1ZnWOoA3AovtYYdTvN0dLY1zwUWmPP+4= github.com/buildkite/go-pipeline v0.16.0/go.mod h1:VE37qY3X5pmAKKUMoDZvPsHOQuyakB9cmXj9Qn6QasA= github.com/buildkite/interpolate v0.1.5 h1:v2Ji3voik69UZlbfoqzx+qfcsOKLA61nHdU79VV+tPU= @@ -212,8 +212,8 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cert-manager/cert-manager v1.20.1 h1:99ExHJu5TPp1V92AvvE4oY6BkOSyJiWLxxMkbqbdGaY= -github.com/cert-manager/cert-manager v1.20.1/go.mod h1:ut67FnggYJJqAdDWLhSPnj10P06QwbNU88RYNh9MvMc= +github.com/cert-manager/cert-manager v1.20.3 h1:7zgThbjfRBNjN2/cM/Wdo/vl/oeFQybIMNzxd1Ocipc= +github.com/cert-manager/cert-manager v1.20.3/go.mod h1:Aqf5P0xRh9aey1p10m2c3UAk/Vb/FBPyH3WQxJRm+7Y= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4= @@ -236,10 +236,8 @@ github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUo github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ= github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= -github.com/containerd/stargz-snapshotter/estargz v0.18.2 h1:yXkZFYIzz3eoLwlTUZKz2iQ4MrckBxJjkmD16ynUTrw= -github.com/containerd/stargz-snapshotter/estargz v0.18.2/go.mod h1:XyVU5tcJ3PRpkA9XS2T5us6Eg35yM0214Y+wvrZTBrY= -github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc= -github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8= +github.com/coreos/go-oidc/v3 v3.18.0 h1:V9orjXynvu5wiC9SemFTWnG4F45v403aIcjWo0d41+A= +github.com/coreos/go-oidc/v3 v3.18.0/go.mod h1:DYCf24+ncYi+XkIH97GY1+dqoRlbaSI26KVTCI9SrY4= github.com/coreos/go-systemd/v22 v22.7.0 h1:LAEzFkke61DFROc7zNLX/WA2i5J8gYqe0rSj9KI28KA= github.com/coreos/go-systemd/v22 v22.7.0/go.mod h1:xNUYtjHu2EDXbsxz1i41wouACIwT7Ybq9o0BQhMwD0w= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= @@ -249,8 +247,8 @@ github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 h1:uX1JmpONuD549D73r6cgnxyUu18Zb7yHAy5AYU0Pm4Q= github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= -github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE= -github.com/cyphar/filepath-securejoin v0.6.1/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= +github.com/cyphar/filepath-securejoin v0.7.0 h1:s0Y3ITPy6sQn5xt54DuYvTF8hu134ooYLUb58DX/HjE= +github.com/cyphar/filepath-securejoin v0.7.0/go.mod h1:ymLGms/u3BYaviIiuKFnUx8EkQEZeK6cInNoAPJA3o4= github.com/danieljoos/wincred v1.2.3 h1:v7dZC2x32Ut3nEfRH+vhoZGvN72+dQ/snVXo/vMFLdQ= github.com/danieljoos/wincred v1.2.3/go.mod h1:6qqX0WNrS4RzPZ1tnroDzq9kY3fu1KwE7MRLQK4X0bs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -274,12 +272,10 @@ github.com/digitorus/timestamp v0.0.0-20250524132541-c45532741eea h1:ALRwvjsSP53 github.com/digitorus/timestamp v0.0.0-20250524132541-c45532741eea/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/docker/cli v29.3.1+incompatible h1:M04FDj2TRehDacrosh7Vlkgc7AuQoWloQkf1PA5hmoI= -github.com/docker/cli v29.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= -github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker-credential-helpers v0.9.5 h1:EFNN8DHvaiK8zVqFA2DT6BjXE0GzfLOZ38ggPTKePkY= -github.com/docker/docker-credential-helpers v0.9.5/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c= +github.com/docker/cli v29.5.3+incompatible h1:nbEFfz774vBwQ5KRYv7c/AghjReqnGISvrRhzjV0evs= +github.com/docker/cli v29.5.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/docker-credential-helpers v0.9.8 h1:bIREROb7So6PRlq6KTtdS9MPEjC29OQRkFNlvK2OX8Q= +github.com/docker/docker-credential-helpers v0.9.8/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= @@ -307,14 +303,14 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= -github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= -github.com/fxamacker/cbor/v2 v2.9.1 h1:2rWm8B193Ll4VdjsJY28jxs70IdDsHRWgQYAI80+rMQ= -github.com/fxamacker/cbor/v2 v2.9.1/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/fsnotify/fsnotify v1.10.1 h1:b0/UzAf9yR5rhf3RPm9gf3ehBPpf0oZKIjtpKrx59Ho= +github.com/fsnotify/fsnotify v1.10.1/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo= +github.com/fxamacker/cbor/v2 v2.9.2 h1:X4Ksno9+x3cz0TZv69ec1hxP/+tymuR8PXQJyDwfh78= +github.com/fxamacker/cbor/v2 v2.9.2/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/go-chi/chi/v5 v5.2.5 h1:Eg4myHZBjyvJmAFjFvWgrqDTXFyOzjj7YIm3L3mu6Ug= github.com/go-chi/chi/v5 v5.2.5/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0= -github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= -github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -322,58 +318,58 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/analysis v0.25.0 h1:EnjAq1yO8wEO9HbPmY8vLPEIkdZuuFhCAKBPvCB7bCs= -github.com/go-openapi/analysis v0.25.0/go.mod h1:5WFTRE43WLkPG9r9OtlMfqkkvUTYLVVCIxLlEpyF8kE= -github.com/go-openapi/errors v0.22.7 h1:JLFBGC0Apwdzw3484MmBqspjPbwa2SHvpDm0u5aGhUA= -github.com/go-openapi/errors v0.22.7/go.mod h1://QW6SD9OsWtH6gHllUCddOXDL0tk0ZGNYHwsw4sW3w= -github.com/go-openapi/jsonpointer v0.22.5 h1:8on/0Yp4uTb9f4XvTrM2+1CPrV05QPZXu+rvu2o9jcA= -github.com/go-openapi/jsonpointer v0.22.5/go.mod h1:gyUR3sCvGSWchA2sUBJGluYMbe1zazrYWIkWPjjMUY0= -github.com/go-openapi/jsonreference v0.21.5 h1:6uCGVXU/aNF13AQNggxfysJ+5ZcU4nEAe+pJyVWRdiE= -github.com/go-openapi/jsonreference v0.21.5/go.mod h1:u25Bw85sX4E2jzFodh1FOKMTZLcfifd1Q+iKKOUxExw= -github.com/go-openapi/loads v0.23.3 h1:g5Xap1JfwKkUnZdn+S0L3SzBDpcTIYzZ5Qaag0YDkKQ= -github.com/go-openapi/loads v0.23.3/go.mod h1:NOH07zLajXo8y55hom0omlHWDVVvCwBM/S+csCK8LqA= -github.com/go-openapi/runtime v0.29.3 h1:h5twGaEqxtQg40ePiYm9vFFH1q06Czd7Ot6ufdK0w/Y= -github.com/go-openapi/runtime v0.29.3/go.mod h1:8A1W0/L5eyNJvKciqZtvIVQvYO66NlB7INMSZ9bw/oI= -github.com/go-openapi/spec v0.22.4 h1:4pxGjipMKu0FzFiu/DPwN3CTBRlVM2yLf/YTWorYfDQ= -github.com/go-openapi/spec v0.22.4/go.mod h1:WQ6Ai0VPWMZgMT4XySjlRIE6GP1bGQOtEThn3gcWLtQ= -github.com/go-openapi/strfmt v0.26.1 h1:7zGCHji7zSYDC2tCXIusoxYQz/48jAf2q+sF6wXTG+c= -github.com/go-openapi/strfmt v0.26.1/go.mod h1:Zslk5VZPOISLwmWTMBIS7oiVFem1o1EI6zULY8Uer7Y= -github.com/go-openapi/swag v0.25.5 h1:pNkwbUEeGwMtcgxDr+2GBPAk4kT+kJ+AaB+TMKAg+TU= -github.com/go-openapi/swag v0.25.5/go.mod h1:B3RT6l8q7X803JRxa2e59tHOiZlX1t8viplOcs9CwTA= -github.com/go-openapi/swag/cmdutils v0.25.5 h1:yh5hHrpgsw4NwM9KAEtaDTXILYzdXh/I8Whhx9hKj7c= -github.com/go-openapi/swag/cmdutils v0.25.5/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0= -github.com/go-openapi/swag/conv v0.25.5 h1:wAXBYEXJjoKwE5+vc9YHhpQOFj2JYBMF2DUi+tGu97g= -github.com/go-openapi/swag/conv v0.25.5/go.mod h1:CuJ1eWvh1c4ORKx7unQnFGyvBbNlRKbnRyAvDvzWA4k= -github.com/go-openapi/swag/fileutils v0.25.5 h1:B6JTdOcs2c0dBIs9HnkyTW+5gC+8NIhVBUwERkFhMWk= -github.com/go-openapi/swag/fileutils v0.25.5/go.mod h1:V3cT9UdMQIaH4WiTrUc9EPtVA4txS0TOmRURmhGF4kc= -github.com/go-openapi/swag/jsonname v0.25.5 h1:8p150i44rv/Drip4vWI3kGi9+4W9TdI3US3uUYSFhSo= -github.com/go-openapi/swag/jsonname v0.25.5/go.mod h1:jNqqikyiAK56uS7n8sLkdaNY/uq6+D2m2LANat09pKU= -github.com/go-openapi/swag/jsonutils v0.25.5 h1:XUZF8awQr75MXeC+/iaw5usY/iM7nXPDwdG3Jbl9vYo= -github.com/go-openapi/swag/jsonutils v0.25.5/go.mod h1:48FXUaz8YsDAA9s5AnaUvAmry1UcLcNVWUjY42XkrN4= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.5 h1:SX6sE4FrGb4sEnnxbFL/25yZBb5Hcg1inLeErd86Y1U= -github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.5/go.mod h1:/2KvOTrKWjVA5Xli3DZWdMCZDzz3uV/T7bXwrKWPquo= -github.com/go-openapi/swag/loading v0.25.5 h1:odQ/umlIZ1ZVRteI6ckSrvP6e2w9UTF5qgNdemJHjuU= -github.com/go-openapi/swag/loading v0.25.5/go.mod h1:I8A8RaaQ4DApxhPSWLNYWh9NvmX2YKMoB9nwvv6oW6g= -github.com/go-openapi/swag/mangling v0.25.5 h1:hyrnvbQRS7vKePQPHHDso+k6CGn5ZBs5232UqWZmJZw= -github.com/go-openapi/swag/mangling v0.25.5/go.mod h1:6hadXM/o312N/h98RwByLg088U61TPGiltQn71Iw0NY= -github.com/go-openapi/swag/netutils v0.25.5 h1:LZq2Xc2QI8+7838elRAaPCeqJnHODfSyOa7ZGfxDKlU= -github.com/go-openapi/swag/netutils v0.25.5/go.mod h1:lHbtmj4m57APG/8H7ZcMMSWzNqIQcu0RFiXrPUara14= -github.com/go-openapi/swag/stringutils v0.25.5 h1:NVkoDOA8YBgtAR/zvCx5rhJKtZF3IzXcDdwOsYzrB6M= -github.com/go-openapi/swag/stringutils v0.25.5/go.mod h1:PKK8EZdu4QJq8iezt17HM8RXnLAzY7gW0O1KKarrZII= -github.com/go-openapi/swag/typeutils v0.25.5 h1:EFJ+PCga2HfHGdo8s8VJXEVbeXRCYwzzr9u4rJk7L7E= -github.com/go-openapi/swag/typeutils v0.25.5/go.mod h1:itmFmScAYE1bSD8C4rS0W+0InZUBrB2xSPbWt6DLGuc= -github.com/go-openapi/swag/yamlutils v0.25.5 h1:kASCIS+oIeoc55j28T4o8KwlV2S4ZLPT6G0iq2SSbVQ= -github.com/go-openapi/swag/yamlutils v0.25.5/go.mod h1:Gek1/SjjfbYvM+Iq4QGwa/2lEXde9n2j4a3wI3pNuOQ= -github.com/go-openapi/testify/enable/yaml/v2 v2.4.1 h1:NZOrZmIb6PTv5LTFxr5/mKV/FjbUzGE7E6gLz7vFoOQ= -github.com/go-openapi/testify/enable/yaml/v2 v2.4.1/go.mod h1:r7dwsujEHawapMsxA69i+XMGZrQ5tRauhLAjV/sxg3Q= -github.com/go-openapi/testify/v2 v2.4.1 h1:zB34HDKj4tHwyUQHrUkpV0Q0iXQ6dUCOQtIqn8hE6Iw= -github.com/go-openapi/testify/v2 v2.4.1/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= -github.com/go-openapi/validate v0.25.2 h1:12NsfLAwGegqbGWr2CnvT65X/Q2USJipmJ9b7xDJZz0= -github.com/go-openapi/validate v0.25.2/go.mod h1:Pgl1LpPPGFnZ+ys4/hTlDiRYQdI1ocKypgE+8Q8BLfY= +github.com/go-openapi/analysis v0.25.3 h1:4zlcg85pd2xq3sEgjW887n1IpwCpCqTmqeT6dP9OxDw= +github.com/go-openapi/analysis v0.25.3/go.mod h1:6PEmUIra9/rn6SPstzbrMkhFAsMB2qm7g6E+4DRFyCU= +github.com/go-openapi/errors v0.22.8 h1:oP7sW7TWc3wFFjrzzj0nI83H2qMBkNjNfSd+XRejk/I= +github.com/go-openapi/errors v0.22.8/go.mod h1:BuUoHcYrU6E7V9gfj1I5wLQqgtIHnup/alXZ8KdgQ0w= +github.com/go-openapi/jsonpointer v0.23.2 h1:DK7R/3zAt4xTytxNkw7jARGPFI7rkaSsii58n8X45x0= +github.com/go-openapi/jsonpointer v0.23.2/go.mod h1:noUOckXtq7b4bVkqw0sbHKieq9uEZRN7p6EF/dalc4w= +github.com/go-openapi/jsonreference v0.21.6 h1:NZ5nGfnaM1n4I43Xjm1e5/M2GjOwQwndQz22uhxwD+Y= +github.com/go-openapi/jsonreference v0.21.6/go.mod h1:xzbgtQ3ZbWxvET3AxdzCJlJt6vkovbf+IfSPJjD0tUY= +github.com/go-openapi/loads v0.23.4 h1:UMC8JClHQeASS+bh1Uc8ShGG6IrKt1kbM2DgFhx/vF0= +github.com/go-openapi/loads v0.23.4/go.mod h1:oXw5oD+IGqI5BdfQgN7y9OXR8JhsAfEDpwWKxpGzeno= +github.com/go-openapi/runtime v0.29.5 h1:uc5+/TtqLIfDBTUxnF3uppoGMt+9DzonwUWsviINlrY= +github.com/go-openapi/runtime v0.29.5/go.mod h1:D9IUbWccdYv+km8QwmAm90FZvDcQk47vP2Y7y5as/D8= +github.com/go-openapi/spec v0.22.6 h1:Tyy1pLaNCM8GBCFLoGYLonjJi6zykqyLCjXLc19ZPic= +github.com/go-openapi/spec v0.22.6/go.mod h1:HZvTHat+iH0PALQRWhrqIHtU/PEqxqd89fu0MxGlMeM= +github.com/go-openapi/strfmt v0.26.4 h1:yI6IAEfcWow459BD5UzFY430KUwXZwBHrYusPFkhWlc= +github.com/go-openapi/strfmt v0.26.4/go.mod h1:hNJi6nb5ETD6i7A1yRo03M9S6ZoTPPoWff1iUexmfUc= +github.com/go-openapi/swag v0.26.1 h1:l5sVEyVpwj+DDYeZyo7wQI/Ebn/mKYIyGB/pFwAfGoQ= +github.com/go-openapi/swag v0.26.1/go.mod h1:yNY38BbIVthxbkDtq1UHBCGasBqjakW3lCR6ANzdBEw= +github.com/go-openapi/swag/cmdutils v0.26.1 h1:f2iE1ijYaJ3nuu5PaEMx3zpEhzhZFgivCJObWEObLIQ= +github.com/go-openapi/swag/cmdutils v0.26.1/go.mod h1:Sm1MVFMkF6guJJ+pQqHnQA3N0j9qALV3NxzDSv6bETM= +github.com/go-openapi/swag/conv v0.26.1 h1:slr5FVkg9Wc3Y5zcwenD8Sd/PQ94b2I/QJI7N7KTBpg= +github.com/go-openapi/swag/conv v0.26.1/go.mod h1:mvQXgPptZk9GTrFgGwWvT4q+dN+zQej9JfmGwnipz1A= +github.com/go-openapi/swag/fileutils v0.26.1 h1:K1XCM2CGhfNsc6YDt6v7Q5+1e59rftYWdcu/isZhvFw= +github.com/go-openapi/swag/fileutils v0.26.1/go.mod h1:mYUgxQAKX4ShS3qvvySx+/9yrlUnDhjiD1CalaQl8lQ= +github.com/go-openapi/swag/jsonname v0.26.1 h1:VReupaV6WxlAsCn0e4DUfgV6bPmINnPpyJDLqSfNPcE= +github.com/go-openapi/swag/jsonname v0.26.1/go.mod h1:OvdW6BoWoj33pTfi7x9vFrgmT+fk7aw0BRwvCE0YOuc= +github.com/go-openapi/swag/jsonutils v0.26.1 h1:2hdBfFkHg+7Wrz2VsCbeyR6hzkRDs7AztnMR2u84yOY= +github.com/go-openapi/swag/jsonutils v0.26.1/go.mod h1:U+RMJH3wa+6BRiphuRtIyI8fW9HPFqFQ4sHk2oRx0UQ= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.1 h1:1CD7NiLLb/TXl3tOnFYU4b+mNfb5rtgHkaA+q7RMYYQ= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.26.1/go.mod h1:ZWafc8nMdYzTE3uYY6W86f0n46+IF0g4uUyRhJw/kXc= +github.com/go-openapi/swag/loading v0.26.1 h1:E9K4wqXeROlhjFQ13K9zMz6ojFGXIggGe+ad1odrK9w= +github.com/go-openapi/swag/loading v0.26.1/go.mod h1:3qvRIlWzWdq1HvmldwmuJ2ohpcAryN6xVt2OTKd0/7E= +github.com/go-openapi/swag/mangling v0.26.1 h1:gpYI4WuPKFJJVjV5cDLGlDVJhFIxYjQc7yN5eEb4CqM= +github.com/go-openapi/swag/mangling v0.26.1/go.mod h1:POETDH01hqAdASXfw7ISEd9bCOE6xBHOt8NHmGZRmYM= +github.com/go-openapi/swag/netutils v0.26.1 h1:BNctoc39WTAUMxyAs355fExOPzMZtPbZ0ZZ1Am2FR5M= +github.com/go-openapi/swag/netutils v0.26.1/go.mod h1:y02vByhZhQPAVwOX+0KipXFZ/hUbk6G/Enhf5rGaOkQ= +github.com/go-openapi/swag/stringutils v0.26.1 h1:f88uYyTso7TnHrKM/bUBsQ5e2wKf37cpgo6pvbzd9yU= +github.com/go-openapi/swag/stringutils v0.26.1/go.mod h1:Sc6d3bU8fgk5AyZR8/8jEQ+Is/Ald+TD/IIggPN8UJk= +github.com/go-openapi/swag/typeutils v0.26.1 h1:yg42FgMzRR6PVQ3M3qHz1s+Y6/P4HoJ3cBarXa3OVnU= +github.com/go-openapi/swag/typeutils v0.26.1/go.mod h1:VfnV+oUtSP2vCSCn2aJgnr8OevUYemyIzzS1VOzS10o= +github.com/go-openapi/swag/yamlutils v0.26.1 h1:0TSLK+lXs9vfIhAWzBeI/lOzEnIoot6WTCO1aAeWFTk= +github.com/go-openapi/swag/yamlutils v0.26.1/go.mod h1:7W5b7PRX9MxwL7TjeG7H8HkyBGRsIDRObhyMWFgBI2M= +github.com/go-openapi/testify/enable/yaml/v2 v2.5.1 h1:q9NtHwK4qHF7yZziBPvZyv7zWAIk8ok88Gh2mR6Jpc8= +github.com/go-openapi/testify/enable/yaml/v2 v2.5.1/go.mod h1:JW0MXIotCYps/XsgJnG3a8Q7rE5xAiBwoOD5OfaIQBk= +github.com/go-openapi/testify/v2 v2.6.0 h1:5PKH2HE7YJ/LuRPQGvSxBRlFXNQhSetBLlGAgUEu3ug= +github.com/go-openapi/testify/v2 v2.6.0/go.mod h1:SgsVHtfooshd0tublTtJ50FPKhujf47YRqauXXOUxfw= +github.com/go-openapi/validate v0.25.3 h1:4nzAIavcJ7WveHK2+V1UAkZK3kWcjzxZCzjfZAfavKs= +github.com/go-openapi/validate v0.25.3/go.mod h1:GemfuGMyYpIaBoKpX3z8sLywrmxpzWVOoJ7R0VeAVuk= github.com/go-piv/piv-go/v2 v2.5.0 h1:w4KZ3GytEGZt8zm+S7olcIHZk0giL23xVqCa2HgwuqA= github.com/go-piv/piv-go/v2 v2.5.0/go.mod h1:ShZi74nnrWNQEdWzRUd/3cSig3uNOcEZp+EWl0oewnI= -github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= -github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= +github.com/go-quicktest/qt v1.101.1-0.20240301121107-c6c8733fa1e6 h1:teYtXy9B7y5lHTp8V9KPxpYRAVA7dozigQcMiBust1s= +github.com/go-quicktest/qt v1.101.1-0.20240301121107-c6c8733fa1e6/go.mod h1:p4lGIVX+8Wa6ZPNDvqcxq36XpUDLh42FLetFU7odllI= github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA= github.com/go-rod/rod v0.116.2/go.mod h1:H+CMO9SCNc2TJ2WfrG+pKhITz57uGNYU43qYHh438Mg= github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo= @@ -435,8 +431,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-containerregistry v0.21.3 h1:Xr+yt3VvwOOn/5nJzd7UoOhwPGiPkYW0zWDLLUXqAi4= -github.com/google/go-containerregistry v0.21.3/go.mod h1:D5ZrJF1e6dMzvInpBPuMCX0FxURz7GLq2rV3Us9aPkc= +github.com/google/go-containerregistry v0.21.7 h1:/vPFuVXDjtFREsVArW+0h1CIl5urnOhzei4X2DMW9IU= +github.com/google/go-containerregistry v0.21.7/go.mod h1:kjSbt7/zMsKLWfnHrIvKvhXHUw91jbe9DNjPPJ32gXE= github.com/google/go-github/v73 v73.0.0 h1:aR+Utnh+Y4mMkS+2qLQwcQ/cF9mOTpdwnzlaw//rG24= github.com/google/go-github/v73 v73.0.0/go.mod h1:fa6w8+/V+edSU0muqdhCVY7Beh1M8F1IlQPZIANKIYw= github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= @@ -445,29 +441,29 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY= -github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 h1:EwtI+Al+DeppwYX2oXJCETMO23COyaKGP6fHVpkpWpg= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= -github.com/google/trillian v1.7.2 h1:EPBxc4YWY4Ak8tcuhyFleY+zYlbCDCa4Sn24e1Ka8Js= -github.com/google/trillian v1.7.2/go.mod h1:mfQJW4qRH6/ilABtPYNBerVJAJ/upxHLX81zxNQw05s= +github.com/google/trillian v1.7.3 h1:hziW+vo4czis48tzx2GK5xRBl/ZxBA9B0/UR5avXOro= +github.com/google/trillian v1.7.3/go.mod h1:qh8iy4x/GvnVXUBd5pK4oncuT1Y9vVYfibQVsR/WpKg= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.14 h1:yh8ncqsbUY4shRD5dA6RlzjJaT4hi3kII+zYw8wmLb8= -github.com/googleapis/enterprise-certificate-proxy v0.3.14/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg= -github.com/googleapis/gax-go/v2 v2.20.0 h1:NIKVuLhDlIV74muWlsMM4CcQZqN6JJ20Qcxd9YMuYcs= -github.com/googleapis/gax-go/v2 v2.20.0/go.mod h1:But/NJU6TnZsrLai/xBAQLLz+Hc7fHZJt/hsCz3Fih4= +github.com/googleapis/enterprise-certificate-proxy v0.3.17 h1:73NfMHdiqo9JFU9+7a5ExpVa10/R29pXfZIaW559nrg= +github.com/googleapis/enterprise-certificate-proxy v0.3.17/go.mod h1:rSEsBUemEBZEexP2y6jPp16LUmUbjmSbcPMQizR0o4k= +github.com/googleapis/gax-go/v2 v2.22.0 h1:PjIWBpgGIVKGoCXuiCoP64altEJCj3/Ei+kSU5vlZD4= +github.com/googleapis/gax-go/v2 v2.22.0/go.mod h1:irWBbALSr0Sk3qlqb9SyJ1h68WjgeFuiOzI4Rqw5+aY= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/graph-gophers/graphql-go v1.9.0 h1:yu0ucKHLc5qGpRwLYKIWtr9bOoxovkWasuBrPQwlHls= github.com/graph-gophers/graphql-go v1.9.0/go.mod h1:23olKZ7duEvHlF/2ELEoSZaY1aNPfShjP782SOoNTyM= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c= -github.com/hairyhenderson/go-which v0.2.2 h1:yMyAHo4InxHiTAboIeOji8nZ5EXwIp116a2uo/MFkFI= -github.com/hairyhenderson/go-which v0.2.2/go.mod h1:vBfncX6hXWQhY1Qte8qQNWuJNnsGPqFLjgmwEETyOAo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0 h1:5VipnvEpbqr2gA2VbM+nYVbkIF28c5ZQfqCBQ5g2xfk= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0/go.mod h1:Hyl3n6Twe1hvtd9XUXDec4pTvgMSEixRuQKPTMH2bNs= +github.com/hairyhenderson/go-which v0.2.3 h1:it1AhsE22R9vmHwPoarntRKAxLQh3DDjrmjvhdyPKsc= +github.com/hairyhenderson/go-which v0.2.3/go.mod h1:Y//UTU8Ka+DbmX+J84onw2hhzgqduvt97PCKQXOf/HQ= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= @@ -510,10 +506,10 @@ github.com/jackc/pgx/v5 v5.8.0 h1:TYPDoleBBme0xGSAX3/+NujXXtpZn9HBONkQC7IEZSo= github.com/jackc/pgx/v5 v5.8.0/go.mod h1:QVeDInX2m9VyzvNeiCJVjCkNFqzsNb43204HshNSZKw= github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= -github.com/jedisct1/go-minisign v0.0.0-20241212093149-d2f9f49435c7 h1:FWpSWRD8FbVkKQu8M1DM9jF5oXFLyE+XpisIYfdzbic= -github.com/jedisct1/go-minisign v0.0.0-20241212093149-d2f9f49435c7/go.mod h1:BMxO138bOokdgt4UaxZiEfypcSHX0t6SIFimVP1oRfk= -github.com/jellydator/ttlcache/v3 v3.4.0 h1:YS4P125qQS0tNhtL6aeYkheEaB/m8HCqdMMP4mnWdTY= -github.com/jellydator/ttlcache/v3 v3.4.0/go.mod h1:Hw9EgjymziQD3yGsQdf1FqFdpp7YjFMd4Srg5EJlgD4= +github.com/jedisct1/go-minisign v0.0.0-20260527172527-a09352b57a22 h1:C68TAi+k12EKJCAmsdaERzQ22ZxVE6n+CuB3kOkhQ7c= +github.com/jedisct1/go-minisign v0.0.0-20260527172527-a09352b57a22/go.mod h1:vYVVh81Lqe/TP0sPLjiNYcX9Hxy/YSfkUx96lYJeyKo= +github.com/jellydator/ttlcache/v3 v3.4.1 h1:bOdXmXiycyK6E6Qjyuj5vl+/vU3SCOoDs8a86NbHjAQ= +github.com/jellydator/ttlcache/v3 v3.4.1/go.mod h1:j7LO12PNghFg5+0v9budMAT4rDK4JY969jb9vOdOBBk= github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY= github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= @@ -522,8 +518,8 @@ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE= -github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= +github.com/klauspost/compress v1.18.7 h1:aUyZsS4kH3QTKurYhAOwAHxllVPnOthb3vPfnF1Ehjw= +github.com/klauspost/compress v1.18.7/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -540,8 +536,8 @@ github.com/lestrrat-go/dsig-secp256k1 v1.0.0 h1:JpDe4Aybfl0soBvoVwjqDbp+9S1Y2OM7 github.com/lestrrat-go/dsig-secp256k1 v1.0.0/go.mod h1:CxUgAhssb8FToqbL8NjSPoGQlnO4w3LG1P0qPWQm/NU= github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/httprc/v3 v3.0.5 h1:S+Mb4L2I+bM6JGTibLmxExhyTOqnXjqx+zi9MoXw/TM= -github.com/lestrrat-go/httprc/v3 v3.0.5/go.mod h1:mSMtkZW92Z98M5YoNNztbRGxbXHql7tSitCvaxvo9l0= +github.com/lestrrat-go/httprc/v3 v3.0.6 h1:4FpLQ18KK/ypPbVU3NLWJNRvH3kcYiqKqWfKGqNWxxI= +github.com/lestrrat-go/httprc/v3 v3.0.6/go.mod h1:mSMtkZW92Z98M5YoNNztbRGxbXHql7tSitCvaxvo9l0= github.com/lestrrat-go/jwx/v3 v3.0.13 h1:AdHKiPIYeCSnOJtvdpipPg/0SuFh9rdkN+HF3O0VdSk= github.com/lestrrat-go/jwx/v3 v3.0.13/go.mod h1:2m0PV1A9tM4b/jVLMx8rh6rBl7F6WGb3EG2hufN9OQU= github.com/lestrrat-go/option/v2 v2.0.0 h1:XxrcaJESE1fokHy3FpaQ/cXW8ZsIdWcdFzzLOcID3Ss= @@ -552,14 +548,14 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= -github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-runewidth v0.0.21 h1:jJKAZiQH+2mIinzCJIaIG9Be1+0NR+5sz/lYEEjdM8w= -github.com/mattn/go-runewidth v0.0.21/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= -github.com/maxbrunsfeld/counterfeiter/v6 v6.12.1 h1:D4O2wLxB384TS3ohBJMfolnxb4qGmoZ1PnWNtit8LYo= -github.com/maxbrunsfeld/counterfeiter/v6 v6.12.1/go.mod h1:RuJdxo0oI6dClIaMzdl3hewq3a065RH65dofJP03h8I= +github.com/mattn/go-colorable v0.1.15 h1:+u9SLTRGnXv73cEsnsmoZBom+dMU88B2M0aDcWy0/jY= +github.com/mattn/go-colorable v0.1.15/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4= +github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4= +github.com/mattn/go-runewidth v0.0.24 h1:cpokDiIn0MGnhdHwuWnJBITySJ20QyNGnY2kR/ay2DU= +github.com/mattn/go-runewidth v0.0.24/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= +github.com/maxbrunsfeld/counterfeiter/v6 v6.12.2 h1:V23nK2R2B63g2GhygF9zVGpnigmhvoZoH8d0hrZwMGY= +github.com/maxbrunsfeld/counterfeiter/v6 v6.12.2/go.mod h1:Mr897yU9FmyKaQDPtRlVKibrjz40XXyOHUfyZBPSyZU= github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI= github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -620,37 +616,37 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc= -github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= +github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag= +github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= -github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= -github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= -github.com/open-policy-agent/opa v1.15.1 h1:ZE4JaXsVUzDiHFSlOMBS3nJohR5BRGB/RNz6gTNugzE= -github.com/open-policy-agent/opa v1.15.1/go.mod h1:c6SN+7jSsUcKJLQc5P4yhwx8YYDRbjpAiGkBOTqxaa4= -github.com/opencontainers/cgroups v0.0.6 h1:tfZFWTIIGaUUFImTyuTg+Mr5x8XRiSdZESgEBW7UxuI= -github.com/opencontainers/cgroups v0.0.6/go.mod h1:oWVzJsKK0gG9SCRBfTpnn16WcGEqDI8PAcpMGbqWxcs= +github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA= +github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= +github.com/open-policy-agent/opa v1.15.2 h1:dS9q+0Yvruq/VNvWJc5qCvCchn715OWc3HLHXn/UCCc= +github.com/open-policy-agent/opa v1.15.2/go.mod h1:c6SN+7jSsUcKJLQc5P4yhwx8YYDRbjpAiGkBOTqxaa4= +github.com/opencontainers/cgroups v0.0.7 h1:FqhggFhigAMgKKwy39jweWX3h7Ha6VBF/qNR6Sso3oc= +github.com/opencontainers/cgroups v0.0.7/go.mod h1:hPBRvnBhLZueEN0eJyozMeM3HeFGYlZW9KnO//px6G4= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/opencontainers/runc v1.4.1 h1:eg1A930KKiZ3IShaYHPRiDi6uMrHMnd7OiElHBLgqfY= -github.com/opencontainers/runc v1.4.1/go.mod h1:ufk5PTTsy5pnGBAvTh50e+eqGk01pYH2YcVxh557Qlk= +github.com/opencontainers/runc v1.5.0 h1:6HPQ7DW9/wNaENamFHvOpTkGIYXMIb32Ne+wLiuzsZQ= +github.com/opencontainers/runc v1.5.0/go.mod h1:95e1csYzphSxDuOF+BhCxklMFV0eehUWZwYId+70EZE= github.com/opencontainers/runtime-spec v1.3.0 h1:YZupQUdctfhpZy3TM39nN9Ika5CBWT5diQ8ibYCRkxg= github.com/opencontainers/runtime-spec v1.3.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2 h1:2xZEHOdeQBV6PW8ZtimN863bIOl7OCW/X10K0cnxKeA= -github.com/opencontainers/runtime-tools v0.9.1-0.20250523060157-0ea5ed0382a2/go.mod h1:MXdPzqAA8pHC58USHqNCSjyLnRQ6D+NjbpP+02Z1U/0= -github.com/opencontainers/selinux v1.13.0 h1:Zza88GWezyT7RLql12URvoxsbLfjFx988+LGaWfbL84= -github.com/opencontainers/selinux v1.13.0/go.mod h1:XxWTed+A/s5NNq4GmYScVy+9jzXhGBVEOAyucdRUY8s= -github.com/openshift/api v0.0.0-20260330162214-96f1f5ac7ff2 h1:q89bR1UvKEH9kNh9me1oqLYszKuhaeghorpkO3+DNwY= -github.com/openshift/api v0.0.0-20260330162214-96f1f5ac7ff2/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo= +github.com/opencontainers/runtime-tools v0.9.1-0.20260316125833-8a4db579f5c8 h1:2NAWFjN0PmdIe3XojVL9wf3lJ1//VqAgc7MOSYHQslE= +github.com/opencontainers/runtime-tools v0.9.1-0.20260316125833-8a4db579f5c8/go.mod h1:DKDEfzxvRkoQ6n9TGhxQgg2IM1lY4aM0eaQP4e3oElw= +github.com/opencontainers/selinux v1.15.1 h1:ERxeh5caJvCzNAKdI8WQbJmB1LDTn4BuaAg8wihLBpA= +github.com/opencontainers/selinux v1.15.1/go.mod h1:LenyElirjUHszfxrjuFqC85HIeXZKumHcKMQtnaDlQQ= +github.com/openshift/api v0.0.0-20260629123346-784126000268 h1:s2Z/n/ihnmPddz89PnLMkcOgjoe28VlkuDOMUu7y3uI= +github.com/openshift/api v0.0.0-20260629123346-784126000268/go.mod h1:Jm45pE7O6/G0tYYhiLzNyZykTjmf9BfhsKYuGfLLwTE= github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o= github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml/v2 v2.3.0 h1:k59bC/lIZREW0/iVaQR8nDHxVq8OVlIzYCOJf421CaM= -github.com/pelletier/go-toml/v2 v2.3.0/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= +github.com/pelletier/go-toml/v2 v2.3.1 h1:MYEvvGnQjeNkRF1qUuGolNtNExTDwct51yp7olPtrEc= +github.com/pelletier/go-toml/v2 v2.3.1/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= github.com/pjbgf/go-apparmor v0.1.3-0.20241107184909-1375e5e7aa89 h1:wBXahBOWK72QV3tnaMNtbAGnOAH0a/n0lpgxruYirWs= github.com/pjbgf/go-apparmor v0.1.3-0.20241107184909-1375e5e7aa89/go.mod h1:AXUw6FFDoh4deKxcQ883jqJMnEnA/b1oU5nU29i2lPA= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= @@ -661,8 +657,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.90.1 h1:URbjn501/IBFTzPtGXrYDXHi+ZcbP2W60o6JeTrY3vQ= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.90.1/go.mod h1:Gfzi4500QCMnptFIQc8YdDi8YZ4QA0vs22LROWZ3+YU= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.91.0 h1:m2SZ2z5edgk0nXx7W6VHLfIsKZwgKbr+E5c2RNYyJB8= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.91.0/go.mod h1:Gfzi4500QCMnptFIQc8YdDi8YZ4QA0vs22LROWZ3+YU= github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -672,8 +668,8 @@ github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTU github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw= github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc= github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo= -github.com/protocolbuffers/txtpbfmt v0.0.0-20260217160748-a481f6a22f94 h1:2PC6Ql3jipz1KvBlqUHjjk6v4aMwE86mfDu1XMH0LR8= -github.com/protocolbuffers/txtpbfmt v0.0.0-20260217160748-a481f6a22f94/go.mod h1:JSbkp0BviKovYYt9XunS95M3mLPibE9bGg+Y95DsEEY= +github.com/protocolbuffers/txtpbfmt v0.0.0-20260420112717-c39628bde8b5 h1:Mckui8l+Wqz2Ve7XQvsE8SbHNmDWu8NA7Xce5NFJ/kM= +github.com/protocolbuffers/txtpbfmt v0.0.0-20260420112717-c39628bde8b5/go.mod h1:JSbkp0BviKovYYt9XunS95M3mLPibE9bGg+Y95DsEEY= github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 h1:bsUq1dX0N8AOIL7EB/X911+m4EHsnWEHeJ0c+3TTBrg= github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= @@ -692,38 +688,38 @@ github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/seccomp/libseccomp-golang v0.11.1 h1:wuk4ZjSx6kyQII4rj6G6fvVzRHQaSiPvccJazDagu4g= github.com/seccomp/libseccomp-golang v0.11.1/go.mod h1:5m1Lk8E9OwgZTTVz4bBOer7JuazaBa+xTkM895tDiWc= -github.com/secure-systems-lab/go-securesystemslib v0.10.0 h1:l+H5ErcW0PAehBNrBxoGv1jjNpGYdZ9RcheFkB2WI14= -github.com/secure-systems-lab/go-securesystemslib v0.10.0/go.mod h1:MRKONWmRoFzPNQ9USRF9i1mc7MvAVvF1LlW8X5VWDvk= +github.com/secure-systems-lab/go-securesystemslib v0.11.0 h1:iuCR9kcMFD4QurdKrGvPLoKZLv9YvwPYVr0473BdtFs= +github.com/secure-systems-lab/go-securesystemslib v0.11.0/go.mod h1:+PMOTjUGwHj2vcZ+TFKlb1tXRbrdWE1LYDT5i9JC80Q= github.com/segmentio/asm v1.2.1 h1:DTNbBqs57ioxAD4PrArqftgypG4/qNpXoJx8TVXxPR0= github.com/segmentio/asm v1.2.1/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI= github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE= -github.com/sigstore/cosign/v2 v2.6.2 h1:mi6EAUJoPZ+yuyooU7m06a1DZWJouwYgh9a67L9tm2M= -github.com/sigstore/cosign/v2 v2.6.2/go.mod h1:g+P/LgYyJkC85WGGDho7yySl3C6xTJzzpLm21ZV+E6s= -github.com/sigstore/fulcio v1.8.5 h1:HYTD1/L5wlBp8JxsWxUf8hmfaNBBF/x3r3p5l6tZwbA= -github.com/sigstore/fulcio v1.8.5/go.mod h1:tSLYK3JsKvJpDW1BsIsVHZgHj+f8TjXARzqIUWSsSPQ= -github.com/sigstore/protobuf-specs v0.5.0 h1:F8YTI65xOHw70NrvPwJ5PhAzsvTnuJMGLkA4FIkofAY= -github.com/sigstore/protobuf-specs v0.5.0/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= -github.com/sigstore/rekor v1.5.1 h1:Ca1egHRWRuDvXV4tZu9aXEXc3Gej9FG+HKeapV9OAMQ= -github.com/sigstore/rekor v1.5.1/go.mod h1:gTLDuZuo3SyQCuZvKqwRPA79Qo/2rw39/WtLP/rZjUQ= +github.com/sigstore/cosign/v2 v2.6.3 h1:1W+rZWz0zkTfqmTmYBOQS/Jt97NKz1OCzxTV2YAp1+s= +github.com/sigstore/cosign/v2 v2.6.3/go.mod h1:g+P/LgYyJkC85WGGDho7yySl3C6xTJzzpLm21ZV+E6s= +github.com/sigstore/fulcio v1.8.7 h1:d7QJQxukgXarqPCT9uDNeyzt1Bbt/biw58/VfOnwI/o= +github.com/sigstore/fulcio v1.8.7/go.mod h1:7fX+QyigZxRGKTgHvTfOfxwwniCDxK02PVloHy5/vg4= +github.com/sigstore/protobuf-specs v0.5.1 h1:/5OPaNuolRJmQfeZLayJGFXMpsRJEdgC6ah1/+7Px7U= +github.com/sigstore/protobuf-specs v0.5.1/go.mod h1:DRBzpFuE+LnvQMN10/dU6nBeKwVLGEQ6o2FovN2Rats= +github.com/sigstore/rekor v1.5.2 h1:k6pX4o1zFAzAvDbXiVIp5IHj1b0wcDaxsbsbNpuRO8o= +github.com/sigstore/rekor v1.5.2/go.mod h1:WkMnITBccOFauPkT6yte74tF5gC83pefKRGZvNOsbjI= github.com/sigstore/rekor-tiles/v2 v2.2.1 h1:UmV1CBQ3SjxxPGpFmwDoOhoIwiKpM2Qm1pU5tPGmvNk= github.com/sigstore/rekor-tiles/v2 v2.2.1/go.mod h1:z8n6l6oidpaLjjE6rJERuQqY9X38ulnHZCXyL+DEL7U= -github.com/sigstore/sigstore v1.10.5 h1:KqrOjDhNOVY+uOzQFat2FrGLClPPCb3uz8pK3wuI+ow= -github.com/sigstore/sigstore v1.10.5/go.mod h1:k/mcVVXw3I87dYG/iCVTSW2xTrW7vPzxxGic4KqsqXs= +github.com/sigstore/sigstore v1.10.8 h1:1Mgkxvkw4AXMfIP1DOjc6kw0GkUgA8pGVpveN/EfOq4= +github.com/sigstore/sigstore v1.10.8/go.mod h1:f9+B/4iaYimvUkySyb2mvc73n3RLqNn24grHZM/ET8M= github.com/sigstore/sigstore-go v1.1.4 h1:wTTsgCHOfqiEzVyBYA6mDczGtBkN7cM8mPpjJj5QvMg= github.com/sigstore/sigstore-go v1.1.4/go.mod h1:2U/mQOT9cjjxrtIUeKDVhL+sHBKsnWddn8URlswdBsg= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.4 h1:VZ+L6SKVWbLPHznIF0tBuO7qKMFdJiJMVwFKu9DlY5o= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.4/go.mod h1:Rstj47WpJym25il8j4jTL0BfikzP/9AhVD+DsBcYzZc= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.4 h1:G7yOv8bxk3zIEEZyVCixPxtePIAm+t3ZWSaKRPzVw+o= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.4/go.mod h1:hxJelB/bRItMYOzi6qD9xEKjse2QZcikh4TbysfdDHc= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.10.4 h1:Qxt6dE4IwhJ6gIXmg2q4S/SeqEDSZ29nmfsv7Zb6LL4= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.10.4/go.mod h1:hJVeNOwarqfyALjOwsf0OR8YA/A96NABucEaQumPr30= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.10.4 h1:KVavYMPfSf5NryOl6VrZ9nRG3fXOOJOPp7Czk/YCPkM= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.10.4/go.mod h1:J7CA1AaBkyK8dYq6EdQANhj+8oEcsA7PrIp088qgPiY= -github.com/sigstore/timestamp-authority/v2 v2.0.5 h1:WT17MU4bNRvjRLlTvTO5gmrSIWJVbzwrNXgwsjB+53U= -github.com/sigstore/timestamp-authority/v2 v2.0.5/go.mod h1:oV+Yy0GsfgNAeDZcv/WJjQE42wFtMTtuD85bPLAQk5M= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.6 h1:5OgLJUqWaw6+I0BM4W1eUEzCWzZT/hu1lXkw0oGyays= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.6/go.mod h1:h9eK9QyPqpFskF/ewFkRLtwh4/Q3FLc2/DXbym4IHN8= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.6 h1:U0OBU3vyU4wFPdQG65UelVmYKGEoP511JUBKwLdLOUc= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.6/go.mod h1:myZsg7wRiy/vf102g5uUAitYhtXCwepmAGxgHG1VHuE= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.10.6 h1:C4rrjnIWR7i9GoIpI2x9irNkUqVqAst2f3xIGMugDP8= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.10.6/go.mod h1:ejMD/17lMJ4HykQRPdj5NNr+OQYIEZto8HjDKghVMOA= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.10.6 h1:otSDRygk1TdzEiUBFyaGygT+qdwSnM9RT1i6BQMHmEY= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.10.6/go.mod h1:Ee/enmyxi/RFLVlajbnjgH2wOWQwlJ0wY8qZrk43hEw= +github.com/sigstore/timestamp-authority/v2 v2.0.6 h1:1Vh7/SdmLsVLG6Br6/bisd1SnlicfDm0MJYiA+D7Ppw= +github.com/sigstore/timestamp-authority/v2 v2.0.6/go.mod h1:Nk5ucGBDyH0tXAIMZ0prf6xn8qfTnbJhSq+CDabYcfc= github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w= github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= @@ -768,10 +764,12 @@ github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gt github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= -github.com/theupdateframework/go-tuf/v2 v2.4.1 h1:K6ewW064rKZCPkRo1W/CTbTtm/+IB4+coG1iNURAGCw= -github.com/theupdateframework/go-tuf/v2 v2.4.1/go.mod h1:Nex2enPVYDFCklrnbTzl3OVwD7fgIAj0J5++z/rvCj8= +github.com/theupdateframework/go-tuf/v2 v2.4.2 h1:w7976/W8uTwlsegP5nRymlpjPgrwSh+AXUf85is6nJk= +github.com/theupdateframework/go-tuf/v2 v2.4.2/go.mod h1:JqBrIUnNLAaNq/8GmBcEMFWfAFBbqp/MkJEJseXKbks= github.com/tink-crypto/tink-go-awskms/v2 v2.1.0 h1:N9UxlsOzu5mttdjhxkDLbzwtEecuXmlxZVo/ds7JKJI= github.com/tink-crypto/tink-go-awskms/v2 v2.1.0/go.mod h1:PxSp9GlOkKL9rlybW804uspnHuO9nbD98V/fDX4uSis= +github.com/tink-crypto/tink-go-awskms/v3 v3.0.0 h1:XSohRhCkXAVI0iaCnWB/GS05TEmpnKurQmzaY1jzt3Y= +github.com/tink-crypto/tink-go-awskms/v3 v3.0.0/go.mod h1:+7MXsShLzVbSQ6dI0Pe4JuZM52jD1jQ1itAygd/MDsA= github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0 h1:3B9i6XBXNTRspfkTC0asN5W0K6GhOSgcujNiECNRNb0= github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0/go.mod h1:jY5YN2BqD/KSCHM9SqZPIpJNG/u3zwfLXHgws4x2IRw= github.com/tink-crypto/tink-go-hcvault/v2 v2.4.0 h1:j+S+WKBQ5ya26A5EM/uXoVe+a2IaPQN8KgBJZ22cJ+4= @@ -783,18 +781,16 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHT github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= -github.com/transparency-dev/formats v0.1.0 h1:oL0zUFuYUjg8AbtjPMnIRDmjbaHo5jCjEWU5yaNuz0g= -github.com/transparency-dev/formats v0.1.0/go.mod h1:d2FibUOHfCMdCe/+/rbKt1IPLBbPTDfwj46kt541/mU= +github.com/transparency-dev/formats v0.1.1 h1:4bVHJc+KdBgpA1OJD1yjI+g0i5Z1graCppTMH8lWKJI= +github.com/transparency-dev/formats v0.1.1/go.mod h1:qtZ8goRuJ8FTBG9c9+Bj0rn2rUG7eG/AUTkr+Aw3jFw= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU= github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4= github.com/valyala/fastjson v1.6.10 h1:/yjJg8jaVQdYR3arGxPE2X5z89xrlhS0eGXdv+ADTh4= github.com/valyala/fastjson v1.6.10/go.mod h1:e6FubmQouUNP73jtMLmcbxS6ydWIpOfhz34TSfO3JaE= -github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4= -github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= -github.com/vektah/gqlparser/v2 v2.5.32 h1:k9QPJd4sEDTL+qB4ncPLflqTJ3MmjB9SrVzJrawpFSc= -github.com/vektah/gqlparser/v2 v2.5.32/go.mod h1:c1I28gSOVNzlfc4WuDlqU7voQnsqI6OG2amkBAFmgts= +github.com/vektah/gqlparser/v2 v2.5.35 h1:LEr/wXnTKkOqNn+4tNClYclksXN2781VoBFzzFW51Dk= +github.com/vektah/gqlparser/v2 v2.5.35/go.mod h1:cAJ9qwVgPaUkWv6Gn8vn0mqOE0Ui5Pn56wNy5396XWo= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= @@ -805,6 +801,8 @@ github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 h1:FnBeRrxr7OU4VvAz github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= +github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= +github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ= github.com/ysmood/fetchup v0.2.3/go.mod h1:xhibcRKziSvol0H1/pj33dnKrYyI2ebIvz5cOOkYGns= github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ= @@ -825,36 +823,36 @@ gitlab.com/gitlab-org/api/client-go v1.46.0 h1:YxBWFZIFYKcGESCb9fpkwzouo+apyB9pr gitlab.com/gitlab-org/api/client-go v1.46.0/go.mod h1:FtgyU6g2HS5+fMhw6nLK96GBEEBx5MzntOiJWfIaiN8= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0 h1:yI1/OhfEPy7J9eoa6Sj051C7n5dvpj0QX8g4sRchg04= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.67.0/go.mod h1:NoUCKYWK+3ecatC4HjkRktREheMeEtrXoQxrqYFeHSc= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg= -go.opentelemetry.io/otel v1.42.0 h1:lSQGzTgVR3+sgJDAU/7/ZMjN9Z+vUip7leaqBKy4sho= -go.opentelemetry.io/otel v1.42.0/go.mod h1:lJNsdRMxCUIWuMlVJWzecSMuNjE7dOYyWlqOXWkdqCc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0 h1:THuZiwpQZuHPul65w4WcwEnkX2QIuMT+UFoOrygtoJw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0/go.mod h1:J2pvYM5NGHofZ2/Ru6zw/TNWnEQp5crgyDeSrYpXkAw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.42.0 h1:zWWrB1U6nqhS/k6zYB74CjRpuiitRtLLi68VcgmOEto= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.42.0/go.mod h1:2qXPNBX1OVRC0IwOnfo1ljoid+RD0QK3443EaqVlsOU= -go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUlaFdF/4= -go.opentelemetry.io/otel/metric v1.42.0/go.mod h1:RlUN/7vTU7Ao/diDkEpQpnz3/92J9ko05BIwxYa2SSI= -go.opentelemetry.io/otel/sdk v1.42.0 h1:LyC8+jqk6UJwdrI/8VydAq/hvkFKNHZVIWuslJXYsDo= -go.opentelemetry.io/otel/sdk v1.42.0/go.mod h1:rGHCAxd9DAph0joO4W6OPwxjNTYWghRWmkHuGbayMts= -go.opentelemetry.io/otel/sdk/metric v1.42.0 h1:D/1QR46Clz6ajyZ3G8SgNlTJKBdGp84q9RKCAZ3YGuA= -go.opentelemetry.io/otel/sdk/metric v1.42.0/go.mod h1:Ua6AAlDKdZ7tdvaQKfSmnFTdHx37+J4ba8MwVCYM5hc= -go.opentelemetry.io/otel/trace v1.42.0 h1:OUCgIPt+mzOnaUTpOQcBiM/PLQ/Op7oq6g4LenLmOYY= -go.opentelemetry.io/otel/trace v1.42.0/go.mod h1:f3K9S+IFqnumBkKhRJMeaZeNk9epyhnCmQh/EysQCdc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.68.0 h1:0Qx7VGBacMm9ZENQ7TnNObTYI4ShC+lHI16seduaxZo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.68.0/go.mod h1:Sje3i3MjSPKTSPvVWCaL8ugBzJwik3u4smCjUeuupqg= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 h1:CqXxU8VOmDefoh0+ztfGaymYbhdB/tT3zs79QaZTNGY= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0/go.mod h1:BuhAPThV8PBHBvg8ZzZ/Ok3idOdhWIodywz2xEcRbJo= +go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= +go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bTWkw0ICGcOLCAI5l6zsD1j20k= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 h1:RAE+JPfvEmvy+0LzyUA25/SGawPwIUbZ6u0Wug54sLc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0/go.mod h1:AGmbycVGEsRx9mXMZ75CsOyhSP6MFIcj/6dnG+vhVjk= +go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= +go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= +go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= +go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= +go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= +go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= +go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= -go.podman.io/common v0.67.0 h1:6Ci5oU1ek08OAxBLkHEqSyWmjNh5zf03PRqZ04cPdwU= -go.podman.io/common v0.67.0/go.mod h1:sB9L8LMtmf5Hpek2qkEyRrcSzpb+gYpG3vq5Khima3U= -go.step.sm/crypto v0.76.2 h1:JJ/yMcs/rmcCAwlo+afrHjq74XBFRTJw5B2y4Q4Z4c4= -go.step.sm/crypto v0.76.2/go.mod h1:m6KlB/HzIuGFep0UWI5e0SYi38UxpoKeCg6qUaHV6/Q= +go.podman.io/common v0.68.0 h1:6V8nZS33vLTPC047RfSGxARgS/Ui6CQtgdZXLo18qAc= +go.podman.io/common v0.68.0/go.mod h1:zVzufHkRpLueF6NW6N+fAs1C2METdzYcfD9zuw+oJKA= +go.step.sm/crypto v0.81.0 h1:e+ouzpNt3Xm4dp7HGXhgYB5y4iFik3vh3phHKWmvugU= +go.step.sm/crypto v0.81.0/go.mod h1:fsTizqQeASjTXnbv9O00XtRlIuXRkCdoRiJNyXGQujc= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= -go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.uber.org/zap v1.28.0 h1:IZzaP1Fv73/T/pBMLk4VutPl36uNC+OSUh3JLG3FIjo= +go.uber.org/zap v1.28.0/go.mod h1:rDLpOi171uODNm/mxFcuYWxDsqWSAVkFdX4XojSKg/Q= go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= @@ -873,11 +871,11 @@ golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1m golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= +golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto= +golang.org/x/crypto v0.53.0/go.mod h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 h1:jiDhWWeC7jfWqR9c/uplMOqJ0sbNlNWv0UkzE0vX1MA= -golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90/go.mod h1:xE1HEv6b+1SCZ5/uscMRjUBKtIxworgEcEi+/n9NQDQ= +golang.org/x/exp v0.0.0-20260611194520-c48552f49976 h1:X8Hz2ImujgbmetVuW+w2YkyZChE3cBpZi2P158rTG9M= +golang.org/x/exp v0.0.0-20260611194520-c48552f49976/go.mod h1:vnf4pv9iKZXY58sQE1L86zmNWJ4159e1RkcWiLCkeEY= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -888,8 +886,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= -golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= +golang.org/x/mod v0.37.0 h1:vF1DjpVEshcIqoEaauuHebaLk1O1forxjxBaVn884JQ= +golang.org/x/mod v0.37.0/go.mod h1:m8S8VeM9r4dzDwjrKO0a1sZP3YjeMamRRlD+fmR2Q/0= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -915,8 +913,8 @@ golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/net v0.56.0 h1:Rw8j/hFzGvJUZwNBXnAtf5sVDVt+65SK2C7IxCxZt5o= +golang.org/x/net v0.56.0/go.mod h1:D3Ku6r+V6JROoZK144D2XfMHFcMq/0zSfLelVTCFKec= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= @@ -931,8 +929,8 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= -golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= +golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM= +golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -956,7 +954,6 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= @@ -964,8 +961,8 @@ golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw= +golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -977,8 +974,8 @@ golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= +golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc= +golang.org/x/term v0.44.0/go.mod h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -990,8 +987,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE= +golang.org/x/text v0.38.0/go.mod h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4= golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1007,8 +1004,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= -golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= +golang.org/x/tools v0.46.0 h1:7jTurBkPZu4moS/Uy4OQT1M+QBlsj3wejyZwsT8Z7rk= +golang.org/x/tools v0.46.0/go.mod h1:FrD85F8l+NWL+9XWBSyVSHO6Ne4jutsfIFba7AWQ5Ys= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= @@ -1020,28 +1017,28 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= -gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/api v0.273.0 h1:r/Bcv36Xa/te1ugaN1kdJ5LoA5Wj/cL+a4gj6FiPBjQ= -google.golang.org/api v0.273.0/go.mod h1:JbAt7mF+XVmWu6xNP8/+CTiGH30ofmCmk9nM8d8fHew= +gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= +gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= +google.golang.org/api v0.280.0 h1:F4OfEHZhZh6a7uTufJAXXVd/2TQ8EjM4vZH+jX/vFYk= +google.golang.org/api v0.280.0/go.mod h1:oGKmPZRDoD3vdkf6MA7F4VNkR1rxCiuaPSkhsf3EolU= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7 h1:XzmzkmB14QhVhgnawEVsOn6OFsnpyxNPRY9QV01dNB0= -google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7/go.mod h1:L43LFes82YgSonw6iTXTxXUX1OlULt4AQtkik4ULL/I= -google.golang.org/genproto/googleapis/api v0.0.0-20260330182312-d5a96adf58d8 h1:udju5p8o61FW6K2fxHWPIZhChk4FHl2Hjk8+uuLNnpM= -google.golang.org/genproto/googleapis/api v0.0.0-20260330182312-d5a96adf58d8/go.mod h1:EIQZ5bFCfRQDV4MhRle7+OgjNtZ6P1PiZBgAKuxXu/Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260330182312-d5a96adf58d8 h1:OHkuo1i98/05rzpm9NBbfEtpJH/k3abEgZUKaAuCI7Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260330182312-d5a96adf58d8/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= +google.golang.org/genproto v0.0.0-20260406210006-6f92a3bedf2d h1:N1Ec54vZnIPd7MnxRiYLW+oY4fDR4BOS/LrssdD9+ek= +google.golang.org/genproto v0.0.0-20260406210006-6f92a3bedf2d/go.mod h1:c2hJ1grtnH0xUiEKGDGkjGNTJ1Hy2LrblyKOHF0sqRM= +google.golang.org/genproto/googleapis/api v0.0.0-20260622175928-b703f567277d h1:xr2lwHI91bn3UiXcnyzRMQjp2LRiM8wEHzwUaE0YhTs= +google.golang.org/genproto/googleapis/api v0.0.0-20260622175928-b703f567277d/go.mod h1:O0ZOWSrfWfJ+Z5HbwZ+wNtHsg/vk1k2C/w67eww8PfQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260622175928-b703f567277d h1:mpAgMyM9vQHxycBlDq50y1VHpfSfVwzXvrQKtYbXuUY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260622175928-b703f567277d/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= -google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.1 h1:/WILD1UcXj/ujCxgoL/DvRgt2CP3txG8+FwkUbb9110= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.1/go.mod h1:YNKnb2OAApgYn2oYY47Rn7alMr1zWjb2U8Q0aoGWiNc= +google.golang.org/grpc v1.82.0 h1:vguDnZUPjE26w09A63VoxZPnvPjB5Riyc0mkXPFmAIU= +google.golang.org/grpc v1.82.0/go.mod h1:yzTZ1TB1Z3SG+LIYaI+WiE8D5+PZ3ArnrSp8zF3+/ZA= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.2 h1:rgSNvqscFZ1JgV/4wH5GOsZFSFkR2Eua9As3KIr2LlM= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.6.2/go.mod h1:iMEtFwDlAhjDU9L5mY6U1XLwlIId/G3h+QcBHDIvrJ8= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1063,8 +1060,8 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.67.1 h1:tVBILHy0R6e4wkYOn3XmiITt/hEVH4TFMYvAX2Ytz6k= -gopkg.in/ini.v1 v1.67.1/go.mod h1:x/cyOwCgZqOkJoDIJ3c1KNHMo10+nLGAhh+kn3Zizss= +gopkg.in/ini.v1 v1.67.3 h1:iM9Lhz5MRSGhHVGGwCuzG9KO8PoirCXj/m/qTmOJJQw= +gopkg.in/ini.v1 v1.67.3/go.mod h1:x/cyOwCgZqOkJoDIJ3c1KNHMo10+nLGAhh+kn3Zizss= gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= @@ -1082,36 +1079,36 @@ gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ= -k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4= -k8s.io/apiextensions-apiserver v0.35.3 h1:2fQUhEO7P17sijylbdwt0nBdXP0TvHrHj0KeqHD8FiU= -k8s.io/apiextensions-apiserver v0.35.3/go.mod h1:tK4Kz58ykRpwAEkXUb634HD1ZAegEElktz/B3jgETd8= -k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8= -k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= -k8s.io/apiserver v0.35.3 h1:D2eIcfJ05hEAEewoSDg+05e0aSRwx8Y4Agvd/wiomUI= -k8s.io/apiserver v0.35.3/go.mod h1:JI0n9bHYzSgIxgIrfe21dbduJ9NHzKJ6RchcsmIKWKY= -k8s.io/cli-runtime v0.35.3 h1:UZq4ipNimtzBmhN7PPKbfAdqo8quK0H0UdGl6qAQnqI= -k8s.io/cli-runtime v0.35.3/go.mod h1:O7MUmCqcKSd5xI+O5X7/pRkB5l0O2NIhOdUVwbHLXu4= -k8s.io/client-go v0.35.3 h1:s1lZbpN4uI6IxeTM2cpdtrwHcSOBML1ODNTCCfsP1pg= -k8s.io/client-go v0.35.3/go.mod h1:RzoXkc0mzpWIDvBrRnD+VlfXP+lRzqQjCmKtiwZ8Q9c= -k8s.io/code-generator v0.35.3 h1:NDGCLkEm6Ho65wTdSe2EgErmmtsrezOPwwOchlNc6FQ= -k8s.io/code-generator v0.35.3/go.mod h1:LAVriRGXQusHQ0Ns64SE1ublSswm1KrK7cXn0GuQETg= -k8s.io/component-base v0.35.3 h1:mbKbzoIMy7JDWS/wqZobYW1JDVRn/RKRaoMQHP9c4P0= -k8s.io/component-base v0.35.3/go.mod h1:IZ8LEG30kPN4Et5NeC7vjNv5aU73ku5MS15iZyvyMYk= +k8s.io/api v0.35.6 h1:phPzP79F3kcONsD2TzmDiITNCV6/1Z5U3CCEcjtsXzI= +k8s.io/api v0.35.6/go.mod h1:GWKUaIp24fuDFigAgnhr9EJOKDqspnwPjYlpDca5B4U= +k8s.io/apiextensions-apiserver v0.35.6 h1:fyzp3i+PAbB/jSNau9LF0rMuUTUUyybR02BpYhT1YKI= +k8s.io/apiextensions-apiserver v0.35.6/go.mod h1:kkCbFS495cT53wOqNwWnQei759bkvgn6OqE0R8b3DEA= +k8s.io/apimachinery v0.35.6 h1:ASSpfmmsOArKb2Hsu8gGlIcbIcEMVTboI3FfsfYuQ8k= +k8s.io/apimachinery v0.35.6/go.mod h1:NNi1taPOpep0jOj+oRha3mBJPqvi0hGdaV8TCqGQ+cc= +k8s.io/apiserver v0.35.6 h1:VWYg2S0wlAmN3URFpVeuLa4PP2RCpTFg1nvlUHOy2C8= +k8s.io/apiserver v0.35.6/go.mod h1:wajGSrXO9w+lx69jYq4SaE4Xxw5KxxwvVD1zbttYA2E= +k8s.io/cli-runtime v0.35.6 h1:sYNSTyoskZTS+qgk5oI/XFTn1c68wjezLYOlxp5I+5A= +k8s.io/cli-runtime v0.35.6/go.mod h1:kQRd/92HPWwjoZaz0RsNRMeRT0snbqmKP67i5+TKI44= +k8s.io/client-go v0.35.6 h1:qZQv9a5B4YlIpXhFBwsI9qPOOJC6Z8lk9lkEWmrmus8= +k8s.io/client-go v0.35.6/go.mod h1:LOO6N1EhxdQAzYIZ/73cJVyb3gixrMY6ZDJcJ/ANfsY= +k8s.io/code-generator v0.35.6 h1:QXxmfS8diVF5jeEIdO9MUSyMsD3OnXfypj9zw4wfJic= +k8s.io/code-generator v0.35.6/go.mod h1:QCFzJL445DiaE6t1wnHpvfctz1EeaNP0Ms3XpsqoqFw= +k8s.io/component-base v0.35.6 h1:dTkck9uefkIrKn7wRCEYiDWNUvHd8UdwZCcVafmHgL4= +k8s.io/component-base v0.35.6/go.mod h1:qcNKrspACsqR+vgUJXkWzwtgUGkURcnrus41o92jjpk= k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b h1:gMplByicHV/TJBizHd9aVEsTYoJBnnUAT5MHlTkbjhQ= k8s.io/gengo/v2 v2.0.0-20250922181213-ec3ebc5fd46b/go.mod h1:CgujABENc3KuTrcsdpGmrrASjtQsWCT7R99mEV4U/fM= k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc= k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0= -k8s.io/kube-openapi v0.0.0-20260330154417-16be699c7b31 h1:V+sn9a/1fEYDGwnllCmqXBk8x7obZ+hl869Q3Abumkg= -k8s.io/kube-openapi v0.0.0-20260330154417-16be699c7b31/go.mod h1:uGBT7iTA6c6MvqUvSXIaYZo9ukscABYi2btjhvgKGZ0= -k8s.io/utils v0.0.0-20260319190234-28399d86e0b5 h1:kBawHLSnx/mYHmRnNUf9d4CpjREbeZuxoSGOX/J+aYM= -k8s.io/utils v0.0.0-20260319190234-28399d86e0b5/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= -kernel.org/pub/linux/libs/security/libcap/cap v1.2.76 h1:mrdLPj8ujM6eIKGtd1PkkuCIodpFFDM42Cfm0YODkIM= -kernel.org/pub/linux/libs/security/libcap/cap v1.2.76/go.mod h1:7V2BQeHnVAQwhCnCPJ977giCeGDiywVewWF+8vkpPlc= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.76 h1:3DyzQ30OHt3wiOZVL1se2g1PAPJIU7+tMUyvfMUj1dY= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.76/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24= -oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= -oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= +k8s.io/kube-openapi v0.0.0-20260624041617-8f3fa4921821 h1:m2wZhD5+vJZyCVkTvUHIfaiXc/mdt3Pxyx3vUnGsKzU= +k8s.io/kube-openapi v0.0.0-20260624041617-8f3fa4921821/go.mod h1:V/QaCUYDa+0QpcHhVVc5l99Uz56wEMEXBSj9oCDkNDY= +k8s.io/utils v0.0.0-20260626114624-be93311217bd h1:Ea7fgQ5we8Y9T0OX5o0dAHzQOBRI07D/dEYRaB9ZZEs= +k8s.io/utils v0.0.0-20260626114624-be93311217bd/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= +kernel.org/pub/linux/libs/security/libcap/cap v1.2.78 h1:jgqg4gyu2BaYW9L6uzEtGLf8GNREwk/z4UFdwt5F3pE= +kernel.org/pub/linux/libs/security/libcap/cap v1.2.78/go.mod h1:VjuVda6m2qGkpCVfrFkpTGyvkdlZ2N5/yfo89tujlg8= +kernel.org/pub/linux/libs/security/libcap/psx v1.2.78 h1:PC3yNs51cX5LZ7U57a7xielBcoXB3xnV+rXD8V0H0DQ= +kernel.org/pub/linux/libs/security/libcap/psx v1.2.78/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24= +oras.land/oras-go/v2 v2.6.1 h1:bonOEkjLfp8tt6qXWRRWP6p1F+9octchOf2EqnWB4Zs= +oras.land/oras-go/v2 v2.6.1/go.mod h1:dhtFrFOuZuDtAVeZ9FUnaa5zfzplG3ZnFX9/uH1J/Yk= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2Fol2CS0QHMNs/WI1MOSGzCm1KhM5ec= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80= @@ -1124,8 +1121,8 @@ sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5E sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/release-utils v0.12.3 h1:iNVJY81QfmMCmXxMg8IvvkkeQNk6ZWlLj+iPKSlKyVQ= -sigs.k8s.io/release-utils v0.12.3/go.mod h1:BvbNmm1BmM3cnEpBmNHWL3wOSziOdGlsYR8vCFq/Q0o= +sigs.k8s.io/release-utils v0.12.4 h1:kuG6WTWGCKx5uUrJwl2uFErOKOw+4Ba8WrPmOQh5J3g= +sigs.k8s.io/release-utils v0.12.4/go.mod h1:Tc3iM9DVM3W9oJu/6rEI+LnREuhy8lZ7wInQhRBtUoo= sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= diff --git a/vendor/buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate/validate.pb.go b/vendor/buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate/validate.pb.go index 27ad09c39d..79968111ae 100644 --- a/vendor/buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate/validate.pb.go +++ b/vendor/buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate/validate.pb.go @@ -41,7 +41,7 @@ // // These rules are enforced at runtime by language-specific libraries. // See the [developer quickstart](https://protovalidate.com/quickstart/) to get started, or go directly to the runtime library for your language: -// [Go](https://github.com/bufbuild/protovalidate-go) +// [Go](https://github.com/bufbuild/protovalidate-go), // [JavaScript/TypeScript](https://github.com/bufbuild/protovalidate-es), // [Java](https://github.com/bufbuild/protovalidate-java), // [Python](https://github.com/bufbuild/protovalidate-python), @@ -435,7 +435,7 @@ type MessageRules struct { // // The field `foo` must be greater than 42. // option (buf.validate.message).cel = { // id: "my_message.value", - // message: "value must be greater than 42", + // message: "must be greater than 42", // expression: "this.foo > 42", // }; // optional int32 foo = 1; @@ -576,7 +576,7 @@ type MessageRules_builder struct { // // The field `foo` must be greater than 42. // option (buf.validate.message).cel = { // id: "my_message.value", - // message: "value must be greater than 42", + // message: "must be greater than 42", // expression: "this.foo > 42", // }; // optional int32 foo = 1; @@ -861,7 +861,7 @@ type FieldRules struct { // // The field `value` must be greater than 42. // optional int32 value = 1 [(buf.validate.field).cel = { // id: "my_message.value", - // message: "value must be greater than 42", + // message: "must be greater than 42", // expression: "this > 42", // }]; // } @@ -1876,7 +1876,7 @@ type FieldRules_builder struct { // // The field `value` must be greater than 42. // optional int32 value = 1 [(buf.validate.field).cel = { // id: "my_message.value", - // message: "value must be greater than 42", + // message: "must be greater than 42", // expression: "this > 42", // }]; // } @@ -2226,7 +2226,7 @@ type PredefinedRules struct { // // The field `value` must be greater than 42. // optional int32 value = 1 [(buf.validate.predefined).cel = { // id: "my_message.value", - // message: "value must be greater than 42", + // message: "must be greater than 42", // expression: "this > 42", // }]; // } @@ -2286,7 +2286,7 @@ type PredefinedRules_builder struct { // // The field `value` must be greater than 42. // optional int32 value = 1 [(buf.validate.predefined).cel = { // id: "my_message.value", - // message: "value must be greater than 42", + // message: "must be greater than 42", // expression: "this > 42", // }]; // } @@ -2336,13 +2336,13 @@ type FloatRules struct { // ```proto // // message MyFloat { - // // value must be in list [1.0, 2.0, 3.0] + // // must be in list [1.0, 2.0, 3.0] // float value = 1 [(buf.validate.field).float = { in: [1.0, 2.0, 3.0] }]; // } // // ``` In []float32 `protobuf:"fixed32,6,rep,name=in" json:"in,omitempty"` - // `in` requires the field value to not be equal to any of the specified + // `not_in` requires the field value to not be equal to any of the specified // values. If the field value is one of the specified values, an error // message is generated. // @@ -2683,7 +2683,7 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be less than 10.0 + // // must be less than 10.0 // float value = 1 [(buf.validate.field).float.lt = 10.0]; // } // @@ -2696,7 +2696,7 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be less than or equal to 10.0 + // // must be less than or equal to 10.0 // float value = 1 [(buf.validate.field).float.lte = 10.0]; // } // @@ -2713,13 +2713,13 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be greater than 5.0 [float.gt] + // // must be greater than 5.0 [float.gt] // float value = 1 [(buf.validate.field).float.gt = 5.0]; // - // // value must be greater than 5 and less than 10.0 [float.gt_lt] + // // must be greater than 5 and less than 10.0 [float.gt_lt] // float other_value = 2 [(buf.validate.field).float = { gt: 5.0, lt: 10.0 }]; // - // // value must be greater than 10 or less than 5.0 [float.gt_lt_exclusive] + // // must be greater than 10 or less than 5.0 [float.gt_lt_exclusive] // float another_value = 3 [(buf.validate.field).float = { gt: 10.0, lt: 5.0 }]; // } // @@ -2734,13 +2734,13 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be greater than or equal to 5.0 [float.gte] + // // must be greater than or equal to 5.0 [float.gte] // float value = 1 [(buf.validate.field).float.gte = 5.0]; // - // // value must be greater than or equal to 5.0 and less than 10.0 [float.gte_lt] + // // must be greater than or equal to 5.0 and less than 10.0 [float.gte_lt] // float other_value = 2 [(buf.validate.field).float = { gte: 5.0, lt: 10.0 }]; // - // // value must be greater than or equal to 10.0 or less than 5.0 [float.gte_lt_exclusive] + // // must be greater than or equal to 10.0 or less than 5.0 [float.gte_lt_exclusive] // float another_value = 3 [(buf.validate.field).float = { gte: 10.0, lt: 5.0 }]; // } // @@ -2754,13 +2754,13 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be in list [1.0, 2.0, 3.0] + // // must be in list [1.0, 2.0, 3.0] // float value = 1 [(buf.validate.field).float = { in: [1.0, 2.0, 3.0] }]; // } // // ``` In []float32 - // `in` requires the field value to not be equal to any of the specified + // `not_in` requires the field value to not be equal to any of the specified // values. If the field value is one of the specified values, an error // message is generated. // @@ -2849,7 +2849,7 @@ type FloatRules_Lt struct { // ```proto // // message MyFloat { - // // value must be less than 10.0 + // // must be less than 10.0 // float value = 1 [(buf.validate.field).float.lt = 10.0]; // } // @@ -2865,7 +2865,7 @@ type FloatRules_Lte struct { // ```proto // // message MyFloat { - // // value must be less than or equal to 10.0 + // // must be less than or equal to 10.0 // float value = 1 [(buf.validate.field).float.lte = 10.0]; // } // @@ -2891,13 +2891,13 @@ type FloatRules_Gt struct { // ```proto // // message MyFloat { - // // value must be greater than 5.0 [float.gt] + // // must be greater than 5.0 [float.gt] // float value = 1 [(buf.validate.field).float.gt = 5.0]; // - // // value must be greater than 5 and less than 10.0 [float.gt_lt] + // // must be greater than 5 and less than 10.0 [float.gt_lt] // float other_value = 2 [(buf.validate.field).float = { gt: 5.0, lt: 10.0 }]; // - // // value must be greater than 10 or less than 5.0 [float.gt_lt_exclusive] + // // must be greater than 10 or less than 5.0 [float.gt_lt_exclusive] // float another_value = 3 [(buf.validate.field).float = { gt: 10.0, lt: 5.0 }]; // } // @@ -2915,13 +2915,13 @@ type FloatRules_Gte struct { // ```proto // // message MyFloat { - // // value must be greater than or equal to 5.0 [float.gte] + // // must be greater than or equal to 5.0 [float.gte] // float value = 1 [(buf.validate.field).float.gte = 5.0]; // - // // value must be greater than or equal to 5.0 and less than 10.0 [float.gte_lt] + // // must be greater than or equal to 5.0 and less than 10.0 [float.gte_lt] // float other_value = 2 [(buf.validate.field).float = { gte: 5.0, lt: 10.0 }]; // - // // value must be greater than or equal to 10.0 or less than 5.0 [float.gte_lt_exclusive] + // // must be greater than or equal to 10.0 or less than 5.0 [float.gte_lt_exclusive] // float another_value = 3 [(buf.validate.field).float = { gte: 10.0, lt: 5.0 }]; // } // @@ -2966,7 +2966,7 @@ type DoubleRules struct { // ```proto // // message MyDouble { - // // value must be in list [1.0, 2.0, 3.0] + // // must be in list [1.0, 2.0, 3.0] // double value = 1 [(buf.validate.field).double = { in: [1.0, 2.0, 3.0] }]; // } // @@ -3313,7 +3313,7 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be less than 10.0 + // // must be less than 10.0 // double value = 1 [(buf.validate.field).double.lt = 10.0]; // } // @@ -3326,7 +3326,7 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be less than or equal to 10.0 + // // must be less than or equal to 10.0 // double value = 1 [(buf.validate.field).double.lte = 10.0]; // } // @@ -3343,13 +3343,13 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be greater than 5.0 [double.gt] + // // must be greater than 5.0 [double.gt] // double value = 1 [(buf.validate.field).double.gt = 5.0]; // - // // value must be greater than 5 and less than 10.0 [double.gt_lt] + // // must be greater than 5 and less than 10.0 [double.gt_lt] // double other_value = 2 [(buf.validate.field).double = { gt: 5.0, lt: 10.0 }]; // - // // value must be greater than 10 or less than 5.0 [double.gt_lt_exclusive] + // // must be greater than 10 or less than 5.0 [double.gt_lt_exclusive] // double another_value = 3 [(buf.validate.field).double = { gt: 10.0, lt: 5.0 }]; // } // @@ -3364,13 +3364,13 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be greater than or equal to 5.0 [double.gte] + // // must be greater than or equal to 5.0 [double.gte] // double value = 1 [(buf.validate.field).double.gte = 5.0]; // - // // value must be greater than or equal to 5.0 and less than 10.0 [double.gte_lt] + // // must be greater than or equal to 5.0 and less than 10.0 [double.gte_lt] // double other_value = 2 [(buf.validate.field).double = { gte: 5.0, lt: 10.0 }]; // - // // value must be greater than or equal to 10.0 or less than 5.0 [double.gte_lt_exclusive] + // // must be greater than or equal to 10.0 or less than 5.0 [double.gte_lt_exclusive] // double another_value = 3 [(buf.validate.field).double = { gte: 10.0, lt: 5.0 }]; // } // @@ -3384,7 +3384,7 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be in list [1.0, 2.0, 3.0] + // // must be in list [1.0, 2.0, 3.0] // double value = 1 [(buf.validate.field).double = { in: [1.0, 2.0, 3.0] }]; // } // @@ -3479,7 +3479,7 @@ type DoubleRules_Lt struct { // ```proto // // message MyDouble { - // // value must be less than 10.0 + // // must be less than 10.0 // double value = 1 [(buf.validate.field).double.lt = 10.0]; // } // @@ -3495,7 +3495,7 @@ type DoubleRules_Lte struct { // ```proto // // message MyDouble { - // // value must be less than or equal to 10.0 + // // must be less than or equal to 10.0 // double value = 1 [(buf.validate.field).double.lte = 10.0]; // } // @@ -3521,13 +3521,13 @@ type DoubleRules_Gt struct { // ```proto // // message MyDouble { - // // value must be greater than 5.0 [double.gt] + // // must be greater than 5.0 [double.gt] // double value = 1 [(buf.validate.field).double.gt = 5.0]; // - // // value must be greater than 5 and less than 10.0 [double.gt_lt] + // // must be greater than 5 and less than 10.0 [double.gt_lt] // double other_value = 2 [(buf.validate.field).double = { gt: 5.0, lt: 10.0 }]; // - // // value must be greater than 10 or less than 5.0 [double.gt_lt_exclusive] + // // must be greater than 10 or less than 5.0 [double.gt_lt_exclusive] // double another_value = 3 [(buf.validate.field).double = { gt: 10.0, lt: 5.0 }]; // } // @@ -3545,13 +3545,13 @@ type DoubleRules_Gte struct { // ```proto // // message MyDouble { - // // value must be greater than or equal to 5.0 [double.gte] + // // must be greater than or equal to 5.0 [double.gte] // double value = 1 [(buf.validate.field).double.gte = 5.0]; // - // // value must be greater than or equal to 5.0 and less than 10.0 [double.gte_lt] + // // must be greater than or equal to 5.0 and less than 10.0 [double.gte_lt] // double other_value = 2 [(buf.validate.field).double = { gte: 5.0, lt: 10.0 }]; // - // // value must be greater than or equal to 10.0 or less than 5.0 [double.gte_lt_exclusive] + // // must be greater than or equal to 10.0 or less than 5.0 [double.gte_lt_exclusive] // double another_value = 3 [(buf.validate.field).double = { gte: 10.0, lt: 5.0 }]; // } // @@ -3596,7 +3596,7 @@ type Int32Rules struct { // ```proto // // message MyInt32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // int32 value = 1 [(buf.validate.field).int32 = { in: [1, 2, 3] }]; // } // @@ -3918,7 +3918,7 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be less than 10 + // // must be less than 10 // int32 value = 1 [(buf.validate.field).int32.lt = 10]; // } // @@ -3931,7 +3931,7 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // int32 value = 1 [(buf.validate.field).int32.lte = 10]; // } // @@ -3948,13 +3948,13 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be greater than 5 [int32.gt] + // // must be greater than 5 [int32.gt] // int32 value = 1 [(buf.validate.field).int32.gt = 5]; // - // // value must be greater than 5 and less than 10 [int32.gt_lt] + // // must be greater than 5 and less than 10 [int32.gt_lt] // int32 other_value = 2 [(buf.validate.field).int32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [int32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [int32.gt_lt_exclusive] // int32 another_value = 3 [(buf.validate.field).int32 = { gt: 10, lt: 5 }]; // } // @@ -3969,13 +3969,13 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be greater than or equal to 5 [int32.gte] + // // must be greater than or equal to 5 [int32.gte] // int32 value = 1 [(buf.validate.field).int32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [int32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [int32.gte_lt] // int32 other_value = 2 [(buf.validate.field).int32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [int32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [int32.gte_lt_exclusive] // int32 another_value = 3 [(buf.validate.field).int32 = { gte: 10, lt: 5 }]; // } // @@ -3989,7 +3989,7 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // int32 value = 1 [(buf.validate.field).int32 = { in: [1, 2, 3] }]; // } // @@ -4080,7 +4080,7 @@ type Int32Rules_Lt struct { // ```proto // // message MyInt32 { - // // value must be less than 10 + // // must be less than 10 // int32 value = 1 [(buf.validate.field).int32.lt = 10]; // } // @@ -4096,7 +4096,7 @@ type Int32Rules_Lte struct { // ```proto // // message MyInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // int32 value = 1 [(buf.validate.field).int32.lte = 10]; // } // @@ -4122,13 +4122,13 @@ type Int32Rules_Gt struct { // ```proto // // message MyInt32 { - // // value must be greater than 5 [int32.gt] + // // must be greater than 5 [int32.gt] // int32 value = 1 [(buf.validate.field).int32.gt = 5]; // - // // value must be greater than 5 and less than 10 [int32.gt_lt] + // // must be greater than 5 and less than 10 [int32.gt_lt] // int32 other_value = 2 [(buf.validate.field).int32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [int32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [int32.gt_lt_exclusive] // int32 another_value = 3 [(buf.validate.field).int32 = { gt: 10, lt: 5 }]; // } // @@ -4146,13 +4146,13 @@ type Int32Rules_Gte struct { // ```proto // // message MyInt32 { - // // value must be greater than or equal to 5 [int32.gte] + // // must be greater than or equal to 5 [int32.gte] // int32 value = 1 [(buf.validate.field).int32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [int32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [int32.gte_lt] // int32 other_value = 2 [(buf.validate.field).int32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [int32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [int32.gte_lt_exclusive] // int32 another_value = 3 [(buf.validate.field).int32 = { gte: 10, lt: 5 }]; // } // @@ -4197,7 +4197,7 @@ type Int64Rules struct { // ```proto // // message MyInt64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // int64 value = 1 [(buf.validate.field).int64 = { in: [1, 2, 3] }]; // } // @@ -4519,7 +4519,7 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be less than 10 + // // must be less than 10 // int64 value = 1 [(buf.validate.field).int64.lt = 10]; // } // @@ -4532,7 +4532,7 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // int64 value = 1 [(buf.validate.field).int64.lte = 10]; // } // @@ -4549,13 +4549,13 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be greater than 5 [int64.gt] + // // must be greater than 5 [int64.gt] // int64 value = 1 [(buf.validate.field).int64.gt = 5]; // - // // value must be greater than 5 and less than 10 [int64.gt_lt] + // // must be greater than 5 and less than 10 [int64.gt_lt] // int64 other_value = 2 [(buf.validate.field).int64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [int64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [int64.gt_lt_exclusive] // int64 another_value = 3 [(buf.validate.field).int64 = { gt: 10, lt: 5 }]; // } // @@ -4570,13 +4570,13 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be greater than or equal to 5 [int64.gte] + // // must be greater than or equal to 5 [int64.gte] // int64 value = 1 [(buf.validate.field).int64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [int64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [int64.gte_lt] // int64 other_value = 2 [(buf.validate.field).int64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [int64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [int64.gte_lt_exclusive] // int64 another_value = 3 [(buf.validate.field).int64 = { gte: 10, lt: 5 }]; // } // @@ -4590,7 +4590,7 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // int64 value = 1 [(buf.validate.field).int64 = { in: [1, 2, 3] }]; // } // @@ -4681,7 +4681,7 @@ type Int64Rules_Lt struct { // ```proto // // message MyInt64 { - // // value must be less than 10 + // // must be less than 10 // int64 value = 1 [(buf.validate.field).int64.lt = 10]; // } // @@ -4697,7 +4697,7 @@ type Int64Rules_Lte struct { // ```proto // // message MyInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // int64 value = 1 [(buf.validate.field).int64.lte = 10]; // } // @@ -4723,13 +4723,13 @@ type Int64Rules_Gt struct { // ```proto // // message MyInt64 { - // // value must be greater than 5 [int64.gt] + // // must be greater than 5 [int64.gt] // int64 value = 1 [(buf.validate.field).int64.gt = 5]; // - // // value must be greater than 5 and less than 10 [int64.gt_lt] + // // must be greater than 5 and less than 10 [int64.gt_lt] // int64 other_value = 2 [(buf.validate.field).int64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [int64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [int64.gt_lt_exclusive] // int64 another_value = 3 [(buf.validate.field).int64 = { gt: 10, lt: 5 }]; // } // @@ -4747,13 +4747,13 @@ type Int64Rules_Gte struct { // ```proto // // message MyInt64 { - // // value must be greater than or equal to 5 [int64.gte] + // // must be greater than or equal to 5 [int64.gte] // int64 value = 1 [(buf.validate.field).int64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [int64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [int64.gte_lt] // int64 other_value = 2 [(buf.validate.field).int64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [int64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [int64.gte_lt_exclusive] // int64 another_value = 3 [(buf.validate.field).int64 = { gte: 10, lt: 5 }]; // } // @@ -4798,7 +4798,7 @@ type UInt32Rules struct { // ```proto // // message MyUInt32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // uint32 value = 1 [(buf.validate.field).uint32 = { in: [1, 2, 3] }]; // } // @@ -5120,7 +5120,7 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be less than 10 + // // must be less than 10 // uint32 value = 1 [(buf.validate.field).uint32.lt = 10]; // } // @@ -5133,7 +5133,7 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // uint32 value = 1 [(buf.validate.field).uint32.lte = 10]; // } // @@ -5150,13 +5150,13 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be greater than 5 [uint32.gt] + // // must be greater than 5 [uint32.gt] // uint32 value = 1 [(buf.validate.field).uint32.gt = 5]; // - // // value must be greater than 5 and less than 10 [uint32.gt_lt] + // // must be greater than 5 and less than 10 [uint32.gt_lt] // uint32 other_value = 2 [(buf.validate.field).uint32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [uint32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [uint32.gt_lt_exclusive] // uint32 another_value = 3 [(buf.validate.field).uint32 = { gt: 10, lt: 5 }]; // } // @@ -5171,13 +5171,13 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be greater than or equal to 5 [uint32.gte] + // // must be greater than or equal to 5 [uint32.gte] // uint32 value = 1 [(buf.validate.field).uint32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [uint32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [uint32.gte_lt] // uint32 other_value = 2 [(buf.validate.field).uint32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [uint32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [uint32.gte_lt_exclusive] // uint32 another_value = 3 [(buf.validate.field).uint32 = { gte: 10, lt: 5 }]; // } // @@ -5191,7 +5191,7 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // uint32 value = 1 [(buf.validate.field).uint32 = { in: [1, 2, 3] }]; // } // @@ -5282,7 +5282,7 @@ type UInt32Rules_Lt struct { // ```proto // // message MyUInt32 { - // // value must be less than 10 + // // must be less than 10 // uint32 value = 1 [(buf.validate.field).uint32.lt = 10]; // } // @@ -5298,7 +5298,7 @@ type UInt32Rules_Lte struct { // ```proto // // message MyUInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // uint32 value = 1 [(buf.validate.field).uint32.lte = 10]; // } // @@ -5324,13 +5324,13 @@ type UInt32Rules_Gt struct { // ```proto // // message MyUInt32 { - // // value must be greater than 5 [uint32.gt] + // // must be greater than 5 [uint32.gt] // uint32 value = 1 [(buf.validate.field).uint32.gt = 5]; // - // // value must be greater than 5 and less than 10 [uint32.gt_lt] + // // must be greater than 5 and less than 10 [uint32.gt_lt] // uint32 other_value = 2 [(buf.validate.field).uint32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [uint32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [uint32.gt_lt_exclusive] // uint32 another_value = 3 [(buf.validate.field).uint32 = { gt: 10, lt: 5 }]; // } // @@ -5348,13 +5348,13 @@ type UInt32Rules_Gte struct { // ```proto // // message MyUInt32 { - // // value must be greater than or equal to 5 [uint32.gte] + // // must be greater than or equal to 5 [uint32.gte] // uint32 value = 1 [(buf.validate.field).uint32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [uint32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [uint32.gte_lt] // uint32 other_value = 2 [(buf.validate.field).uint32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [uint32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [uint32.gte_lt_exclusive] // uint32 another_value = 3 [(buf.validate.field).uint32 = { gte: 10, lt: 5 }]; // } // @@ -5399,7 +5399,7 @@ type UInt64Rules struct { // ```proto // // message MyUInt64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // uint64 value = 1 [(buf.validate.field).uint64 = { in: [1, 2, 3] }]; // } // @@ -5721,7 +5721,7 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be less than 10 + // // must be less than 10 // uint64 value = 1 [(buf.validate.field).uint64.lt = 10]; // } // @@ -5734,7 +5734,7 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // uint64 value = 1 [(buf.validate.field).uint64.lte = 10]; // } // @@ -5751,13 +5751,13 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be greater than 5 [uint64.gt] + // // must be greater than 5 [uint64.gt] // uint64 value = 1 [(buf.validate.field).uint64.gt = 5]; // - // // value must be greater than 5 and less than 10 [uint64.gt_lt] + // // must be greater than 5 and less than 10 [uint64.gt_lt] // uint64 other_value = 2 [(buf.validate.field).uint64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [uint64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [uint64.gt_lt_exclusive] // uint64 another_value = 3 [(buf.validate.field).uint64 = { gt: 10, lt: 5 }]; // } // @@ -5772,13 +5772,13 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be greater than or equal to 5 [uint64.gte] + // // must be greater than or equal to 5 [uint64.gte] // uint64 value = 1 [(buf.validate.field).uint64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [uint64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [uint64.gte_lt] // uint64 other_value = 2 [(buf.validate.field).uint64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [uint64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [uint64.gte_lt_exclusive] // uint64 another_value = 3 [(buf.validate.field).uint64 = { gte: 10, lt: 5 }]; // } // @@ -5792,7 +5792,7 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // uint64 value = 1 [(buf.validate.field).uint64 = { in: [1, 2, 3] }]; // } // @@ -5883,7 +5883,7 @@ type UInt64Rules_Lt struct { // ```proto // // message MyUInt64 { - // // value must be less than 10 + // // must be less than 10 // uint64 value = 1 [(buf.validate.field).uint64.lt = 10]; // } // @@ -5899,7 +5899,7 @@ type UInt64Rules_Lte struct { // ```proto // // message MyUInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // uint64 value = 1 [(buf.validate.field).uint64.lte = 10]; // } // @@ -5925,13 +5925,13 @@ type UInt64Rules_Gt struct { // ```proto // // message MyUInt64 { - // // value must be greater than 5 [uint64.gt] + // // must be greater than 5 [uint64.gt] // uint64 value = 1 [(buf.validate.field).uint64.gt = 5]; // - // // value must be greater than 5 and less than 10 [uint64.gt_lt] + // // must be greater than 5 and less than 10 [uint64.gt_lt] // uint64 other_value = 2 [(buf.validate.field).uint64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [uint64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [uint64.gt_lt_exclusive] // uint64 another_value = 3 [(buf.validate.field).uint64 = { gt: 10, lt: 5 }]; // } // @@ -5949,13 +5949,13 @@ type UInt64Rules_Gte struct { // ```proto // // message MyUInt64 { - // // value must be greater than or equal to 5 [uint64.gte] + // // must be greater than or equal to 5 [uint64.gte] // uint64 value = 1 [(buf.validate.field).uint64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [uint64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [uint64.gte_lt] // uint64 other_value = 2 [(buf.validate.field).uint64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [uint64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [uint64.gte_lt_exclusive] // uint64 another_value = 3 [(buf.validate.field).uint64 = { gte: 10, lt: 5 }]; // } // @@ -5999,7 +5999,7 @@ type SInt32Rules struct { // ```proto // // message MySInt32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sint32 value = 1 [(buf.validate.field).sint32 = { in: [1, 2, 3] }]; // } // @@ -6321,7 +6321,7 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be less than 10 + // // must be less than 10 // sint32 value = 1 [(buf.validate.field).sint32.lt = 10]; // } // @@ -6334,7 +6334,7 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sint32 value = 1 [(buf.validate.field).sint32.lte = 10]; // } // @@ -6351,13 +6351,13 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be greater than 5 [sint32.gt] + // // must be greater than 5 [sint32.gt] // sint32 value = 1 [(buf.validate.field).sint32.gt = 5]; // - // // value must be greater than 5 and less than 10 [sint32.gt_lt] + // // must be greater than 5 and less than 10 [sint32.gt_lt] // sint32 other_value = 2 [(buf.validate.field).sint32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sint32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sint32.gt_lt_exclusive] // sint32 another_value = 3 [(buf.validate.field).sint32 = { gt: 10, lt: 5 }]; // } // @@ -6372,13 +6372,13 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be greater than or equal to 5 [sint32.gte] + // // must be greater than or equal to 5 [sint32.gte] // sint32 value = 1 [(buf.validate.field).sint32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sint32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sint32.gte_lt] // sint32 other_value = 2 [(buf.validate.field).sint32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sint32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sint32.gte_lt_exclusive] // sint32 another_value = 3 [(buf.validate.field).sint32 = { gte: 10, lt: 5 }]; // } // @@ -6392,7 +6392,7 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sint32 value = 1 [(buf.validate.field).sint32 = { in: [1, 2, 3] }]; // } // @@ -6483,7 +6483,7 @@ type SInt32Rules_Lt struct { // ```proto // // message MySInt32 { - // // value must be less than 10 + // // must be less than 10 // sint32 value = 1 [(buf.validate.field).sint32.lt = 10]; // } // @@ -6499,7 +6499,7 @@ type SInt32Rules_Lte struct { // ```proto // // message MySInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sint32 value = 1 [(buf.validate.field).sint32.lte = 10]; // } // @@ -6525,13 +6525,13 @@ type SInt32Rules_Gt struct { // ```proto // // message MySInt32 { - // // value must be greater than 5 [sint32.gt] + // // must be greater than 5 [sint32.gt] // sint32 value = 1 [(buf.validate.field).sint32.gt = 5]; // - // // value must be greater than 5 and less than 10 [sint32.gt_lt] + // // must be greater than 5 and less than 10 [sint32.gt_lt] // sint32 other_value = 2 [(buf.validate.field).sint32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sint32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sint32.gt_lt_exclusive] // sint32 another_value = 3 [(buf.validate.field).sint32 = { gt: 10, lt: 5 }]; // } // @@ -6549,13 +6549,13 @@ type SInt32Rules_Gte struct { // ```proto // // message MySInt32 { - // // value must be greater than or equal to 5 [sint32.gte] + // // must be greater than or equal to 5 [sint32.gte] // sint32 value = 1 [(buf.validate.field).sint32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sint32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sint32.gte_lt] // sint32 other_value = 2 [(buf.validate.field).sint32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sint32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sint32.gte_lt_exclusive] // sint32 another_value = 3 [(buf.validate.field).sint32 = { gte: 10, lt: 5 }]; // } // @@ -6599,7 +6599,7 @@ type SInt64Rules struct { // ```proto // // message MySInt64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sint64 value = 1 [(buf.validate.field).sint64 = { in: [1, 2, 3] }]; // } // @@ -6921,7 +6921,7 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be less than 10 + // // must be less than 10 // sint64 value = 1 [(buf.validate.field).sint64.lt = 10]; // } // @@ -6934,7 +6934,7 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sint64 value = 1 [(buf.validate.field).sint64.lte = 10]; // } // @@ -6951,13 +6951,13 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be greater than 5 [sint64.gt] + // // must be greater than 5 [sint64.gt] // sint64 value = 1 [(buf.validate.field).sint64.gt = 5]; // - // // value must be greater than 5 and less than 10 [sint64.gt_lt] + // // must be greater than 5 and less than 10 [sint64.gt_lt] // sint64 other_value = 2 [(buf.validate.field).sint64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sint64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sint64.gt_lt_exclusive] // sint64 another_value = 3 [(buf.validate.field).sint64 = { gt: 10, lt: 5 }]; // } // @@ -6972,13 +6972,13 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be greater than or equal to 5 [sint64.gte] + // // must be greater than or equal to 5 [sint64.gte] // sint64 value = 1 [(buf.validate.field).sint64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sint64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sint64.gte_lt] // sint64 other_value = 2 [(buf.validate.field).sint64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sint64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sint64.gte_lt_exclusive] // sint64 another_value = 3 [(buf.validate.field).sint64 = { gte: 10, lt: 5 }]; // } // @@ -6992,7 +6992,7 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sint64 value = 1 [(buf.validate.field).sint64 = { in: [1, 2, 3] }]; // } // @@ -7083,7 +7083,7 @@ type SInt64Rules_Lt struct { // ```proto // // message MySInt64 { - // // value must be less than 10 + // // must be less than 10 // sint64 value = 1 [(buf.validate.field).sint64.lt = 10]; // } // @@ -7099,7 +7099,7 @@ type SInt64Rules_Lte struct { // ```proto // // message MySInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sint64 value = 1 [(buf.validate.field).sint64.lte = 10]; // } // @@ -7125,13 +7125,13 @@ type SInt64Rules_Gt struct { // ```proto // // message MySInt64 { - // // value must be greater than 5 [sint64.gt] + // // must be greater than 5 [sint64.gt] // sint64 value = 1 [(buf.validate.field).sint64.gt = 5]; // - // // value must be greater than 5 and less than 10 [sint64.gt_lt] + // // must be greater than 5 and less than 10 [sint64.gt_lt] // sint64 other_value = 2 [(buf.validate.field).sint64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sint64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sint64.gt_lt_exclusive] // sint64 another_value = 3 [(buf.validate.field).sint64 = { gt: 10, lt: 5 }]; // } // @@ -7149,13 +7149,13 @@ type SInt64Rules_Gte struct { // ```proto // // message MySInt64 { - // // value must be greater than or equal to 5 [sint64.gte] + // // must be greater than or equal to 5 [sint64.gte] // sint64 value = 1 [(buf.validate.field).sint64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sint64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sint64.gte_lt] // sint64 other_value = 2 [(buf.validate.field).sint64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sint64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sint64.gte_lt_exclusive] // sint64 another_value = 3 [(buf.validate.field).sint64 = { gte: 10, lt: 5 }]; // } // @@ -7199,7 +7199,7 @@ type Fixed32Rules struct { // ```proto // // message MyFixed32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // fixed32 value = 1 [(buf.validate.field).fixed32 = { in: [1, 2, 3] }]; // } // @@ -7521,7 +7521,7 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be less than 10 + // // must be less than 10 // fixed32 value = 1 [(buf.validate.field).fixed32.lt = 10]; // } // @@ -7534,7 +7534,7 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // fixed32 value = 1 [(buf.validate.field).fixed32.lte = 10]; // } // @@ -7551,13 +7551,13 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be greater than 5 [fixed32.gt] + // // must be greater than 5 [fixed32.gt] // fixed32 value = 1 [(buf.validate.field).fixed32.gt = 5]; // - // // value must be greater than 5 and less than 10 [fixed32.gt_lt] + // // must be greater than 5 and less than 10 [fixed32.gt_lt] // fixed32 other_value = 2 [(buf.validate.field).fixed32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [fixed32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [fixed32.gt_lt_exclusive] // fixed32 another_value = 3 [(buf.validate.field).fixed32 = { gt: 10, lt: 5 }]; // } // @@ -7572,13 +7572,13 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be greater than or equal to 5 [fixed32.gte] + // // must be greater than or equal to 5 [fixed32.gte] // fixed32 value = 1 [(buf.validate.field).fixed32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [fixed32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [fixed32.gte_lt] // fixed32 other_value = 2 [(buf.validate.field).fixed32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [fixed32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [fixed32.gte_lt_exclusive] // fixed32 another_value = 3 [(buf.validate.field).fixed32 = { gte: 10, lt: 5 }]; // } // @@ -7592,7 +7592,7 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // fixed32 value = 1 [(buf.validate.field).fixed32 = { in: [1, 2, 3] }]; // } // @@ -7683,7 +7683,7 @@ type Fixed32Rules_Lt struct { // ```proto // // message MyFixed32 { - // // value must be less than 10 + // // must be less than 10 // fixed32 value = 1 [(buf.validate.field).fixed32.lt = 10]; // } // @@ -7699,7 +7699,7 @@ type Fixed32Rules_Lte struct { // ```proto // // message MyFixed32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // fixed32 value = 1 [(buf.validate.field).fixed32.lte = 10]; // } // @@ -7725,13 +7725,13 @@ type Fixed32Rules_Gt struct { // ```proto // // message MyFixed32 { - // // value must be greater than 5 [fixed32.gt] + // // must be greater than 5 [fixed32.gt] // fixed32 value = 1 [(buf.validate.field).fixed32.gt = 5]; // - // // value must be greater than 5 and less than 10 [fixed32.gt_lt] + // // must be greater than 5 and less than 10 [fixed32.gt_lt] // fixed32 other_value = 2 [(buf.validate.field).fixed32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [fixed32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [fixed32.gt_lt_exclusive] // fixed32 another_value = 3 [(buf.validate.field).fixed32 = { gt: 10, lt: 5 }]; // } // @@ -7749,13 +7749,13 @@ type Fixed32Rules_Gte struct { // ```proto // // message MyFixed32 { - // // value must be greater than or equal to 5 [fixed32.gte] + // // must be greater than or equal to 5 [fixed32.gte] // fixed32 value = 1 [(buf.validate.field).fixed32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [fixed32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [fixed32.gte_lt] // fixed32 other_value = 2 [(buf.validate.field).fixed32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [fixed32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [fixed32.gte_lt_exclusive] // fixed32 another_value = 3 [(buf.validate.field).fixed32 = { gte: 10, lt: 5 }]; // } // @@ -7799,7 +7799,7 @@ type Fixed64Rules struct { // ```proto // // message MyFixed64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // fixed64 value = 1 [(buf.validate.field).fixed64 = { in: [1, 2, 3] }]; // } // @@ -8121,7 +8121,7 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be less than 10 + // // must be less than 10 // fixed64 value = 1 [(buf.validate.field).fixed64.lt = 10]; // } // @@ -8134,7 +8134,7 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // fixed64 value = 1 [(buf.validate.field).fixed64.lte = 10]; // } // @@ -8151,13 +8151,13 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be greater than 5 [fixed64.gt] + // // must be greater than 5 [fixed64.gt] // fixed64 value = 1 [(buf.validate.field).fixed64.gt = 5]; // - // // value must be greater than 5 and less than 10 [fixed64.gt_lt] + // // must be greater than 5 and less than 10 [fixed64.gt_lt] // fixed64 other_value = 2 [(buf.validate.field).fixed64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [fixed64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [fixed64.gt_lt_exclusive] // fixed64 another_value = 3 [(buf.validate.field).fixed64 = { gt: 10, lt: 5 }]; // } // @@ -8172,13 +8172,13 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be greater than or equal to 5 [fixed64.gte] + // // must be greater than or equal to 5 [fixed64.gte] // fixed64 value = 1 [(buf.validate.field).fixed64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [fixed64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [fixed64.gte_lt] // fixed64 other_value = 2 [(buf.validate.field).fixed64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [fixed64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [fixed64.gte_lt_exclusive] // fixed64 another_value = 3 [(buf.validate.field).fixed64 = { gte: 10, lt: 5 }]; // } // @@ -8192,7 +8192,7 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // fixed64 value = 1 [(buf.validate.field).fixed64 = { in: [1, 2, 3] }]; // } // @@ -8283,7 +8283,7 @@ type Fixed64Rules_Lt struct { // ```proto // // message MyFixed64 { - // // value must be less than 10 + // // must be less than 10 // fixed64 value = 1 [(buf.validate.field).fixed64.lt = 10]; // } // @@ -8299,7 +8299,7 @@ type Fixed64Rules_Lte struct { // ```proto // // message MyFixed64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // fixed64 value = 1 [(buf.validate.field).fixed64.lte = 10]; // } // @@ -8325,13 +8325,13 @@ type Fixed64Rules_Gt struct { // ```proto // // message MyFixed64 { - // // value must be greater than 5 [fixed64.gt] + // // must be greater than 5 [fixed64.gt] // fixed64 value = 1 [(buf.validate.field).fixed64.gt = 5]; // - // // value must be greater than 5 and less than 10 [fixed64.gt_lt] + // // must be greater than 5 and less than 10 [fixed64.gt_lt] // fixed64 other_value = 2 [(buf.validate.field).fixed64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [fixed64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [fixed64.gt_lt_exclusive] // fixed64 another_value = 3 [(buf.validate.field).fixed64 = { gt: 10, lt: 5 }]; // } // @@ -8349,13 +8349,13 @@ type Fixed64Rules_Gte struct { // ```proto // // message MyFixed64 { - // // value must be greater than or equal to 5 [fixed64.gte] + // // must be greater than or equal to 5 [fixed64.gte] // fixed64 value = 1 [(buf.validate.field).fixed64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [fixed64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [fixed64.gte_lt] // fixed64 other_value = 2 [(buf.validate.field).fixed64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [fixed64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [fixed64.gte_lt_exclusive] // fixed64 another_value = 3 [(buf.validate.field).fixed64 = { gte: 10, lt: 5 }]; // } // @@ -8399,7 +8399,7 @@ type SFixed32Rules struct { // ```proto // // message MySFixed32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sfixed32 value = 1 [(buf.validate.field).sfixed32 = { in: [1, 2, 3] }]; // } // @@ -8721,7 +8721,7 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be less than 10 + // // must be less than 10 // sfixed32 value = 1 [(buf.validate.field).sfixed32.lt = 10]; // } // @@ -8734,7 +8734,7 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sfixed32 value = 1 [(buf.validate.field).sfixed32.lte = 10]; // } // @@ -8751,13 +8751,13 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be greater than 5 [sfixed32.gt] + // // must be greater than 5 [sfixed32.gt] // sfixed32 value = 1 [(buf.validate.field).sfixed32.gt = 5]; // - // // value must be greater than 5 and less than 10 [sfixed32.gt_lt] + // // must be greater than 5 and less than 10 [sfixed32.gt_lt] // sfixed32 other_value = 2 [(buf.validate.field).sfixed32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sfixed32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sfixed32.gt_lt_exclusive] // sfixed32 another_value = 3 [(buf.validate.field).sfixed32 = { gt: 10, lt: 5 }]; // } // @@ -8772,13 +8772,13 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be greater than or equal to 5 [sfixed32.gte] + // // must be greater than or equal to 5 [sfixed32.gte] // sfixed32 value = 1 [(buf.validate.field).sfixed32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sfixed32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sfixed32.gte_lt] // sfixed32 other_value = 2 [(buf.validate.field).sfixed32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sfixed32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sfixed32.gte_lt_exclusive] // sfixed32 another_value = 3 [(buf.validate.field).sfixed32 = { gte: 10, lt: 5 }]; // } // @@ -8792,7 +8792,7 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sfixed32 value = 1 [(buf.validate.field).sfixed32 = { in: [1, 2, 3] }]; // } // @@ -8883,7 +8883,7 @@ type SFixed32Rules_Lt struct { // ```proto // // message MySFixed32 { - // // value must be less than 10 + // // must be less than 10 // sfixed32 value = 1 [(buf.validate.field).sfixed32.lt = 10]; // } // @@ -8899,7 +8899,7 @@ type SFixed32Rules_Lte struct { // ```proto // // message MySFixed32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sfixed32 value = 1 [(buf.validate.field).sfixed32.lte = 10]; // } // @@ -8925,13 +8925,13 @@ type SFixed32Rules_Gt struct { // ```proto // // message MySFixed32 { - // // value must be greater than 5 [sfixed32.gt] + // // must be greater than 5 [sfixed32.gt] // sfixed32 value = 1 [(buf.validate.field).sfixed32.gt = 5]; // - // // value must be greater than 5 and less than 10 [sfixed32.gt_lt] + // // must be greater than 5 and less than 10 [sfixed32.gt_lt] // sfixed32 other_value = 2 [(buf.validate.field).sfixed32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sfixed32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sfixed32.gt_lt_exclusive] // sfixed32 another_value = 3 [(buf.validate.field).sfixed32 = { gt: 10, lt: 5 }]; // } // @@ -8949,13 +8949,13 @@ type SFixed32Rules_Gte struct { // ```proto // // message MySFixed32 { - // // value must be greater than or equal to 5 [sfixed32.gte] + // // must be greater than or equal to 5 [sfixed32.gte] // sfixed32 value = 1 [(buf.validate.field).sfixed32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sfixed32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sfixed32.gte_lt] // sfixed32 other_value = 2 [(buf.validate.field).sfixed32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sfixed32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sfixed32.gte_lt_exclusive] // sfixed32 another_value = 3 [(buf.validate.field).sfixed32 = { gte: 10, lt: 5 }]; // } // @@ -8999,7 +8999,7 @@ type SFixed64Rules struct { // ```proto // // message MySFixed64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sfixed64 value = 1 [(buf.validate.field).sfixed64 = { in: [1, 2, 3] }]; // } // @@ -9321,7 +9321,7 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be less than 10 + // // must be less than 10 // sfixed64 value = 1 [(buf.validate.field).sfixed64.lt = 10]; // } // @@ -9334,7 +9334,7 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sfixed64 value = 1 [(buf.validate.field).sfixed64.lte = 10]; // } // @@ -9351,13 +9351,13 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be greater than 5 [sfixed64.gt] + // // must be greater than 5 [sfixed64.gt] // sfixed64 value = 1 [(buf.validate.field).sfixed64.gt = 5]; // - // // value must be greater than 5 and less than 10 [sfixed64.gt_lt] + // // must be greater than 5 and less than 10 [sfixed64.gt_lt] // sfixed64 other_value = 2 [(buf.validate.field).sfixed64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sfixed64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sfixed64.gt_lt_exclusive] // sfixed64 another_value = 3 [(buf.validate.field).sfixed64 = { gt: 10, lt: 5 }]; // } // @@ -9372,13 +9372,13 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be greater than or equal to 5 [sfixed64.gte] + // // must be greater than or equal to 5 [sfixed64.gte] // sfixed64 value = 1 [(buf.validate.field).sfixed64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sfixed64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sfixed64.gte_lt] // sfixed64 other_value = 2 [(buf.validate.field).sfixed64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sfixed64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sfixed64.gte_lt_exclusive] // sfixed64 another_value = 3 [(buf.validate.field).sfixed64 = { gte: 10, lt: 5 }]; // } // @@ -9392,7 +9392,7 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sfixed64 value = 1 [(buf.validate.field).sfixed64 = { in: [1, 2, 3] }]; // } // @@ -9483,7 +9483,7 @@ type SFixed64Rules_Lt struct { // ```proto // // message MySFixed64 { - // // value must be less than 10 + // // must be less than 10 // sfixed64 value = 1 [(buf.validate.field).sfixed64.lt = 10]; // } // @@ -9499,7 +9499,7 @@ type SFixed64Rules_Lte struct { // ```proto // // message MySFixed64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sfixed64 value = 1 [(buf.validate.field).sfixed64.lte = 10]; // } // @@ -9525,13 +9525,13 @@ type SFixed64Rules_Gt struct { // ```proto // // message MySFixed64 { - // // value must be greater than 5 [sfixed64.gt] + // // must be greater than 5 [sfixed64.gt] // sfixed64 value = 1 [(buf.validate.field).sfixed64.gt = 5]; // - // // value must be greater than 5 and less than 10 [sfixed64.gt_lt] + // // must be greater than 5 and less than 10 [sfixed64.gt_lt] // sfixed64 other_value = 2 [(buf.validate.field).sfixed64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sfixed64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sfixed64.gt_lt_exclusive] // sfixed64 another_value = 3 [(buf.validate.field).sfixed64 = { gt: 10, lt: 5 }]; // } // @@ -9549,13 +9549,13 @@ type SFixed64Rules_Gte struct { // ```proto // // message MySFixed64 { - // // value must be greater than or equal to 5 [sfixed64.gte] + // // must be greater than or equal to 5 [sfixed64.gte] // sfixed64 value = 1 [(buf.validate.field).sfixed64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sfixed64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sfixed64.gte_lt] // sfixed64 other_value = 2 [(buf.validate.field).sfixed64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sfixed64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sfixed64.gte_lt_exclusive] // sfixed64 another_value = 3 [(buf.validate.field).sfixed64 = { gte: 10, lt: 5 }]; // } // @@ -9873,7 +9873,7 @@ type StringRules struct { // ```proto // // message MyString { - // // value must be in list ["apple", "banana"] + // // must be in list ["apple", "banana"] // string value = 1 [(buf.validate.field).string.in = "apple", (buf.validate.field).string.in = "banana"]; // } // @@ -9914,6 +9914,8 @@ type StringRules struct { // *StringRules_Ipv6Prefix // *StringRules_HostAndPort // *StringRules_Ulid + // *StringRules_ProtobufFqn + // *StringRules_ProtobufDotFqn // *StringRules_WellKnownRegex WellKnown isStringRules_WellKnown `protobuf_oneof:"well_known"` // This applies to regexes `HTTP_HEADER_NAME` and `HTTP_HEADER_VALUE` to @@ -10243,6 +10245,24 @@ func (x *StringRules) GetUlid() bool { return false } +func (x *StringRules) GetProtobufFqn() bool { + if x != nil { + if x, ok := x.WellKnown.(*StringRules_ProtobufFqn); ok { + return x.ProtobufFqn + } + } + return false +} + +func (x *StringRules) GetProtobufDotFqn() bool { + if x != nil { + if x, ok := x.WellKnown.(*StringRules_ProtobufDotFqn); ok { + return x.ProtobufDotFqn + } + } + return false +} + func (x *StringRules) GetWellKnownRegex() KnownRegex { if x != nil { if x, ok := x.WellKnown.(*StringRules_WellKnownRegex); ok { @@ -10394,6 +10414,14 @@ func (x *StringRules) SetUlid(v bool) { x.WellKnown = &StringRules_Ulid{v} } +func (x *StringRules) SetProtobufFqn(v bool) { + x.WellKnown = &StringRules_ProtobufFqn{v} +} + +func (x *StringRules) SetProtobufDotFqn(v bool) { + x.WellKnown = &StringRules_ProtobufDotFqn{v} +} + func (x *StringRules) SetWellKnownRegex(v KnownRegex) { x.WellKnown = &StringRules_WellKnownRegex{v} } @@ -10641,6 +10669,22 @@ func (x *StringRules) HasUlid() bool { return ok } +func (x *StringRules) HasProtobufFqn() bool { + if x == nil { + return false + } + _, ok := x.WellKnown.(*StringRules_ProtobufFqn) + return ok +} + +func (x *StringRules) HasProtobufDotFqn() bool { + if x == nil { + return false + } + _, ok := x.WellKnown.(*StringRules_ProtobufDotFqn) + return ok +} + func (x *StringRules) HasWellKnownRegex() bool { if x == nil { return false @@ -10816,6 +10860,18 @@ func (x *StringRules) ClearUlid() { } } +func (x *StringRules) ClearProtobufFqn() { + if _, ok := x.WellKnown.(*StringRules_ProtobufFqn); ok { + x.WellKnown = nil + } +} + +func (x *StringRules) ClearProtobufDotFqn() { + if _, ok := x.WellKnown.(*StringRules_ProtobufDotFqn); ok { + x.WellKnown = nil + } +} + func (x *StringRules) ClearWellKnownRegex() { if _, ok := x.WellKnown.(*StringRules_WellKnownRegex); ok { x.WellKnown = nil @@ -10845,6 +10901,8 @@ const StringRules_Ipv4Prefix_case case_StringRules_WellKnown = 30 const StringRules_Ipv6Prefix_case case_StringRules_WellKnown = 31 const StringRules_HostAndPort_case case_StringRules_WellKnown = 32 const StringRules_Ulid_case case_StringRules_WellKnown = 35 +const StringRules_ProtobufFqn_case case_StringRules_WellKnown = 37 +const StringRules_ProtobufDotFqn_case case_StringRules_WellKnown = 38 const StringRules_WellKnownRegex_case case_StringRules_WellKnown = 24 func (x *StringRules) WhichWellKnown() case_StringRules_WellKnown { @@ -10888,6 +10946,10 @@ func (x *StringRules) WhichWellKnown() case_StringRules_WellKnown { return StringRules_HostAndPort_case case *StringRules_Ulid: return StringRules_Ulid_case + case *StringRules_ProtobufFqn: + return StringRules_ProtobufFqn_case + case *StringRules_ProtobufDotFqn: + return StringRules_ProtobufDotFqn_case case *StringRules_WellKnownRegex: return StringRules_WellKnownRegex_case default: @@ -11065,7 +11127,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be in list ["apple", "banana"] + // // must be in list ["apple", "banana"] // string value = 1 [(buf.validate.field).string.in = "apple", (buf.validate.field).string.in = "banana"]; // } // @@ -11100,7 +11162,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid email address + // // must be a valid email address // string value = 1 [(buf.validate.field).string.email = true]; // } // @@ -11122,7 +11184,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid hostname + // // must be a valid hostname // string value = 1 [(buf.validate.field).string.hostname = true]; // } // @@ -11143,7 +11205,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IP address + // // must be a valid IP address // string value = 1 [(buf.validate.field).string.ip = true]; // } // @@ -11156,7 +11218,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv4 address + // // must be a valid IPv4 address // string value = 1 [(buf.validate.field).string.ipv4 = true]; // } // @@ -11169,7 +11231,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv6 address + // // must be a valid IPv6 address // string value = 1 [(buf.validate.field).string.ipv6 = true]; // } // @@ -11186,7 +11248,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid URI + // // must be a valid URI // string value = 1 [(buf.validate.field).string.uri = true]; // } // @@ -11206,7 +11268,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid URI Reference + // // must be a valid URI Reference // string value = 1 [(buf.validate.field).string.uri_ref = true]; // } // @@ -11220,7 +11282,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid hostname, or ip address + // // must be a valid hostname, or ip address // string value = 1 [(buf.validate.field).string.address = true]; // } // @@ -11233,7 +11295,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid UUID + // // must be a valid UUID // string value = 1 [(buf.validate.field).string.uuid = true]; // } // @@ -11247,7 +11309,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid trimmed UUID + // // must be a valid trimmed UUID // string value = 1 [(buf.validate.field).string.tuuid = true]; // } // @@ -11261,7 +11323,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IP with prefix length + // // must be a valid IP with prefix length // string value = 1 [(buf.validate.field).string.ip_with_prefixlen = true]; // } // @@ -11275,7 +11337,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv4 address with prefix length + // // must be a valid IPv4 address with prefix length // string value = 1 [(buf.validate.field).string.ipv4_with_prefixlen = true]; // } // @@ -11289,7 +11351,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv6 address prefix length + // // must be a valid IPv6 address prefix length // string value = 1 [(buf.validate.field).string.ipv6_with_prefixlen = true]; // } // @@ -11308,7 +11370,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IP prefix + // // must be a valid IP prefix // string value = 1 [(buf.validate.field).string.ip_prefix = true]; // } // @@ -11327,7 +11389,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv4 prefix + // // must be a valid IPv4 prefix // string value = 1 [(buf.validate.field).string.ipv4_prefix = true]; // } // @@ -11346,13 +11408,13 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv6 prefix + // // must be a valid IPv6 prefix // string value = 1 [(buf.validate.field).string.ipv6_prefix = true]; // } // // ``` Ipv6Prefix *bool - // `host_and_port` specifies that the field value must be valid host/port + // `host_and_port` specifies that the field value must be a valid host/port // pair—for example, "example.com:8080". // // The host can be one of: @@ -11370,12 +11432,66 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid ULID + // // must be a valid ULID // string value = 1 [(buf.validate.field).string.ulid = true]; // } // // ``` Ulid *bool + // `protobuf_fqn` specifies that the field value must be a valid fully-qualified + // Protobuf name as defined by the [Protobuf Language Specification](https://protobuf.com/docs/language-spec). + // + // A fully-qualified Protobuf name is a dot-separated list of Protobuf identifiers, + // where each identifier starts with a letter or underscore and is followed by zero or + // more letters, underscores, or digits. + // + // Examples: "buf.validate", "google.protobuf.Timestamp", "my_package.MyMessage". + // + // Note: historically, fully-qualified Protobuf names were represented with a leading + // dot (for example, ".buf.validate.StringRules"). Modern Protobuf does not use the + // leading dot, and most fully-qualified names are represented without it. Use + // `protobuf_dot_fqn` if a leading dot is required. + // + // If the field value isn't a valid fully-qualified Protobuf name, an error message + // will be generated. + // + // ```proto + // + // message MyString { + // // value must be a valid fully-qualified Protobuf name + // string value = 1 [(buf.validate.field).string.protobuf_fqn = true]; + // } + // + // ``` + ProtobufFqn *bool + // `protobuf_dot_fqn` specifies that the field value must be a valid fully-qualified + // Protobuf name with a leading dot, as defined by the + // [Protobuf Language Specification](https://protobuf.com/docs/language-spec). + // + // A fully-qualified Protobuf name with a leading dot is a dot followed by a + // dot-separated list of Protobuf identifiers, where each identifier starts with a + // letter or underscore and is followed by zero or more letters, underscores, or + // digits. + // + // Examples: ".buf.validate", ".google.protobuf.Timestamp", ".my_package.MyMessage". + // + // Note: this is the historical representation of fully-qualified Protobuf names, + // where a leading dot denotes an absolute reference. Modern Protobuf does not use + // the leading dot, and most fully-qualified names are represented without it. Most + // users will want to use `protobuf_fqn` instead. + // + // If the field value isn't a valid fully-qualified Protobuf name with a leading dot, + // an error message will be generated. + // + // ```proto + // + // message MyString { + // // value must be a valid fully-qualified Protobuf name with a leading dot + // string value = 1 [(buf.validate.field).string.protobuf_dot_fqn = true]; + // } + // + // ``` + ProtobufDotFqn *bool // `well_known_regex` specifies a common well-known pattern // defined as a regex. If the field value doesn't match the well-known // regex, an error message will be generated. @@ -11383,7 +11499,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid HTTP header value + // // must be a valid HTTP header value // string value = 1 [(buf.validate.field).string.well_known_regex = KNOWN_REGEX_HTTP_HEADER_VALUE]; // } // @@ -11504,6 +11620,12 @@ func (b0 StringRules_builder) Build() *StringRules { if b.Ulid != nil { x.WellKnown = &StringRules_Ulid{*b.Ulid} } + if b.ProtobufFqn != nil { + x.WellKnown = &StringRules_ProtobufFqn{*b.ProtobufFqn} + } + if b.ProtobufDotFqn != nil { + x.WellKnown = &StringRules_ProtobufDotFqn{*b.ProtobufDotFqn} + } if b.WellKnownRegex != nil { x.WellKnown = &StringRules_WellKnownRegex{*b.WellKnownRegex} } @@ -11540,7 +11662,7 @@ type StringRules_Email struct { // ```proto // // message MyString { - // // value must be a valid email address + // // must be a valid email address // string value = 1 [(buf.validate.field).string.email = true]; // } // @@ -11565,7 +11687,7 @@ type StringRules_Hostname struct { // ```proto // // message MyString { - // // value must be a valid hostname + // // must be a valid hostname // string value = 1 [(buf.validate.field).string.hostname = true]; // } // @@ -11589,7 +11711,7 @@ type StringRules_Ip struct { // ```proto // // message MyString { - // // value must be a valid IP address + // // must be a valid IP address // string value = 1 [(buf.validate.field).string.ip = true]; // } // @@ -11605,7 +11727,7 @@ type StringRules_Ipv4 struct { // ```proto // // message MyString { - // // value must be a valid IPv4 address + // // must be a valid IPv4 address // string value = 1 [(buf.validate.field).string.ipv4 = true]; // } // @@ -11621,7 +11743,7 @@ type StringRules_Ipv6 struct { // ```proto // // message MyString { - // // value must be a valid IPv6 address + // // must be a valid IPv6 address // string value = 1 [(buf.validate.field).string.ipv6 = true]; // } // @@ -11641,7 +11763,7 @@ type StringRules_Uri struct { // ```proto // // message MyString { - // // value must be a valid URI + // // must be a valid URI // string value = 1 [(buf.validate.field).string.uri = true]; // } // @@ -11664,7 +11786,7 @@ type StringRules_UriRef struct { // ```proto // // message MyString { - // // value must be a valid URI Reference + // // must be a valid URI Reference // string value = 1 [(buf.validate.field).string.uri_ref = true]; // } // @@ -11681,7 +11803,7 @@ type StringRules_Address struct { // ```proto // // message MyString { - // // value must be a valid hostname, or ip address + // // must be a valid hostname, or ip address // string value = 1 [(buf.validate.field).string.address = true]; // } // @@ -11697,7 +11819,7 @@ type StringRules_Uuid struct { // ```proto // // message MyString { - // // value must be a valid UUID + // // must be a valid UUID // string value = 1 [(buf.validate.field).string.uuid = true]; // } // @@ -11714,7 +11836,7 @@ type StringRules_Tuuid struct { // ```proto // // message MyString { - // // value must be a valid trimmed UUID + // // must be a valid trimmed UUID // string value = 1 [(buf.validate.field).string.tuuid = true]; // } // @@ -11731,7 +11853,7 @@ type StringRules_IpWithPrefixlen struct { // ```proto // // message MyString { - // // value must be a valid IP with prefix length + // // must be a valid IP with prefix length // string value = 1 [(buf.validate.field).string.ip_with_prefixlen = true]; // } // @@ -11748,7 +11870,7 @@ type StringRules_Ipv4WithPrefixlen struct { // ```proto // // message MyString { - // // value must be a valid IPv4 address with prefix length + // // must be a valid IPv4 address with prefix length // string value = 1 [(buf.validate.field).string.ipv4_with_prefixlen = true]; // } // @@ -11765,7 +11887,7 @@ type StringRules_Ipv6WithPrefixlen struct { // ```proto // // message MyString { - // // value must be a valid IPv6 address prefix length + // // must be a valid IPv6 address prefix length // string value = 1 [(buf.validate.field).string.ipv6_with_prefixlen = true]; // } // @@ -11787,7 +11909,7 @@ type StringRules_IpPrefix struct { // ```proto // // message MyString { - // // value must be a valid IP prefix + // // must be a valid IP prefix // string value = 1 [(buf.validate.field).string.ip_prefix = true]; // } // @@ -11809,7 +11931,7 @@ type StringRules_Ipv4Prefix struct { // ```proto // // message MyString { - // // value must be a valid IPv4 prefix + // // must be a valid IPv4 prefix // string value = 1 [(buf.validate.field).string.ipv4_prefix = true]; // } // @@ -11831,7 +11953,7 @@ type StringRules_Ipv6Prefix struct { // ```proto // // message MyString { - // // value must be a valid IPv6 prefix + // // must be a valid IPv6 prefix // string value = 1 [(buf.validate.field).string.ipv6_prefix = true]; // } // @@ -11840,7 +11962,7 @@ type StringRules_Ipv6Prefix struct { } type StringRules_HostAndPort struct { - // `host_and_port` specifies that the field value must be valid host/port + // `host_and_port` specifies that the field value must be a valid host/port // pair—for example, "example.com:8080". // // The host can be one of: @@ -11861,7 +11983,7 @@ type StringRules_Ulid struct { // ```proto // // message MyString { - // // value must be a valid ULID + // // must be a valid ULID // string value = 1 [(buf.validate.field).string.ulid = true]; // } // @@ -11869,6 +11991,66 @@ type StringRules_Ulid struct { Ulid bool `protobuf:"varint,35,opt,name=ulid,oneof"` } +type StringRules_ProtobufFqn struct { + // `protobuf_fqn` specifies that the field value must be a valid fully-qualified + // Protobuf name as defined by the [Protobuf Language Specification](https://protobuf.com/docs/language-spec). + // + // A fully-qualified Protobuf name is a dot-separated list of Protobuf identifiers, + // where each identifier starts with a letter or underscore and is followed by zero or + // more letters, underscores, or digits. + // + // Examples: "buf.validate", "google.protobuf.Timestamp", "my_package.MyMessage". + // + // Note: historically, fully-qualified Protobuf names were represented with a leading + // dot (for example, ".buf.validate.StringRules"). Modern Protobuf does not use the + // leading dot, and most fully-qualified names are represented without it. Use + // `protobuf_dot_fqn` if a leading dot is required. + // + // If the field value isn't a valid fully-qualified Protobuf name, an error message + // will be generated. + // + // ```proto + // + // message MyString { + // // value must be a valid fully-qualified Protobuf name + // string value = 1 [(buf.validate.field).string.protobuf_fqn = true]; + // } + // + // ``` + ProtobufFqn bool `protobuf:"varint,37,opt,name=protobuf_fqn,json=protobufFqn,oneof"` +} + +type StringRules_ProtobufDotFqn struct { + // `protobuf_dot_fqn` specifies that the field value must be a valid fully-qualified + // Protobuf name with a leading dot, as defined by the + // [Protobuf Language Specification](https://protobuf.com/docs/language-spec). + // + // A fully-qualified Protobuf name with a leading dot is a dot followed by a + // dot-separated list of Protobuf identifiers, where each identifier starts with a + // letter or underscore and is followed by zero or more letters, underscores, or + // digits. + // + // Examples: ".buf.validate", ".google.protobuf.Timestamp", ".my_package.MyMessage". + // + // Note: this is the historical representation of fully-qualified Protobuf names, + // where a leading dot denotes an absolute reference. Modern Protobuf does not use + // the leading dot, and most fully-qualified names are represented without it. Most + // users will want to use `protobuf_fqn` instead. + // + // If the field value isn't a valid fully-qualified Protobuf name with a leading dot, + // an error message will be generated. + // + // ```proto + // + // message MyString { + // // value must be a valid fully-qualified Protobuf name with a leading dot + // string value = 1 [(buf.validate.field).string.protobuf_dot_fqn = true]; + // } + // + // ``` + ProtobufDotFqn bool `protobuf:"varint,38,opt,name=protobuf_dot_fqn,json=protobufDotFqn,oneof"` +} + type StringRules_WellKnownRegex struct { // `well_known_regex` specifies a common well-known pattern // defined as a regex. If the field value doesn't match the well-known @@ -11877,7 +12059,7 @@ type StringRules_WellKnownRegex struct { // ```proto // // message MyString { - // // value must be a valid HTTP header value + // // must be a valid HTTP header value // string value = 1 [(buf.validate.field).string.well_known_regex = KNOWN_REGEX_HTTP_HEADER_VALUE]; // } // @@ -11931,6 +12113,10 @@ func (*StringRules_HostAndPort) isStringRules_WellKnown() {} func (*StringRules_Ulid) isStringRules_WellKnown() {} +func (*StringRules_ProtobufFqn) isStringRules_WellKnown() {} + +func (*StringRules_ProtobufDotFqn) isStringRules_WellKnown() {} + func (*StringRules_WellKnownRegex) isStringRules_WellKnown() {} // BytesRules describe the rules applied to `bytes` values. These rules @@ -11943,7 +12129,7 @@ type BytesRules struct { // ```proto // // message MyBytes { - // // value must be "\x01\x02\x03\x04" + // // must be "\x01\x02\x03\x04" // bytes value = 1 [(buf.validate.field).bytes.const = "\x01\x02\x03\x04"]; // } // @@ -11981,7 +12167,7 @@ type BytesRules struct { // ```proto // // message MyBytes { - // // value must be at most 6 bytes. + // // must be at most 6 bytes. // optional bytes value = 1 [(buf.validate.field).bytes.max_len = 6]; // } // @@ -12503,7 +12689,7 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be "\x01\x02\x03\x04" + // // must be "\x01\x02\x03\x04" // bytes value = 1 [(buf.validate.field).bytes.const = "\x01\x02\x03\x04"]; // } // @@ -12541,7 +12727,7 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be at most 6 bytes. + // // must be at most 6 bytes. // optional bytes value = 1 [(buf.validate.field).bytes.max_len = 6]; // } // @@ -12638,7 +12824,7 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be a valid IP address + // // must be a valid IP address // optional bytes value = 1 [(buf.validate.field).bytes.ip = true]; // } // @@ -12650,7 +12836,7 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be a valid IPv4 address + // // must be a valid IPv4 address // optional bytes value = 1 [(buf.validate.field).bytes.ipv4 = true]; // } // @@ -12661,22 +12847,21 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be a valid IPv6 address + // // must be a valid IPv6 address // optional bytes value = 1 [(buf.validate.field).bytes.ipv6 = true]; // } // // ``` Ipv6 *bool - // `uuid` ensures that the field `value` encodes the 128-bit UUID data as - // defined by [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2). - // The field must contain exactly 16 bytes - // representing the UUID. If the field value isn't a valid UUID, an error - // message will be generated. + // `uuid` ensures that the field value encodes 128-bit UUID data as defined + // by [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2). + // The field must contain exactly 16 bytes representing the UUID. If the + // field value isn't a valid UUID, an error message will be generated. // // ```proto // // message MyBytes { - // // value must be a valid UUID + // // must be a valid UUID // optional bytes value = 1 [(buf.validate.field).bytes.uuid = true]; // } // @@ -12751,7 +12936,7 @@ type BytesRules_Ip struct { // ```proto // // message MyBytes { - // // value must be a valid IP address + // // must be a valid IP address // optional bytes value = 1 [(buf.validate.field).bytes.ip = true]; // } // @@ -12766,7 +12951,7 @@ type BytesRules_Ipv4 struct { // ```proto // // message MyBytes { - // // value must be a valid IPv4 address + // // must be a valid IPv4 address // optional bytes value = 1 [(buf.validate.field).bytes.ipv4 = true]; // } // @@ -12780,7 +12965,7 @@ type BytesRules_Ipv6 struct { // ```proto // // message MyBytes { - // // value must be a valid IPv6 address + // // must be a valid IPv6 address // optional bytes value = 1 [(buf.validate.field).bytes.ipv6 = true]; // } // @@ -12789,16 +12974,15 @@ type BytesRules_Ipv6 struct { } type BytesRules_Uuid struct { - // `uuid` ensures that the field `value` encodes the 128-bit UUID data as - // defined by [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2). - // The field must contain exactly 16 bytes - // representing the UUID. If the field value isn't a valid UUID, an error - // message will be generated. + // `uuid` ensures that the field value encodes 128-bit UUID data as defined + // by [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2). + // The field must contain exactly 16 bytes representing the UUID. If the + // field value isn't a valid UUID, an error message will be generated. // // ```proto // // message MyBytes { - // // value must be a valid UUID + // // must be a valid UUID // optional bytes value = 1 [(buf.validate.field).bytes.uuid = true]; // } // @@ -13665,7 +13849,7 @@ type AnyRules struct { // // ``` In []string `protobuf:"bytes,2,rep,name=in" json:"in,omitempty"` - // requires the field's type_url to be not equal to any of the specified values. If it matches any of the specified values, an error message is generated. + // `not_in` requires the field's type_url to be not equal to any of the specified values. If it matches any of the specified values, an error message is generated. // // ```proto // @@ -13747,7 +13931,7 @@ type AnyRules_builder struct { // // ``` In []string - // requires the field's type_url to be not equal to any of the specified values. If it matches any of the specified values, an error message is generated. + // `not_in` requires the field's type_url to be not equal to any of the specified values. If it matches any of the specified values, an error message is generated. // // ```proto // @@ -13804,7 +13988,7 @@ type DurationRules struct { // ```proto // // message MyDuration { - // // value must be in list [1s, 2s, 3s] + // // must be in list [1s, 2s, 3s] // google.protobuf.Duration value = 1 [(buf.validate.field).duration.in = ["1s", "2s", "3s"]]; // } // @@ -14144,7 +14328,7 @@ type DurationRules_builder struct { // ```proto // // message MyDuration { - // // value must be less than 5s + // // must be less than 5s // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lt = "5s"]; // } // @@ -14157,7 +14341,7 @@ type DurationRules_builder struct { // ```proto // // message MyDuration { - // // value must be less than or equal to 10s + // // must be less than or equal to 10s // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lte = "10s"]; // } // @@ -14215,7 +14399,7 @@ type DurationRules_builder struct { // ```proto // // message MyDuration { - // // value must be in list [1s, 2s, 3s] + // // must be in list [1s, 2s, 3s] // google.protobuf.Duration value = 1 [(buf.validate.field).duration.in = ["1s", "2s", "3s"]]; // } // @@ -14307,7 +14491,7 @@ type DurationRules_Lt struct { // ```proto // // message MyDuration { - // // value must be less than 5s + // // must be less than 5s // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lt = "5s"]; // } // @@ -14323,7 +14507,7 @@ type DurationRules_Lte struct { // ```proto // // message MyDuration { - // // value must be less than or equal to 10s + // // must be less than or equal to 10s // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lte = "10s"]; // } // @@ -14654,7 +14838,7 @@ type TimestampRules struct { // ```proto // // message MyTimestamp { - // // value must be within 1 hour of now + // // must be within 1 hour of now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.within = {seconds: 3600}]; // } // @@ -15031,18 +15215,18 @@ type TimestampRules_builder struct { // ``` Const *timestamppb.Timestamp // Fields of oneof LessThan: - // requires the duration field value to be less than the specified value (field < value). If the field value doesn't meet the required conditions, an error message is generated. + // `lt` requires the timestamp field value to be less than the specified value (field < value). If the field value doesn't meet the required conditions, an error message is generated. // // ```proto // - // message MyDuration { - // // duration must be less than 'P3D' [duration.lt] - // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lt = { seconds: 259200 }]; + // message MyTimestamp { + // // timestamp must be less than '2023-01-01T00:00:00Z' [timestamp.lt] + // google.protobuf.Timestamp value = 1 [(buf.validate.field).timestamp.lt = { seconds: 1672444800 }]; // } // // ``` Lt *timestamppb.Timestamp - // requires the timestamp field value to be less than or equal to the specified value (field <= value). If the field value doesn't meet the required conditions, an error message is generated. + // `lte` requires the timestamp field value to be less than or equal to the specified value (field <= value). If the field value doesn't meet the required conditions, an error message is generated. // // ```proto // @@ -15058,7 +15242,7 @@ type TimestampRules_builder struct { // ```proto // // message MyTimestamp { - // // value must be less than now + // // must be less than now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.lt_now = true]; // } // @@ -15113,7 +15297,7 @@ type TimestampRules_builder struct { // ```proto // // message MyTimestamp { - // // value must be greater than now + // // must be greater than now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.gt_now = true]; // } // @@ -15125,7 +15309,7 @@ type TimestampRules_builder struct { // ```proto // // message MyTimestamp { - // // value must be within 1 hour of now + // // must be within 1 hour of now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.within = {seconds: 3600}]; // } // @@ -15201,13 +15385,13 @@ type isTimestampRules_LessThan interface { } type TimestampRules_Lt struct { - // requires the duration field value to be less than the specified value (field < value). If the field value doesn't meet the required conditions, an error message is generated. + // `lt` requires the timestamp field value to be less than the specified value (field < value). If the field value doesn't meet the required conditions, an error message is generated. // // ```proto // - // message MyDuration { - // // duration must be less than 'P3D' [duration.lt] - // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lt = { seconds: 259200 }]; + // message MyTimestamp { + // // timestamp must be less than '2023-01-01T00:00:00Z' [timestamp.lt] + // google.protobuf.Timestamp value = 1 [(buf.validate.field).timestamp.lt = { seconds: 1672444800 }]; // } // // ``` @@ -15215,7 +15399,7 @@ type TimestampRules_Lt struct { } type TimestampRules_Lte struct { - // requires the timestamp field value to be less than or equal to the specified value (field <= value). If the field value doesn't meet the required conditions, an error message is generated. + // `lte` requires the timestamp field value to be less than or equal to the specified value (field <= value). If the field value doesn't meet the required conditions, an error message is generated. // // ```proto // @@ -15234,7 +15418,7 @@ type TimestampRules_LtNow struct { // ```proto // // message MyTimestamp { - // // value must be less than now + // // must be less than now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.lt_now = true]; // } // @@ -15306,7 +15490,7 @@ type TimestampRules_GtNow struct { // ```proto // // message MyTimestamp { - // // value must be greater than now + // // must be greater than now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.gt_now = true]; // } // @@ -16327,7 +16511,7 @@ var ( // extend buf.validate.Int32Rules { // bool is_zero [(buf.validate.predefined).cel = { // id: "int32.is_zero", - // message: "value must be zero", + // message: "must be zero", // expression: "!rule || this == 0", // }]; // } @@ -16396,788 +16580,798 @@ const file_buf_validate_validate_proto_rawDesc = "" + "\ttimestamp\x18\x16 \x01(\v2\x1c.buf.validate.TimestampRulesH\x00R\ttimestampB\x06\n" + "\x04typeJ\x04\b\x18\x10\x19J\x04\b\x1a\x10\x1bR\askippedR\fignore_empty\"Z\n" + "\x0fPredefinedRules\x12$\n" + - "\x03cel\x18\x01 \x03(\v2\x12.buf.validate.RuleR\x03celJ\x04\b\x18\x10\x19J\x04\b\x1a\x10\x1bR\askippedR\fignore_empty\"\x90\x18\n" + + "\x03cel\x18\x01 \x03(\v2\x12.buf.validate.RuleR\x03celJ\x04\b\x18\x10\x19J\x04\b\x1a\x10\x1bR\askippedR\fignore_empty\"\xae\x17\n" + "\n" + - "FloatRules\x12\x8a\x01\n" + - "\x05const\x18\x01 \x01(\x02Bt\xc2Hq\n" + - "o\n" + - "\vfloat.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xa3\x01\n" + - "\x02lt\x18\x02 \x01(\x02B\x90\x01\xc2H\x8c\x01\n" + - "\x89\x01\n" + - "\bfloat.lt\x1a}!has(rules.gte) && !has(rules.gt) && (this.isNan() || this >= rules.lt)? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xb4\x01\n" + - "\x03lte\x18\x03 \x01(\x02B\x9f\x01\xc2H\x9b\x01\n" + - "\x98\x01\n" + - "\tfloat.lte\x1a\x8a\x01!has(rules.gte) && !has(rules.gt) && (this.isNan() || this > rules.lte)? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xf3\a\n" + - "\x02gt\x18\x04 \x01(\x02B\xe0\a\xc2H\xdc\a\n" + - "\x8d\x01\n" + - "\bfloat.gt\x1a\x80\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this <= rules.gt)? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xc3\x01\n" + - "\vfloat.gt_lt\x1a\xb3\x01has(rules.lt) && rules.lt >= rules.gt && (this.isNan() || this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "FloatRules\x12\x84\x01\n" + + "\x05const\x18\x01 \x01(\x02Bn\xc2Hk\n" + + "i\n" + + "\vfloat.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x9d\x01\n" + + "\x02lt\x18\x02 \x01(\x02B\x8a\x01\xc2H\x86\x01\n" + + "\x83\x01\n" + + "\bfloat.lt\x1aw!has(rules.gte) && !has(rules.gt) && (this.isNan() || this >= rules.lt)? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xae\x01\n" + + "\x03lte\x18\x03 \x01(\x02B\x99\x01\xc2H\x95\x01\n" + + "\x92\x01\n" + + "\tfloat.lte\x1a\x84\x01!has(rules.gte) && !has(rules.gt) && (this.isNan() || this > rules.lte)? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xd4\a\n" + + "\x02gt\x18\x04 \x01(\x02B\xc1\a\xc2H\xbd\a\n" + + "\x86\x01\n" + + "\bfloat.gt\x1az!has(rules.lt) && !has(rules.lte) && (this.isNan() || this <= rules.gt)? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xbd\x01\n" + + "\vfloat.gt_lt\x1a\xad\x01has(rules.lt) && rules.lt >= rules.gt && (this.isNan() || this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc7\x01\n" + + "\x15float.gt_lt_exclusive\x1a\xad\x01has(rules.lt) && rules.lt < rules.gt && (this.isNan() || (rules.lt <= this && this <= rules.gt))? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + "\xcd\x01\n" + - "\x15float.gt_lt_exclusive\x1a\xb3\x01has(rules.lt) && rules.lt < rules.gt && (this.isNan() || (rules.lt <= this && this <= rules.gt))? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\ffloat.gt_lte\x1a\xc2\x01has(rules.lte) && rules.lte >= rules.gt && (this.isNan() || this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xdd\x01\n" + - "\x16float.gt_lte_exclusive\x1a\xc2\x01has(rules.lte) && rules.lte < rules.gt && (this.isNan() || (rules.lte < this && this <= rules.gt))? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xbf\b\n" + - "\x03gte\x18\x05 \x01(\x02B\xaa\b\xc2H\xa6\b\n" + - "\x9b\x01\n" + - "\tfloat.gte\x1a\x8d\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this < rules.gte)? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xd2\x01\n" + - "\ffloat.gte_lt\x1a\xc1\x01has(rules.lt) && rules.lt >= rules.gte && (this.isNan() || this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\ffloat.gt_lte\x1a\xbc\x01has(rules.lte) && rules.lte >= rules.gt && (this.isNan() || this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xd7\x01\n" + + "\x16float.gt_lte_exclusive\x1a\xbc\x01has(rules.lte) && rules.lte < rules.gt && (this.isNan() || (rules.lte < this && this <= rules.gt))? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xa1\b\n" + + "\x03gte\x18\x05 \x01(\x02B\x8c\b\xc2H\x88\b\n" + + "\x95\x01\n" + + "\tfloat.gte\x1a\x87\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this < rules.gte)? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xcc\x01\n" + + "\ffloat.gte_lt\x1a\xbb\x01has(rules.lt) && rules.lt >= rules.gte && (this.isNan() || this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xd6\x01\n" + + "\x16float.gte_lt_exclusive\x1a\xbb\x01has(rules.lt) && rules.lt < rules.gte && (this.isNan() || (rules.lt <= this && this < rules.gte))? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + "\xdc\x01\n" + - "\x16float.gte_lt_exclusive\x1a\xc1\x01has(rules.lt) && rules.lt < rules.gte && (this.isNan() || (rules.lt <= this && this < rules.gte))? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xe2\x01\n" + - "\rfloat.gte_lte\x1a\xd0\x01has(rules.lte) && rules.lte >= rules.gte && (this.isNan() || this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xec\x01\n" + - "\x17float.gte_lte_exclusive\x1a\xd0\x01has(rules.lte) && rules.lte < rules.gte && (this.isNan() || (rules.lte < this && this < rules.gte))? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x83\x01\n" + - "\x02in\x18\x06 \x03(\x02Bs\xc2Hp\n" + - "n\n" + - "\bfloat.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12}\n" + - "\x06not_in\x18\a \x03(\x02Bf\xc2Hc\n" + - "a\n" + - "\ffloat.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12}\n" + - "\x06finite\x18\b \x01(\bBe\xc2Hb\n" + - "`\n" + - "\ffloat.finite\x1aPrules.finite ? (this.isNan() || this.isInf() ? 'value must be finite' : '') : ''R\x06finite\x124\n" + + "\rfloat.gte_lte\x1a\xca\x01has(rules.lte) && rules.lte >= rules.gte && (this.isNan() || this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xe6\x01\n" + + "\x17float.gte_lte_exclusive\x1a\xca\x01has(rules.lte) && rules.lte < rules.gte && (this.isNan() || (rules.lte < this && this < rules.gte))? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12}\n" + + "\x02in\x18\x06 \x03(\x02Bm\xc2Hj\n" + + "h\n" + + "\bfloat.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12w\n" + + "\x06not_in\x18\a \x03(\x02B`\xc2H]\n" + + "[\n" + + "\ffloat.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12w\n" + + "\x06finite\x18\b \x01(\bB_\xc2H\\\n" + + "Z\n" + + "\ffloat.finite\x1aJrules.finite ? (this.isNan() || this.isInf() ? 'must be finite' : '') : ''R\x06finite\x124\n" + "\aexample\x18\t \x03(\x02B\x1a\xc2H\x17\n" + "\x15\n" + "\rfloat.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xa2\x18\n" + - "\vDoubleRules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\x01Bu\xc2Hr\n" + - "p\n" + - "\fdouble.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xa4\x01\n" + - "\x02lt\x18\x02 \x01(\x01B\x91\x01\xc2H\x8d\x01\n" + - "\x8a\x01\n" + - "\tdouble.lt\x1a}!has(rules.gte) && !has(rules.gt) && (this.isNan() || this >= rules.lt)? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xb5\x01\n" + - "\x03lte\x18\x03 \x01(\x01B\xa0\x01\xc2H\x9c\x01\n" + - "\x99\x01\n" + + "\fgreater_than\"\xc0\x17\n" + + "\vDoubleRules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\x01Bo\xc2Hl\n" + + "j\n" + + "\fdouble.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x9e\x01\n" + + "\x02lt\x18\x02 \x01(\x01B\x8b\x01\xc2H\x87\x01\n" + + "\x84\x01\n" + + "\tdouble.lt\x1aw!has(rules.gte) && !has(rules.gt) && (this.isNan() || this >= rules.lt)? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xaf\x01\n" + + "\x03lte\x18\x03 \x01(\x01B\x9a\x01\xc2H\x96\x01\n" + + "\x93\x01\n" + "\n" + - "double.lte\x1a\x8a\x01!has(rules.gte) && !has(rules.gt) && (this.isNan() || this > rules.lte)? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xf8\a\n" + - "\x02gt\x18\x04 \x01(\x01B\xe5\a\xc2H\xe1\a\n" + - "\x8e\x01\n" + - "\tdouble.gt\x1a\x80\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this <= rules.gt)? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xc4\x01\n" + - "\fdouble.gt_lt\x1a\xb3\x01has(rules.lt) && rules.lt >= rules.gt && (this.isNan() || this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "double.lte\x1a\x84\x01!has(rules.gte) && !has(rules.gt) && (this.isNan() || this > rules.lte)? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xd9\a\n" + + "\x02gt\x18\x04 \x01(\x01B\xc6\a\xc2H\xc2\a\n" + + "\x87\x01\n" + + "\tdouble.gt\x1az!has(rules.lt) && !has(rules.lte) && (this.isNan() || this <= rules.gt)? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xbe\x01\n" + + "\fdouble.gt_lt\x1a\xad\x01has(rules.lt) && rules.lt >= rules.gt && (this.isNan() || this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc8\x01\n" + + "\x16double.gt_lt_exclusive\x1a\xad\x01has(rules.lt) && rules.lt < rules.gt && (this.isNan() || (rules.lt <= this && this <= rules.gt))? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + "\xce\x01\n" + - "\x16double.gt_lt_exclusive\x1a\xb3\x01has(rules.lt) && rules.lt < rules.gt && (this.isNan() || (rules.lt <= this && this <= rules.gt))? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xd4\x01\n" + - "\rdouble.gt_lte\x1a\xc2\x01has(rules.lte) && rules.lte >= rules.gt && (this.isNan() || this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xde\x01\n" + - "\x17double.gt_lte_exclusive\x1a\xc2\x01has(rules.lte) && rules.lte < rules.gt && (this.isNan() || (rules.lte < this && this <= rules.gt))? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xc4\b\n" + - "\x03gte\x18\x05 \x01(\x01B\xaf\b\xc2H\xab\b\n" + - "\x9c\x01\n" + + "\rdouble.gt_lte\x1a\xbc\x01has(rules.lte) && rules.lte >= rules.gt && (this.isNan() || this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xd8\x01\n" + + "\x17double.gt_lte_exclusive\x1a\xbc\x01has(rules.lte) && rules.lte < rules.gt && (this.isNan() || (rules.lte < this && this <= rules.gt))? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xa6\b\n" + + "\x03gte\x18\x05 \x01(\x01B\x91\b\xc2H\x8d\b\n" + + "\x96\x01\n" + "\n" + - "double.gte\x1a\x8d\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this < rules.gte)? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xd3\x01\n" + - "\rdouble.gte_lt\x1a\xc1\x01has(rules.lt) && rules.lt >= rules.gte && (this.isNan() || this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "double.gte\x1a\x87\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this < rules.gte)? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xcd\x01\n" + + "\rdouble.gte_lt\x1a\xbb\x01has(rules.lt) && rules.lt >= rules.gte && (this.isNan() || this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xd7\x01\n" + + "\x17double.gte_lt_exclusive\x1a\xbb\x01has(rules.lt) && rules.lt < rules.gte && (this.isNan() || (rules.lt <= this && this < rules.gte))? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + "\xdd\x01\n" + - "\x17double.gte_lt_exclusive\x1a\xc1\x01has(rules.lt) && rules.lt < rules.gte && (this.isNan() || (rules.lt <= this && this < rules.gte))? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xe3\x01\n" + - "\x0edouble.gte_lte\x1a\xd0\x01has(rules.lte) && rules.lte >= rules.gte && (this.isNan() || this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xed\x01\n" + - "\x18double.gte_lte_exclusive\x1a\xd0\x01has(rules.lte) && rules.lte < rules.gte && (this.isNan() || (rules.lte < this && this < rules.gte))? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\x01Bt\xc2Hq\n" + - "o\n" + - "\tdouble.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\x01Bg\xc2Hd\n" + - "b\n" + - "\rdouble.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12~\n" + - "\x06finite\x18\b \x01(\bBf\xc2Hc\n" + - "a\n" + - "\rdouble.finite\x1aPrules.finite ? (this.isNan() || this.isInf() ? 'value must be finite' : '') : ''R\x06finite\x125\n" + + "\x0edouble.gte_lte\x1a\xca\x01has(rules.lte) && rules.lte >= rules.gte && (this.isNan() || this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xe7\x01\n" + + "\x18double.gte_lte_exclusive\x1a\xca\x01has(rules.lte) && rules.lte < rules.gte && (this.isNan() || (rules.lte < this && this < rules.gte))? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\x01Bn\xc2Hk\n" + + "i\n" + + "\tdouble.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\x01Ba\xc2H^\n" + + "\\\n" + + "\rdouble.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12x\n" + + "\x06finite\x18\b \x01(\bB`\xc2H]\n" + + "[\n" + + "\rdouble.finite\x1aJrules.finite ? (this.isNan() || this.isInf() ? 'must be finite' : '') : ''R\x06finite\x125\n" + "\aexample\x18\t \x03(\x01B\x1b\xc2H\x18\n" + "\x16\n" + "\x0edouble.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xba\x15\n" + + "\fgreater_than\"\xde\x14\n" + "\n" + - "Int32Rules\x12\x8a\x01\n" + - "\x05const\x18\x01 \x01(\x05Bt\xc2Hq\n" + - "o\n" + - "\vint32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8e\x01\n" + - "\x02lt\x18\x02 \x01(\x05B|\xc2Hy\n" + - "w\n" + - "\bint32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa1\x01\n" + - "\x03lte\x18\x03 \x01(\x05B\x8c\x01\xc2H\x88\x01\n" + - "\x85\x01\n" + - "\tint32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x9b\a\n" + - "\x02gt\x18\x04 \x01(\x05B\x88\a\xc2H\x84\a\n" + - "z\n" + - "\bint32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb3\x01\n" + - "\vint32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbb\x01\n" + - "\x15int32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc3\x01\n" + - "\fint32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcb\x01\n" + - "\x16int32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xe8\a\n" + - "\x03gte\x18\x05 \x01(\x05B\xd3\a\xc2H\xcf\a\n" + - "\x88\x01\n" + - "\tint32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc2\x01\n" + - "\fint32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xca\x01\n" + - "\x16int32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd2\x01\n" + - "\rint32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xda\x01\n" + - "\x17int32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x83\x01\n" + - "\x02in\x18\x06 \x03(\x05Bs\xc2Hp\n" + - "n\n" + - "\bint32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12}\n" + - "\x06not_in\x18\a \x03(\x05Bf\xc2Hc\n" + - "a\n" + - "\fint32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x124\n" + + "Int32Rules\x12\x84\x01\n" + + "\x05const\x18\x01 \x01(\x05Bn\xc2Hk\n" + + "i\n" + + "\vint32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x88\x01\n" + + "\x02lt\x18\x02 \x01(\x05Bv\xc2Hs\n" + + "q\n" + + "\bint32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9a\x01\n" + + "\x03lte\x18\x03 \x01(\x05B\x85\x01\xc2H\x81\x01\n" + + "\x7f\n" + + "\tint32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xfd\x06\n" + + "\x02gt\x18\x04 \x01(\x05B\xea\x06\xc2H\xe6\x06\n" + + "t\n" + + "\bint32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xad\x01\n" + + "\vint32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb5\x01\n" + + "\x15int32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbd\x01\n" + + "\fint32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc5\x01\n" + + "\x16int32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xca\a\n" + + "\x03gte\x18\x05 \x01(\x05B\xb5\a\xc2H\xb1\a\n" + + "\x82\x01\n" + + "\tint32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbc\x01\n" + + "\fint32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc4\x01\n" + + "\x16int32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcc\x01\n" + + "\rint32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd4\x01\n" + + "\x17int32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12}\n" + + "\x02in\x18\x06 \x03(\x05Bm\xc2Hj\n" + + "h\n" + + "\bint32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12w\n" + + "\x06not_in\x18\a \x03(\x05B`\xc2H]\n" + + "[\n" + + "\fint32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x124\n" + "\aexample\x18\b \x03(\x05B\x1a\xc2H\x17\n" + "\x15\n" + "\rint32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xba\x15\n" + + "\fgreater_than\"\xde\x14\n" + "\n" + - "Int64Rules\x12\x8a\x01\n" + - "\x05const\x18\x01 \x01(\x03Bt\xc2Hq\n" + - "o\n" + - "\vint64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8e\x01\n" + - "\x02lt\x18\x02 \x01(\x03B|\xc2Hy\n" + - "w\n" + - "\bint64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa1\x01\n" + - "\x03lte\x18\x03 \x01(\x03B\x8c\x01\xc2H\x88\x01\n" + - "\x85\x01\n" + - "\tint64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x9b\a\n" + - "\x02gt\x18\x04 \x01(\x03B\x88\a\xc2H\x84\a\n" + - "z\n" + - "\bint64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb3\x01\n" + - "\vint64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbb\x01\n" + - "\x15int64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc3\x01\n" + - "\fint64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcb\x01\n" + - "\x16int64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xe8\a\n" + - "\x03gte\x18\x05 \x01(\x03B\xd3\a\xc2H\xcf\a\n" + - "\x88\x01\n" + - "\tint64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc2\x01\n" + - "\fint64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xca\x01\n" + - "\x16int64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd2\x01\n" + - "\rint64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xda\x01\n" + - "\x17int64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x83\x01\n" + - "\x02in\x18\x06 \x03(\x03Bs\xc2Hp\n" + - "n\n" + - "\bint64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12}\n" + - "\x06not_in\x18\a \x03(\x03Bf\xc2Hc\n" + - "a\n" + - "\fint64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x124\n" + + "Int64Rules\x12\x84\x01\n" + + "\x05const\x18\x01 \x01(\x03Bn\xc2Hk\n" + + "i\n" + + "\vint64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x88\x01\n" + + "\x02lt\x18\x02 \x01(\x03Bv\xc2Hs\n" + + "q\n" + + "\bint64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9a\x01\n" + + "\x03lte\x18\x03 \x01(\x03B\x85\x01\xc2H\x81\x01\n" + + "\x7f\n" + + "\tint64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xfd\x06\n" + + "\x02gt\x18\x04 \x01(\x03B\xea\x06\xc2H\xe6\x06\n" + + "t\n" + + "\bint64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xad\x01\n" + + "\vint64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb5\x01\n" + + "\x15int64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbd\x01\n" + + "\fint64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc5\x01\n" + + "\x16int64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xca\a\n" + + "\x03gte\x18\x05 \x01(\x03B\xb5\a\xc2H\xb1\a\n" + + "\x82\x01\n" + + "\tint64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbc\x01\n" + + "\fint64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc4\x01\n" + + "\x16int64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcc\x01\n" + + "\rint64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd4\x01\n" + + "\x17int64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12}\n" + + "\x02in\x18\x06 \x03(\x03Bm\xc2Hj\n" + + "h\n" + + "\bint64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12w\n" + + "\x06not_in\x18\a \x03(\x03B`\xc2H]\n" + + "[\n" + + "\fint64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x124\n" + "\aexample\x18\t \x03(\x03B\x1a\xc2H\x17\n" + "\x15\n" + "\rint64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xcb\x15\n" + - "\vUInt32Rules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\rBu\xc2Hr\n" + - "p\n" + - "\fuint32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8f\x01\n" + - "\x02lt\x18\x02 \x01(\rB}\xc2Hz\n" + - "x\n" + - "\tuint32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa2\x01\n" + - "\x03lte\x18\x03 \x01(\rB\x8d\x01\xc2H\x89\x01\n" + - "\x86\x01\n" + + "\fgreater_than\"\xf0\x14\n" + + "\vUInt32Rules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\rBo\xc2Hl\n" + + "j\n" + + "\fuint32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x89\x01\n" + + "\x02lt\x18\x02 \x01(\rBw\xc2Ht\n" + + "r\n" + + "\tuint32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9c\x01\n" + + "\x03lte\x18\x03 \x01(\rB\x87\x01\xc2H\x83\x01\n" + + "\x80\x01\n" + "\n" + - "uint32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa0\a\n" + - "\x02gt\x18\x04 \x01(\rB\x8d\a\xc2H\x89\a\n" + - "{\n" + - "\tuint32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb4\x01\n" + - "\fuint32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbc\x01\n" + - "\x16uint32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc4\x01\n" + - "\ruint32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcc\x01\n" + - "\x17uint32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xed\a\n" + - "\x03gte\x18\x05 \x01(\rB\xd8\a\xc2H\xd4\a\n" + - "\x89\x01\n" + + "uint32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x82\a\n" + + "\x02gt\x18\x04 \x01(\rB\xef\x06\xc2H\xeb\x06\n" + + "u\n" + + "\tuint32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xae\x01\n" + + "\fuint32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb6\x01\n" + + "\x16uint32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbe\x01\n" + + "\ruint32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc6\x01\n" + + "\x17uint32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xcf\a\n" + + "\x03gte\x18\x05 \x01(\rB\xba\a\xc2H\xb6\a\n" + + "\x83\x01\n" + "\n" + - "uint32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc3\x01\n" + - "\ruint32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcb\x01\n" + - "\x17uint32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\x0euint32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdb\x01\n" + - "\x18uint32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\rBt\xc2Hq\n" + - "o\n" + - "\tuint32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\rBg\xc2Hd\n" + - "b\n" + - "\ruint32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + + "uint32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbd\x01\n" + + "\ruint32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc5\x01\n" + + "\x17uint32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcd\x01\n" + + "\x0euint32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd5\x01\n" + + "\x18uint32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\rBn\xc2Hk\n" + + "i\n" + + "\tuint32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\rBa\xc2H^\n" + + "\\\n" + + "\ruint32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + "\aexample\x18\b \x03(\rB\x1b\xc2H\x18\n" + "\x16\n" + "\x0euint32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xcb\x15\n" + - "\vUInt64Rules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\x04Bu\xc2Hr\n" + - "p\n" + - "\fuint64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8f\x01\n" + - "\x02lt\x18\x02 \x01(\x04B}\xc2Hz\n" + - "x\n" + - "\tuint64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa2\x01\n" + - "\x03lte\x18\x03 \x01(\x04B\x8d\x01\xc2H\x89\x01\n" + - "\x86\x01\n" + + "\fgreater_than\"\xf0\x14\n" + + "\vUInt64Rules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\x04Bo\xc2Hl\n" + + "j\n" + + "\fuint64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x89\x01\n" + + "\x02lt\x18\x02 \x01(\x04Bw\xc2Ht\n" + + "r\n" + + "\tuint64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9c\x01\n" + + "\x03lte\x18\x03 \x01(\x04B\x87\x01\xc2H\x83\x01\n" + + "\x80\x01\n" + "\n" + - "uint64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa0\a\n" + - "\x02gt\x18\x04 \x01(\x04B\x8d\a\xc2H\x89\a\n" + - "{\n" + - "\tuint64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb4\x01\n" + - "\fuint64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbc\x01\n" + - "\x16uint64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc4\x01\n" + - "\ruint64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcc\x01\n" + - "\x17uint64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xed\a\n" + - "\x03gte\x18\x05 \x01(\x04B\xd8\a\xc2H\xd4\a\n" + - "\x89\x01\n" + + "uint64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x82\a\n" + + "\x02gt\x18\x04 \x01(\x04B\xef\x06\xc2H\xeb\x06\n" + + "u\n" + + "\tuint64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xae\x01\n" + + "\fuint64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb6\x01\n" + + "\x16uint64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbe\x01\n" + + "\ruint64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc6\x01\n" + + "\x17uint64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xcf\a\n" + + "\x03gte\x18\x05 \x01(\x04B\xba\a\xc2H\xb6\a\n" + + "\x83\x01\n" + "\n" + - "uint64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc3\x01\n" + - "\ruint64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcb\x01\n" + - "\x17uint64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\x0euint64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdb\x01\n" + - "\x18uint64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\x04Bt\xc2Hq\n" + - "o\n" + - "\tuint64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\x04Bg\xc2Hd\n" + - "b\n" + - "\ruint64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + + "uint64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbd\x01\n" + + "\ruint64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc5\x01\n" + + "\x17uint64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcd\x01\n" + + "\x0euint64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd5\x01\n" + + "\x18uint64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\x04Bn\xc2Hk\n" + + "i\n" + + "\tuint64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\x04Ba\xc2H^\n" + + "\\\n" + + "\ruint64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + "\aexample\x18\b \x03(\x04B\x1b\xc2H\x18\n" + "\x16\n" + "\x0euint64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xcb\x15\n" + - "\vSInt32Rules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\x11Bu\xc2Hr\n" + - "p\n" + - "\fsint32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8f\x01\n" + - "\x02lt\x18\x02 \x01(\x11B}\xc2Hz\n" + - "x\n" + - "\tsint32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa2\x01\n" + - "\x03lte\x18\x03 \x01(\x11B\x8d\x01\xc2H\x89\x01\n" + - "\x86\x01\n" + + "\fgreater_than\"\xf0\x14\n" + + "\vSInt32Rules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\x11Bo\xc2Hl\n" + + "j\n" + + "\fsint32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x89\x01\n" + + "\x02lt\x18\x02 \x01(\x11Bw\xc2Ht\n" + + "r\n" + + "\tsint32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9c\x01\n" + + "\x03lte\x18\x03 \x01(\x11B\x87\x01\xc2H\x83\x01\n" + + "\x80\x01\n" + "\n" + - "sint32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa0\a\n" + - "\x02gt\x18\x04 \x01(\x11B\x8d\a\xc2H\x89\a\n" + - "{\n" + - "\tsint32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb4\x01\n" + - "\fsint32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbc\x01\n" + - "\x16sint32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc4\x01\n" + - "\rsint32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcc\x01\n" + - "\x17sint32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xed\a\n" + - "\x03gte\x18\x05 \x01(\x11B\xd8\a\xc2H\xd4\a\n" + - "\x89\x01\n" + + "sint32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x82\a\n" + + "\x02gt\x18\x04 \x01(\x11B\xef\x06\xc2H\xeb\x06\n" + + "u\n" + + "\tsint32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xae\x01\n" + + "\fsint32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb6\x01\n" + + "\x16sint32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbe\x01\n" + + "\rsint32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc6\x01\n" + + "\x17sint32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xcf\a\n" + + "\x03gte\x18\x05 \x01(\x11B\xba\a\xc2H\xb6\a\n" + + "\x83\x01\n" + "\n" + - "sint32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc3\x01\n" + - "\rsint32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcb\x01\n" + - "\x17sint32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\x0esint32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdb\x01\n" + - "\x18sint32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\x11Bt\xc2Hq\n" + - "o\n" + - "\tsint32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\x11Bg\xc2Hd\n" + - "b\n" + - "\rsint32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + + "sint32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbd\x01\n" + + "\rsint32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc5\x01\n" + + "\x17sint32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcd\x01\n" + + "\x0esint32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd5\x01\n" + + "\x18sint32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\x11Bn\xc2Hk\n" + + "i\n" + + "\tsint32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\x11Ba\xc2H^\n" + + "\\\n" + + "\rsint32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + "\aexample\x18\b \x03(\x11B\x1b\xc2H\x18\n" + "\x16\n" + "\x0esint32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xcb\x15\n" + - "\vSInt64Rules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\x12Bu\xc2Hr\n" + - "p\n" + - "\fsint64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8f\x01\n" + - "\x02lt\x18\x02 \x01(\x12B}\xc2Hz\n" + - "x\n" + - "\tsint64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa2\x01\n" + - "\x03lte\x18\x03 \x01(\x12B\x8d\x01\xc2H\x89\x01\n" + - "\x86\x01\n" + + "\fgreater_than\"\xf0\x14\n" + + "\vSInt64Rules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\x12Bo\xc2Hl\n" + + "j\n" + + "\fsint64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x89\x01\n" + + "\x02lt\x18\x02 \x01(\x12Bw\xc2Ht\n" + + "r\n" + + "\tsint64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9c\x01\n" + + "\x03lte\x18\x03 \x01(\x12B\x87\x01\xc2H\x83\x01\n" + + "\x80\x01\n" + "\n" + - "sint64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa0\a\n" + - "\x02gt\x18\x04 \x01(\x12B\x8d\a\xc2H\x89\a\n" + - "{\n" + - "\tsint64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb4\x01\n" + - "\fsint64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbc\x01\n" + - "\x16sint64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc4\x01\n" + - "\rsint64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcc\x01\n" + - "\x17sint64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xed\a\n" + - "\x03gte\x18\x05 \x01(\x12B\xd8\a\xc2H\xd4\a\n" + - "\x89\x01\n" + + "sint64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x82\a\n" + + "\x02gt\x18\x04 \x01(\x12B\xef\x06\xc2H\xeb\x06\n" + + "u\n" + + "\tsint64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xae\x01\n" + + "\fsint64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb6\x01\n" + + "\x16sint64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbe\x01\n" + + "\rsint64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc6\x01\n" + + "\x17sint64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xcf\a\n" + + "\x03gte\x18\x05 \x01(\x12B\xba\a\xc2H\xb6\a\n" + + "\x83\x01\n" + "\n" + - "sint64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc3\x01\n" + - "\rsint64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcb\x01\n" + - "\x17sint64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\x0esint64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdb\x01\n" + - "\x18sint64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\x12Bt\xc2Hq\n" + - "o\n" + - "\tsint64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\x12Bg\xc2Hd\n" + - "b\n" + - "\rsint64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + + "sint64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbd\x01\n" + + "\rsint64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc5\x01\n" + + "\x17sint64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcd\x01\n" + + "\x0esint64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd5\x01\n" + + "\x18sint64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\x12Bn\xc2Hk\n" + + "i\n" + + "\tsint64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\x12Ba\xc2H^\n" + + "\\\n" + + "\rsint64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + "\aexample\x18\b \x03(\x12B\x1b\xc2H\x18\n" + "\x16\n" + "\x0esint64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xdc\x15\n" + - "\fFixed32Rules\x12\x8c\x01\n" + - "\x05const\x18\x01 \x01(\aBv\xc2Hs\n" + - "q\n" + - "\rfixed32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x90\x01\n" + - "\x02lt\x18\x02 \x01(\aB~\xc2H{\n" + - "y\n" + + "\fgreater_than\"\x81\x15\n" + + "\fFixed32Rules\x12\x86\x01\n" + + "\x05const\x18\x01 \x01(\aBp\xc2Hm\n" + + "k\n" + + "\rfixed32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8a\x01\n" + + "\x02lt\x18\x02 \x01(\aBx\xc2Hu\n" + + "s\n" + "\n" + - "fixed32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa3\x01\n" + - "\x03lte\x18\x03 \x01(\aB\x8e\x01\xc2H\x8a\x01\n" + - "\x87\x01\n" + - "\vfixed32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa5\a\n" + - "\x02gt\x18\x04 \x01(\aB\x92\a\xc2H\x8e\a\n" + - "|\n" + + "fixed32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9d\x01\n" + + "\x03lte\x18\x03 \x01(\aB\x88\x01\xc2H\x84\x01\n" + + "\x81\x01\n" + + "\vfixed32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x87\a\n" + + "\x02gt\x18\x04 \x01(\aB\xf4\x06\xc2H\xf0\x06\n" + + "v\n" + "\n" + - "fixed32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb5\x01\n" + - "\rfixed32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbd\x01\n" + - "\x17fixed32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc5\x01\n" + - "\x0efixed32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcd\x01\n" + - "\x18fixed32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf2\a\n" + - "\x03gte\x18\x05 \x01(\aB\xdd\a\xc2H\xd9\a\n" + - "\x8a\x01\n" + - "\vfixed32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc4\x01\n" + - "\x0efixed32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcc\x01\n" + - "\x18fixed32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd4\x01\n" + - "\x0ffixed32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdc\x01\n" + - "\x19fixed32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x85\x01\n" + - "\x02in\x18\x06 \x03(\aBu\xc2Hr\n" + - "p\n" + + "fixed32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xaf\x01\n" + + "\rfixed32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb7\x01\n" + + "\x17fixed32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbf\x01\n" + + "\x0efixed32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc7\x01\n" + + "\x18fixed32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xd4\a\n" + + "\x03gte\x18\x05 \x01(\aB\xbf\a\xc2H\xbb\a\n" + + "\x84\x01\n" + + "\vfixed32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbe\x01\n" + + "\x0efixed32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc6\x01\n" + + "\x18fixed32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xce\x01\n" + + "\x0ffixed32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd6\x01\n" + + "\x19fixed32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x7f\n" + + "\x02in\x18\x06 \x03(\aBo\xc2Hl\n" + + "j\n" + "\n" + - "fixed32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x7f\n" + - "\x06not_in\x18\a \x03(\aBh\xc2He\n" + - "c\n" + - "\x0efixed32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x126\n" + + "fixed32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12y\n" + + "\x06not_in\x18\a \x03(\aBb\xc2H_\n" + + "]\n" + + "\x0efixed32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x126\n" + "\aexample\x18\b \x03(\aB\x1c\xc2H\x19\n" + "\x17\n" + "\x0ffixed32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xdc\x15\n" + - "\fFixed64Rules\x12\x8c\x01\n" + - "\x05const\x18\x01 \x01(\x06Bv\xc2Hs\n" + - "q\n" + - "\rfixed64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x90\x01\n" + - "\x02lt\x18\x02 \x01(\x06B~\xc2H{\n" + - "y\n" + + "\fgreater_than\"\x81\x15\n" + + "\fFixed64Rules\x12\x86\x01\n" + + "\x05const\x18\x01 \x01(\x06Bp\xc2Hm\n" + + "k\n" + + "\rfixed64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8a\x01\n" + + "\x02lt\x18\x02 \x01(\x06Bx\xc2Hu\n" + + "s\n" + "\n" + - "fixed64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa3\x01\n" + - "\x03lte\x18\x03 \x01(\x06B\x8e\x01\xc2H\x8a\x01\n" + - "\x87\x01\n" + - "\vfixed64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa5\a\n" + - "\x02gt\x18\x04 \x01(\x06B\x92\a\xc2H\x8e\a\n" + - "|\n" + + "fixed64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9d\x01\n" + + "\x03lte\x18\x03 \x01(\x06B\x88\x01\xc2H\x84\x01\n" + + "\x81\x01\n" + + "\vfixed64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x87\a\n" + + "\x02gt\x18\x04 \x01(\x06B\xf4\x06\xc2H\xf0\x06\n" + + "v\n" + "\n" + - "fixed64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb5\x01\n" + - "\rfixed64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbd\x01\n" + - "\x17fixed64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc5\x01\n" + - "\x0efixed64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcd\x01\n" + - "\x18fixed64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf2\a\n" + - "\x03gte\x18\x05 \x01(\x06B\xdd\a\xc2H\xd9\a\n" + - "\x8a\x01\n" + - "\vfixed64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc4\x01\n" + - "\x0efixed64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcc\x01\n" + - "\x18fixed64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd4\x01\n" + - "\x0ffixed64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdc\x01\n" + - "\x19fixed64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x85\x01\n" + - "\x02in\x18\x06 \x03(\x06Bu\xc2Hr\n" + - "p\n" + + "fixed64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xaf\x01\n" + + "\rfixed64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb7\x01\n" + + "\x17fixed64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbf\x01\n" + + "\x0efixed64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc7\x01\n" + + "\x18fixed64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xd4\a\n" + + "\x03gte\x18\x05 \x01(\x06B\xbf\a\xc2H\xbb\a\n" + + "\x84\x01\n" + + "\vfixed64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbe\x01\n" + + "\x0efixed64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc6\x01\n" + + "\x18fixed64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xce\x01\n" + + "\x0ffixed64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd6\x01\n" + + "\x19fixed64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x7f\n" + + "\x02in\x18\x06 \x03(\x06Bo\xc2Hl\n" + + "j\n" + "\n" + - "fixed64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x7f\n" + - "\x06not_in\x18\a \x03(\x06Bh\xc2He\n" + - "c\n" + - "\x0efixed64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x126\n" + + "fixed64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12y\n" + + "\x06not_in\x18\a \x03(\x06Bb\xc2H_\n" + + "]\n" + + "\x0efixed64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x126\n" + "\aexample\x18\b \x03(\x06B\x1c\xc2H\x19\n" + "\x17\n" + "\x0ffixed64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xee\x15\n" + - "\rSFixed32Rules\x12\x8d\x01\n" + - "\x05const\x18\x01 \x01(\x0fBw\xc2Ht\n" + - "r\n" + - "\x0esfixed32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x91\x01\n" + - "\x02lt\x18\x02 \x01(\x0fB\x7f\xc2H|\n" + - "z\n" + - "\vsfixed32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa4\x01\n" + - "\x03lte\x18\x03 \x01(\x0fB\x8f\x01\xc2H\x8b\x01\n" + - "\x88\x01\n" + - "\fsfixed32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xaa\a\n" + - "\x02gt\x18\x04 \x01(\x0fB\x97\a\xc2H\x93\a\n" + - "}\n" + - "\vsfixed32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb6\x01\n" + - "\x0esfixed32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbe\x01\n" + - "\x18sfixed32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc6\x01\n" + - "\x0fsfixed32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xce\x01\n" + - "\x19sfixed32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf7\a\n" + - "\x03gte\x18\x05 \x01(\x0fB\xe2\a\xc2H\xde\a\n" + - "\x8b\x01\n" + - "\fsfixed32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc5\x01\n" + - "\x0fsfixed32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcd\x01\n" + - "\x19sfixed32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd5\x01\n" + - "\x10sfixed32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdd\x01\n" + - "\x1asfixed32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x86\x01\n" + - "\x02in\x18\x06 \x03(\x0fBv\xc2Hs\n" + - "q\n" + - "\vsfixed32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x80\x01\n" + - "\x06not_in\x18\a \x03(\x0fBi\xc2Hf\n" + - "d\n" + - "\x0fsfixed32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x127\n" + + "\fgreater_than\"\x93\x15\n" + + "\rSFixed32Rules\x12\x87\x01\n" + + "\x05const\x18\x01 \x01(\x0fBq\xc2Hn\n" + + "l\n" + + "\x0esfixed32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8b\x01\n" + + "\x02lt\x18\x02 \x01(\x0fBy\xc2Hv\n" + + "t\n" + + "\vsfixed32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9e\x01\n" + + "\x03lte\x18\x03 \x01(\x0fB\x89\x01\xc2H\x85\x01\n" + + "\x82\x01\n" + + "\fsfixed32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x8c\a\n" + + "\x02gt\x18\x04 \x01(\x0fB\xf9\x06\xc2H\xf5\x06\n" + + "w\n" + + "\vsfixed32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xb0\x01\n" + + "\x0esfixed32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb8\x01\n" + + "\x18sfixed32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc0\x01\n" + + "\x0fsfixed32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc8\x01\n" + + "\x19sfixed32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xd9\a\n" + + "\x03gte\x18\x05 \x01(\x0fB\xc4\a\xc2H\xc0\a\n" + + "\x85\x01\n" + + "\fsfixed32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbf\x01\n" + + "\x0fsfixed32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc7\x01\n" + + "\x19sfixed32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcf\x01\n" + + "\x10sfixed32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd7\x01\n" + + "\x1asfixed32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x80\x01\n" + + "\x02in\x18\x06 \x03(\x0fBp\xc2Hm\n" + + "k\n" + + "\vsfixed32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12z\n" + + "\x06not_in\x18\a \x03(\x0fBc\xc2H`\n" + + "^\n" + + "\x0fsfixed32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x127\n" + "\aexample\x18\b \x03(\x0fB\x1d\xc2H\x1a\n" + "\x18\n" + "\x10sfixed32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xee\x15\n" + - "\rSFixed64Rules\x12\x8d\x01\n" + - "\x05const\x18\x01 \x01(\x10Bw\xc2Ht\n" + - "r\n" + - "\x0esfixed64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x91\x01\n" + - "\x02lt\x18\x02 \x01(\x10B\x7f\xc2H|\n" + - "z\n" + - "\vsfixed64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa4\x01\n" + - "\x03lte\x18\x03 \x01(\x10B\x8f\x01\xc2H\x8b\x01\n" + - "\x88\x01\n" + - "\fsfixed64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xaa\a\n" + - "\x02gt\x18\x04 \x01(\x10B\x97\a\xc2H\x93\a\n" + - "}\n" + - "\vsfixed64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb6\x01\n" + - "\x0esfixed64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbe\x01\n" + - "\x18sfixed64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc6\x01\n" + - "\x0fsfixed64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xce\x01\n" + - "\x19sfixed64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf7\a\n" + - "\x03gte\x18\x05 \x01(\x10B\xe2\a\xc2H\xde\a\n" + - "\x8b\x01\n" + - "\fsfixed64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc5\x01\n" + - "\x0fsfixed64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcd\x01\n" + - "\x19sfixed64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd5\x01\n" + - "\x10sfixed64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdd\x01\n" + - "\x1asfixed64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x86\x01\n" + - "\x02in\x18\x06 \x03(\x10Bv\xc2Hs\n" + - "q\n" + - "\vsfixed64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x80\x01\n" + - "\x06not_in\x18\a \x03(\x10Bi\xc2Hf\n" + - "d\n" + - "\x0fsfixed64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x127\n" + + "\fgreater_than\"\x93\x15\n" + + "\rSFixed64Rules\x12\x87\x01\n" + + "\x05const\x18\x01 \x01(\x10Bq\xc2Hn\n" + + "l\n" + + "\x0esfixed64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8b\x01\n" + + "\x02lt\x18\x02 \x01(\x10By\xc2Hv\n" + + "t\n" + + "\vsfixed64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9e\x01\n" + + "\x03lte\x18\x03 \x01(\x10B\x89\x01\xc2H\x85\x01\n" + + "\x82\x01\n" + + "\fsfixed64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x8c\a\n" + + "\x02gt\x18\x04 \x01(\x10B\xf9\x06\xc2H\xf5\x06\n" + + "w\n" + + "\vsfixed64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xb0\x01\n" + + "\x0esfixed64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb8\x01\n" + + "\x18sfixed64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc0\x01\n" + + "\x0fsfixed64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc8\x01\n" + + "\x19sfixed64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xd9\a\n" + + "\x03gte\x18\x05 \x01(\x10B\xc4\a\xc2H\xc0\a\n" + + "\x85\x01\n" + + "\fsfixed64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbf\x01\n" + + "\x0fsfixed64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc7\x01\n" + + "\x19sfixed64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcf\x01\n" + + "\x10sfixed64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd7\x01\n" + + "\x1asfixed64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x80\x01\n" + + "\x02in\x18\x06 \x03(\x10Bp\xc2Hm\n" + + "k\n" + + "\vsfixed64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12z\n" + + "\x06not_in\x18\a \x03(\x10Bc\xc2H`\n" + + "^\n" + + "\x0fsfixed64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x127\n" + "\aexample\x18\b \x03(\x10B\x1d\xc2H\x1a\n" + "\x18\n" + "\x10sfixed64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xd7\x01\n" + - "\tBoolRules\x12\x89\x01\n" + - "\x05const\x18\x01 \x01(\bBs\xc2Hp\n" + - "n\n" + + "\fgreater_than\"\xd1\x01\n" + + "\tBoolRules\x12\x83\x01\n" + + "\x05const\x18\x01 \x01(\bBm\xc2Hj\n" + + "h\n" + "\n" + - "bool.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x123\n" + + "bool.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x123\n" + "\aexample\x18\x02 \x03(\bB\x19\xc2H\x16\n" + "\x14\n" + - "\fbool.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xcf;\n" + - "\vStringRules\x12\x8d\x01\n" + - "\x05const\x18\x01 \x01(\tBw\xc2Ht\n" + - "r\n" + - "\fstring.const\x1abthis != getField(rules, 'const') ? 'value must equal `%s`'.format([getField(rules, 'const')]) : ''R\x05const\x12\x83\x01\n" + - "\x03len\x18\x13 \x01(\x04Bq\xc2Hn\n" + + "\fbool.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xcf?\n" + + "\vStringRules\x12\x87\x01\n" + + "\x05const\x18\x01 \x01(\tBq\xc2Hn\n" + "l\n" + + "\fstring.const\x1a\\this != getField(rules, 'const') ? 'must equal `%s`'.format([getField(rules, 'const')]) : ''R\x05const\x12v\n" + + "\x03len\x18\x13 \x01(\x04Bd\xc2Ha\n" + + "_\n" + "\n" + - "string.len\x1a^uint(this.size()) != rules.len ? 'value length must be %s characters'.format([rules.len]) : ''R\x03len\x12\xa1\x01\n" + - "\amin_len\x18\x02 \x01(\x04B\x87\x01\xc2H\x83\x01\n" + - "\x80\x01\n" + - "\x0estring.min_len\x1anuint(this.size()) < rules.min_len ? 'value length must be at least %s characters'.format([rules.min_len]) : ''R\x06minLen\x12\x9f\x01\n" + - "\amax_len\x18\x03 \x01(\x04B\x85\x01\xc2H\x81\x01\n" + - "\x7f\n" + - "\x0estring.max_len\x1amuint(this.size()) > rules.max_len ? 'value length must be at most %s characters'.format([rules.max_len]) : ''R\x06maxLen\x12\xa5\x01\n" + - "\tlen_bytes\x18\x14 \x01(\x04B\x87\x01\xc2H\x83\x01\n" + - "\x80\x01\n" + - "\x10string.len_bytes\x1aluint(bytes(this).size()) != rules.len_bytes ? 'value length must be %s bytes'.format([rules.len_bytes]) : ''R\blenBytes\x12\xad\x01\n" + - "\tmin_bytes\x18\x04 \x01(\x04B\x8f\x01\xc2H\x8b\x01\n" + - "\x88\x01\n" + - "\x10string.min_bytes\x1atuint(bytes(this).size()) < rules.min_bytes ? 'value length must be at least %s bytes'.format([rules.min_bytes]) : ''R\bminBytes\x12\xac\x01\n" + - "\tmax_bytes\x18\x05 \x01(\x04B\x8e\x01\xc2H\x8a\x01\n" + - "\x87\x01\n" + - "\x10string.max_bytes\x1asuint(bytes(this).size()) > rules.max_bytes ? 'value length must be at most %s bytes'.format([rules.max_bytes]) : ''R\bmaxBytes\x12\x96\x01\n" + - "\apattern\x18\x06 \x01(\tB|\xc2Hy\n" + - "w\n" + - "\x0estring.pattern\x1ae!this.matches(rules.pattern) ? 'value does not match regex pattern `%s`'.format([rules.pattern]) : ''R\apattern\x12\x8c\x01\n" + - "\x06prefix\x18\a \x01(\tBt\xc2Hq\n" + - "o\n" + - "\rstring.prefix\x1a^!this.startsWith(rules.prefix) ? 'value does not have prefix `%s`'.format([rules.prefix]) : ''R\x06prefix\x12\x8a\x01\n" + - "\x06suffix\x18\b \x01(\tBr\xc2Ho\n" + - "m\n" + - "\rstring.suffix\x1a\\!this.endsWith(rules.suffix) ? 'value does not have suffix `%s`'.format([rules.suffix]) : ''R\x06suffix\x12\x9a\x01\n" + - "\bcontains\x18\t \x01(\tB~\xc2H{\n" + - "y\n" + - "\x0fstring.contains\x1af!this.contains(rules.contains) ? 'value does not contain substring `%s`'.format([rules.contains]) : ''R\bcontains\x12\xa5\x01\n" + - "\fnot_contains\x18\x17 \x01(\tB\x81\x01\xc2H~\n" + - "|\n" + - "\x13string.not_contains\x1aethis.contains(rules.not_contains) ? 'value contains substring `%s`'.format([rules.not_contains]) : ''R\vnotContains\x12\x84\x01\n" + + "string.len\x1aQuint(this.size()) != rules.len ? 'must be %s characters'.format([rules.len]) : ''R\x03len\x12\x91\x01\n" + + "\amin_len\x18\x02 \x01(\x04Bx\xc2Hu\n" + + "s\n" + + "\x0estring.min_len\x1aauint(this.size()) < rules.min_len ? 'must be at least %s characters'.format([rules.min_len]) : ''R\x06minLen\x12\x90\x01\n" + + "\amax_len\x18\x03 \x01(\x04Bw\xc2Ht\n" + + "r\n" + + "\x0estring.max_len\x1a`uint(this.size()) > rules.max_len ? 'must be at most %s characters'.format([rules.max_len]) : ''R\x06maxLen\x12\x95\x01\n" + + "\tlen_bytes\x18\x14 \x01(\x04Bx\xc2Hu\n" + + "s\n" + + "\x10string.len_bytes\x1a_uint(bytes(this).size()) != rules.len_bytes ? 'must be %s bytes'.format([rules.len_bytes]) : ''R\blenBytes\x12\x9e\x01\n" + + "\tmin_bytes\x18\x04 \x01(\x04B\x80\x01\xc2H}\n" + + "{\n" + + "\x10string.min_bytes\x1aguint(bytes(this).size()) < rules.min_bytes ? 'must be at least %s bytes'.format([rules.min_bytes]) : ''R\bminBytes\x12\x9c\x01\n" + + "\tmax_bytes\x18\x05 \x01(\x04B\x7f\xc2H|\n" + + "z\n" + + "\x10string.max_bytes\x1afuint(bytes(this).size()) > rules.max_bytes ? 'must be at most %s bytes'.format([rules.max_bytes]) : ''R\bmaxBytes\x12\x90\x01\n" + + "\apattern\x18\x06 \x01(\tBv\xc2Hs\n" + + "q\n" + + "\x0estring.pattern\x1a_!this.matches(rules.pattern) ? 'does not match regex pattern `%s`'.format([rules.pattern]) : ''R\apattern\x12\x86\x01\n" + + "\x06prefix\x18\a \x01(\tBn\xc2Hk\n" + + "i\n" + + "\rstring.prefix\x1aX!this.startsWith(rules.prefix) ? 'does not have prefix `%s`'.format([rules.prefix]) : ''R\x06prefix\x12\x84\x01\n" + + "\x06suffix\x18\b \x01(\tBl\xc2Hi\n" + + "g\n" + + "\rstring.suffix\x1aV!this.endsWith(rules.suffix) ? 'does not have suffix `%s`'.format([rules.suffix]) : ''R\x06suffix\x12\x94\x01\n" + + "\bcontains\x18\t \x01(\tBx\xc2Hu\n" + + "s\n" + + "\x0fstring.contains\x1a`!this.contains(rules.contains) ? 'does not contain substring `%s`'.format([rules.contains]) : ''R\bcontains\x12\x9e\x01\n" + + "\fnot_contains\x18\x17 \x01(\tB{\xc2Hx\n" + + "v\n" + + "\x13string.not_contains\x1a_this.contains(rules.not_contains) ? 'contains substring `%s`'.format([rules.not_contains]) : ''R\vnotContains\x12~\n" + "\x02in\x18\n" + - " \x03(\tBt\xc2Hq\n" + - "o\n" + - "\tstring.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\v \x03(\tBg\xc2Hd\n" + - "b\n" + - "\rstring.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12\xe6\x01\n" + - "\x05email\x18\f \x01(\bB\xcd\x01\xc2H\xc9\x01\n" + - "a\n" + - "\fstring.email\x12#value must be a valid email address\x1a,!rules.email || this == '' || this.isEmail()\n" + + " \x03(\tBn\xc2Hk\n" + + "i\n" + + "\tstring.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\v \x03(\tBa\xc2H^\n" + + "\\\n" + + "\rstring.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12\xe0\x01\n" + + "\x05email\x18\f \x01(\bB\xc7\x01\xc2H\xc3\x01\n" + + "[\n" + + "\fstring.email\x12\x1dmust be a valid email address\x1a,!rules.email || this == '' || this.isEmail()\n" + "d\n" + - "\x12string.email_empty\x122value is empty, which is not a valid email address\x1a\x1a!rules.email || this != ''H\x00R\x05email\x12\xf1\x01\n" + - "\bhostname\x18\r \x01(\bB\xd2\x01\xc2H\xce\x01\n" + - "e\n" + - "\x0fstring.hostname\x12\x1evalue must be a valid hostname\x1a2!rules.hostname || this == '' || this.isHostname()\n" + + "\x12string.email_empty\x122value is empty, which is not a valid email address\x1a\x1a!rules.email || this != ''H\x00R\x05email\x12\xeb\x01\n" + + "\bhostname\x18\r \x01(\bB\xcc\x01\xc2H\xc8\x01\n" + + "_\n" + + "\x0fstring.hostname\x12\x18must be a valid hostname\x1a2!rules.hostname || this == '' || this.isHostname()\n" + "e\n" + - "\x15string.hostname_empty\x12-value is empty, which is not a valid hostname\x1a\x1d!rules.hostname || this != ''H\x00R\bhostname\x12\xcb\x01\n" + - "\x02ip\x18\x0e \x01(\bB\xb8\x01\xc2H\xb4\x01\n" + - "U\n" + - "\tstring.ip\x12 value must be a valid IP address\x1a&!rules.ip || this == '' || this.isIp()\n" + + "\x15string.hostname_empty\x12-value is empty, which is not a valid hostname\x1a\x1d!rules.hostname || this != ''H\x00R\bhostname\x12\xc5\x01\n" + + "\x02ip\x18\x0e \x01(\bB\xb2\x01\xc2H\xae\x01\n" + + "O\n" + + "\tstring.ip\x12\x1amust be a valid IP address\x1a&!rules.ip || this == '' || this.isIp()\n" + "[\n" + - "\x0fstring.ip_empty\x12/value is empty, which is not a valid IP address\x1a\x17!rules.ip || this != ''H\x00R\x02ip\x12\xdc\x01\n" + - "\x04ipv4\x18\x0f \x01(\bB\xc5\x01\xc2H\xc1\x01\n" + - "\\\n" + - "\vstring.ipv4\x12\"value must be a valid IPv4 address\x1a)!rules.ipv4 || this == '' || this.isIp(4)\n" + + "\x0fstring.ip_empty\x12/value is empty, which is not a valid IP address\x1a\x17!rules.ip || this != ''H\x00R\x02ip\x12\xd6\x01\n" + + "\x04ipv4\x18\x0f \x01(\bB\xbf\x01\xc2H\xbb\x01\n" + + "V\n" + + "\vstring.ipv4\x12\x1cmust be a valid IPv4 address\x1a)!rules.ipv4 || this == '' || this.isIp(4)\n" + "a\n" + - "\x11string.ipv4_empty\x121value is empty, which is not a valid IPv4 address\x1a\x19!rules.ipv4 || this != ''H\x00R\x04ipv4\x12\xdc\x01\n" + - "\x04ipv6\x18\x10 \x01(\bB\xc5\x01\xc2H\xc1\x01\n" + - "\\\n" + - "\vstring.ipv6\x12\"value must be a valid IPv6 address\x1a)!rules.ipv6 || this == '' || this.isIp(6)\n" + + "\x11string.ipv4_empty\x121value is empty, which is not a valid IPv4 address\x1a\x19!rules.ipv4 || this != ''H\x00R\x04ipv4\x12\xd6\x01\n" + + "\x04ipv6\x18\x10 \x01(\bB\xbf\x01\xc2H\xbb\x01\n" + + "V\n" + + "\vstring.ipv6\x12\x1cmust be a valid IPv6 address\x1a)!rules.ipv6 || this == '' || this.isIp(6)\n" + "a\n" + - "\x11string.ipv6_empty\x121value is empty, which is not a valid IPv6 address\x1a\x19!rules.ipv6 || this != ''H\x00R\x04ipv6\x12\xc4\x01\n" + - "\x03uri\x18\x11 \x01(\bB\xaf\x01\xc2H\xab\x01\n" + - "Q\n" + + "\x11string.ipv6_empty\x121value is empty, which is not a valid IPv6 address\x1a\x19!rules.ipv6 || this != ''H\x00R\x04ipv6\x12\xbe\x01\n" + + "\x03uri\x18\x11 \x01(\bB\xa9\x01\xc2H\xa5\x01\n" + + "K\n" + "\n" + - "string.uri\x12\x19value must be a valid URI\x1a(!rules.uri || this == '' || this.isUri()\n" + + "string.uri\x12\x13must be a valid URI\x1a(!rules.uri || this == '' || this.isUri()\n" + "V\n" + - "\x10string.uri_empty\x12(value is empty, which is not a valid URI\x1a\x18!rules.uri || this != ''H\x00R\x03uri\x12x\n" + - "\auri_ref\x18\x12 \x01(\bB]\xc2HZ\n" + - "X\n" + - "\x0estring.uri_ref\x12#value must be a valid URI Reference\x1a!!rules.uri_ref || this.isUriRef()H\x00R\x06uriRef\x12\x99\x02\n" + - "\aaddress\x18\x15 \x01(\bB\xfc\x01\xc2H\xf8\x01\n" + - "\x81\x01\n" + - "\x0estring.address\x12-value must be a valid hostname, or ip address\x1a@!rules.address || this == '' || this.isHostname() || this.isIp()\n" + + "\x10string.uri_empty\x12(value is empty, which is not a valid URI\x1a\x18!rules.uri || this != ''H\x00R\x03uri\x12r\n" + + "\auri_ref\x18\x12 \x01(\bBW\xc2HT\n" + + "R\n" + + "\x0estring.uri_ref\x12\x1dmust be a valid URI Reference\x1a!!rules.uri_ref || this.isUriRef()H\x00R\x06uriRef\x12\x92\x02\n" + + "\aaddress\x18\x15 \x01(\bB\xf5\x01\xc2H\xf1\x01\n" + + "{\n" + + "\x0estring.address\x12'must be a valid hostname, or ip address\x1a@!rules.address || this == '' || this.isHostname() || this.isIp()\n" + "r\n" + - "\x14string.address_empty\x12!rules.ipv4_with_prefixlen || this == '' || this.isIpPrefix(4)\n" + + "\x1estring.ip_with_prefixlen_empty\x12.value is empty, which is not a valid IP prefix\x1a&!rules.ip_with_prefixlen || this != ''H\x00R\x0fipWithPrefixlen\x12\xdc\x02\n" + + "\x13ipv4_with_prefixlen\x18\x1b \x01(\bB\xa9\x02\xc2H\xa5\x02\n" + + "\x8d\x01\n" + + "\x1astring.ipv4_with_prefixlen\x12/must be a valid IPv4 address with prefix length\x1a>!rules.ipv4_with_prefixlen || this == '' || this.isIpPrefix(4)\n" + "\x92\x01\n" + - " string.ipv4_with_prefixlen_empty\x12Dvalue is empty, which is not a valid IPv4 address with prefix length\x1a(!rules.ipv4_with_prefixlen || this != ''H\x00R\x11ipv4WithPrefixlen\x12\xe2\x02\n" + - "\x13ipv6_with_prefixlen\x18\x1c \x01(\bB\xaf\x02\xc2H\xab\x02\n" + - "\x93\x01\n" + - "\x1astring.ipv6_with_prefixlen\x125value must be a valid IPv6 address with prefix length\x1a>!rules.ipv6_with_prefixlen || this == '' || this.isIpPrefix(6)\n" + + " string.ipv4_with_prefixlen_empty\x12Dvalue is empty, which is not a valid IPv4 address with prefix length\x1a(!rules.ipv4_with_prefixlen || this != ''H\x00R\x11ipv4WithPrefixlen\x12\xdc\x02\n" + + "\x13ipv6_with_prefixlen\x18\x1c \x01(\bB\xa9\x02\xc2H\xa5\x02\n" + + "\x8d\x01\n" + + "\x1astring.ipv6_with_prefixlen\x12/must be a valid IPv6 address with prefix length\x1a>!rules.ipv6_with_prefixlen || this == '' || this.isIpPrefix(6)\n" + "\x92\x01\n" + - " string.ipv6_with_prefixlen_empty\x12Dvalue is empty, which is not a valid IPv6 address with prefix length\x1a(!rules.ipv6_with_prefixlen || this != ''H\x00R\x11ipv6WithPrefixlen\x12\xfc\x01\n" + - "\tip_prefix\x18\x1d \x01(\bB\xdc\x01\xc2H\xd8\x01\n" + - "l\n" + - "\x10string.ip_prefix\x12\x1fvalue must be a valid IP prefix\x1a7!rules.ip_prefix || this == '' || this.isIpPrefix(true)\n" + + " string.ipv6_with_prefixlen_empty\x12Dvalue is empty, which is not a valid IPv6 address with prefix length\x1a(!rules.ipv6_with_prefixlen || this != ''H\x00R\x11ipv6WithPrefixlen\x12\xf6\x01\n" + + "\tip_prefix\x18\x1d \x01(\bB\xd6\x01\xc2H\xd2\x01\n" + + "f\n" + + "\x10string.ip_prefix\x12\x19must be a valid IP prefix\x1a7!rules.ip_prefix || this == '' || this.isIpPrefix(true)\n" + "h\n" + - "\x16string.ip_prefix_empty\x12.value is empty, which is not a valid IP prefix\x1a\x1e!rules.ip_prefix || this != ''H\x00R\bipPrefix\x12\x8f\x02\n" + - "\vipv4_prefix\x18\x1e \x01(\bB\xeb\x01\xc2H\xe7\x01\n" + - "u\n" + - "\x12string.ipv4_prefix\x12!value must be a valid IPv4 prefix\x1a!rules.host_and_port || this == '' || this.isHostAndPort(true)\n" + + "ipv6Prefix\x12\xbc\x02\n" + + "\rhost_and_port\x18 \x01(\bB\x95\x02\xc2H\x91\x02\n" + + "\x93\x01\n" + + "\x14string.host_and_port\x12;must be a valid host (hostname or IP address) and port pair\x1a>!rules.host_and_port || this == '' || this.isHostAndPort(true)\n" + "y\n" + - "\x1astring.host_and_port_empty\x127value is empty, which is not a valid host and port pair\x1a\"!rules.host_and_port || this != ''H\x00R\vhostAndPort\x12\xfb\x01\n" + - "\x04ulid\x18# \x01(\bB\xe4\x01\xc2H\xe0\x01\n" + - "\x82\x01\n" + - "\vstring.ulid\x12\x1avalue must be a valid ULID\x1aW!rules.ulid || this == '' || this.matches('^[0-7][0-9A-HJKMNP-TV-Za-hjkmnp-tv-z]{25}$')\n" + + "\x1astring.host_and_port_empty\x127value is empty, which is not a valid host and port pair\x1a\"!rules.host_and_port || this != ''H\x00R\vhostAndPort\x12\xf4\x01\n" + + "\x04ulid\x18# \x01(\bB\xdd\x01\xc2H\xd9\x01\n" + + "|\n" + + "\vstring.ulid\x12\x14must be a valid ULID\x1aW!rules.ulid || this == '' || this.matches('^[0-7][0-9A-HJKMNP-TV-Za-hjkmnp-tv-z]{25}$')\n" + "Y\n" + - "\x11string.ulid_empty\x12)value is empty, which is not a valid ULID\x1a\x19!rules.ulid || this != ''H\x00R\x04ulid\x12\xb8\x05\n" + - "\x10well_known_regex\x18\x18 \x01(\x0e2\x18.buf.validate.KnownRegexB\xf1\x04\xc2H\xed\x04\n" + - "\xf0\x01\n" + - "#string.well_known_regex.header_name\x12&value must be a valid HTTP header name\x1a\xa0\x01rules.well_known_regex != 1 || this == '' || this.matches(!has(rules.strict) || rules.strict ?'^:?[0-9a-zA-Z!#$%&\\'*+-.^_|~\\x60]+$' :'^[^\\u0000\\u000A\\u000D]+$')\n" + + "\x11string.ulid_empty\x12)value is empty, which is not a valid ULID\x1a\x19!rules.ulid || this != ''H\x00R\x04ulid\x12\xe1\x02\n" + + "\fprotobuf_fqn\x18% \x01(\bB\xbb\x02\xc2H\xb7\x02\n" + + "\xaf\x01\n" + + "\x13string.protobuf_fqn\x12-must be a valid fully-qualified Protobuf name\x1ai!rules.protobuf_fqn || this == '' || this.matches('^[A-Za-z_][A-Za-z_0-9]*(\\\\.[A-Za-z_][A-Za-z_0-9]*)*$')\n" + + "\x82\x01\n" + + "\x19string.protobuf_fqn_empty\x12Bvalue is empty, which is not a valid fully-qualified Protobuf name\x1a!!rules.protobuf_fqn || this != ''H\x00R\vprotobufFqn\x12\xa1\x03\n" + + "\x10protobuf_dot_fqn\x18& \x01(\bB\xf4\x02\xc2H\xf0\x02\n" + + "\xcd\x01\n" + + "\x17string.protobuf_dot_fqn\x12@must be a valid fully-qualified Protobuf name with a leading dot\x1ap!rules.protobuf_dot_fqn || this == '' || this.matches('^\\\\.[A-Za-z_][A-Za-z_0-9]*(\\\\.[A-Za-z_][A-Za-z_0-9]*)*$')\n" + + "\x9d\x01\n" + + "\x1dstring.protobuf_dot_fqn_empty\x12Uvalue is empty, which is not a valid fully-qualified Protobuf name with a leading dot\x1a%!rules.protobuf_dot_fqn || this != ''H\x00R\x0eprotobufDotFqn\x12\xac\x05\n" + + "\x10well_known_regex\x18\x18 \x01(\x0e2\x18.buf.validate.KnownRegexB\xe5\x04\xc2H\xe1\x04\n" + + "\xea\x01\n" + + "#string.well_known_regex.header_name\x12 must be a valid HTTP header name\x1a\xa0\x01rules.well_known_regex != 1 || this == '' || this.matches(!has(rules.strict) || rules.strict ?'^:?[0-9a-zA-Z!#$%&\\'*+-.^_|~\\x60]+$' :'^[^\\u0000\\u000A\\u000D]+$')\n" + "\x8d\x01\n" + ")string.well_known_regex.header_name_empty\x125value is empty, which is not a valid HTTP header name\x1a)rules.well_known_regex != 1 || this != ''\n" + - "\xe7\x01\n" + - "$string.well_known_regex.header_value\x12'value must be a valid HTTP header value\x1a\x95\x01rules.well_known_regex != 2 || this.matches(!has(rules.strict) || rules.strict ?'^[^\\u0000-\\u0008\\u000A-\\u001F\\u007F]*$' :'^[^\\u0000\\u000A\\u000D]*$')H\x00R\x0ewellKnownRegex\x12\x16\n" + + "\xe1\x01\n" + + "$string.well_known_regex.header_value\x12!must be a valid HTTP header value\x1a\x95\x01rules.well_known_regex != 2 || this.matches(!has(rules.strict) || rules.strict ?'^[^\\u0000-\\u0008\\u000A-\\u001F\\u007F]*$' :'^[^\\u0000\\u000A\\u000D]*$')H\x00R\x0ewellKnownRegex\x12\x16\n" + "\x06strict\x18\x19 \x01(\bR\x06strict\x125\n" + "\aexample\x18\" \x03(\tB\x1b\xc2H\x18\n" + "\x16\n" + "\x0estring.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\f\n" + "\n" + - "well_known\"\xac\x13\n" + + "well_known\"\xca\x12\n" + "\n" + - "BytesRules\x12\x87\x01\n" + - "\x05const\x18\x01 \x01(\fBq\xc2Hn\n" + - "l\n" + - "\vbytes.const\x1a]this != getField(rules, 'const') ? 'value must be %x'.format([getField(rules, 'const')]) : ''R\x05const\x12}\n" + - "\x03len\x18\r \x01(\x04Bk\xc2Hh\n" + + "BytesRules\x12\x81\x01\n" + + "\x05const\x18\x01 \x01(\fBk\xc2Hh\n" + "f\n" + - "\tbytes.len\x1aYuint(this.size()) != rules.len ? 'value length must be %s bytes'.format([rules.len]) : ''R\x03len\x12\x98\x01\n" + - "\amin_len\x18\x02 \x01(\x04B\x7f\xc2H|\n" + - "z\n" + - "\rbytes.min_len\x1aiuint(this.size()) < rules.min_len ? 'value length must be at least %s bytes'.format([rules.min_len]) : ''R\x06minLen\x12\x90\x01\n" + - "\amax_len\x18\x03 \x01(\x04Bw\xc2Ht\n" + - "r\n" + - "\rbytes.max_len\x1aauint(this.size()) > rules.max_len ? 'value must be at most %s bytes'.format([rules.max_len]) : ''R\x06maxLen\x12\x99\x01\n" + - "\apattern\x18\x04 \x01(\tB\x7f\xc2H|\n" + - "z\n" + - "\rbytes.pattern\x1ai!string(this).matches(rules.pattern) ? 'value must match regex pattern `%s`'.format([rules.pattern]) : ''R\apattern\x12\x89\x01\n" + - "\x06prefix\x18\x05 \x01(\fBq\xc2Hn\n" + - "l\n" + - "\fbytes.prefix\x1a\\!this.startsWith(rules.prefix) ? 'value does not have prefix %x'.format([rules.prefix]) : ''R\x06prefix\x12\x87\x01\n" + - "\x06suffix\x18\x06 \x01(\fBo\xc2Hl\n" + - "j\n" + - "\fbytes.suffix\x1aZ!this.endsWith(rules.suffix) ? 'value does not have suffix %x'.format([rules.suffix]) : ''R\x06suffix\x12\x8d\x01\n" + - "\bcontains\x18\a \x01(\fBq\xc2Hn\n" + + "\vbytes.const\x1aWthis != getField(rules, 'const') ? 'must be %x'.format([getField(rules, 'const')]) : ''R\x05const\x12p\n" + + "\x03len\x18\r \x01(\x04B^\xc2H[\n" + + "Y\n" + + "\tbytes.len\x1aLuint(this.size()) != rules.len ? 'must be %s bytes'.format([rules.len]) : ''R\x03len\x12\x8b\x01\n" + + "\amin_len\x18\x02 \x01(\x04Br\xc2Ho\n" + + "m\n" + + "\rbytes.min_len\x1a\\uint(this.size()) < rules.min_len ? 'must be at least %s bytes'.format([rules.min_len]) : ''R\x06minLen\x12\x8a\x01\n" + + "\amax_len\x18\x03 \x01(\x04Bq\xc2Hn\n" + "l\n" + - "\x0ebytes.contains\x1aZ!this.contains(rules.contains) ? 'value does not contain %x'.format([rules.contains]) : ''R\bcontains\x12\xab\x01\n" + - "\x02in\x18\b \x03(\fB\x9a\x01\xc2H\x96\x01\n" + - "\x93\x01\n" + - "\bbytes.in\x1a\x86\x01getField(rules, 'in').size() > 0 && !(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12}\n" + - "\x06not_in\x18\t \x03(\fBf\xc2Hc\n" + - "a\n" + - "\fbytes.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12\xef\x01\n" + - "\x02ip\x18\n" + - " \x01(\bB\xdc\x01\xc2H\xd8\x01\n" + + "\rbytes.max_len\x1a[uint(this.size()) > rules.max_len ? 'must be at most %s bytes'.format([rules.max_len]) : ''R\x06maxLen\x12\x93\x01\n" + + "\apattern\x18\x04 \x01(\tBy\xc2Hv\n" + "t\n" + - "\bbytes.ip\x12 value must be a valid IP address\x1aF!rules.ip || this.size() == 0 || this.size() == 4 || this.size() == 16\n" + + "\rbytes.pattern\x1ac!string(this).matches(rules.pattern) ? 'must match regex pattern `%s`'.format([rules.pattern]) : ''R\apattern\x12\x83\x01\n" + + "\x06prefix\x18\x05 \x01(\fBk\xc2Hh\n" + + "f\n" + + "\fbytes.prefix\x1aV!this.startsWith(rules.prefix) ? 'does not have prefix %x'.format([rules.prefix]) : ''R\x06prefix\x12\x81\x01\n" + + "\x06suffix\x18\x06 \x01(\fBi\xc2Hf\n" + + "d\n" + + "\fbytes.suffix\x1aT!this.endsWith(rules.suffix) ? 'does not have suffix %x'.format([rules.suffix]) : ''R\x06suffix\x12\x87\x01\n" + + "\bcontains\x18\a \x01(\fBk\xc2Hh\n" + + "f\n" + + "\x0ebytes.contains\x1aT!this.contains(rules.contains) ? 'does not contain %x'.format([rules.contains]) : ''R\bcontains\x12\xa5\x01\n" + + "\x02in\x18\b \x03(\fB\x94\x01\xc2H\x90\x01\n" + + "\x8d\x01\n" + + "\bbytes.in\x1a\x80\x01getField(rules, 'in').size() > 0 && !(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12w\n" + + "\x06not_in\x18\t \x03(\fB`\xc2H]\n" + + "[\n" + + "\fbytes.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12\xe9\x01\n" + + "\x02ip\x18\n" + + " \x01(\bB\xd6\x01\xc2H\xd2\x01\n" + + "n\n" + + "\bbytes.ip\x12\x1amust be a valid IP address\x1aF!rules.ip || this.size() == 0 || this.size() == 4 || this.size() == 16\n" + "`\n" + - "\x0ebytes.ip_empty\x12/value is empty, which is not a valid IP address\x1a\x1d!rules.ip || this.size() != 0H\x00R\x02ip\x12\xea\x01\n" + - "\x04ipv4\x18\v \x01(\bB\xd3\x01\xc2H\xcf\x01\n" + - "e\n" + + "\x0ebytes.ip_empty\x12/value is empty, which is not a valid IP address\x1a\x1d!rules.ip || this.size() != 0H\x00R\x02ip\x12\xe4\x01\n" + + "\x04ipv4\x18\v \x01(\bB\xcd\x01\xc2H\xc9\x01\n" + + "_\n" + "\n" + - "bytes.ipv4\x12\"value must be a valid IPv4 address\x1a3!rules.ipv4 || this.size() == 0 || this.size() == 4\n" + - "f\n" + - "\x10bytes.ipv4_empty\x121value is empty, which is not a valid IPv4 address\x1a\x1f!rules.ipv4 || this.size() != 0H\x00R\x04ipv4\x12\xeb\x01\n" + - "\x04ipv6\x18\f \x01(\bB\xd4\x01\xc2H\xd0\x01\n" + + "bytes.ipv4\x12\x1cmust be a valid IPv4 address\x1a3!rules.ipv4 || this.size() == 0 || this.size() == 4\n" + "f\n" + + "\x10bytes.ipv4_empty\x121value is empty, which is not a valid IPv4 address\x1a\x1f!rules.ipv4 || this.size() != 0H\x00R\x04ipv4\x12\xe5\x01\n" + + "\x04ipv6\x18\f \x01(\bB\xce\x01\xc2H\xca\x01\n" + + "`\n" + "\n" + - "bytes.ipv6\x12\"value must be a valid IPv6 address\x1a4!rules.ipv6 || this.size() == 0 || this.size() == 16\n" + + "bytes.ipv6\x12\x1cmust be a valid IPv6 address\x1a4!rules.ipv6 || this.size() == 0 || this.size() == 16\n" + "f\n" + - "\x10bytes.ipv6_empty\x121value is empty, which is not a valid IPv6 address\x1a\x1f!rules.ipv6 || this.size() != 0H\x00R\x04ipv6\x12\xdb\x01\n" + - "\x04uuid\x18\x0f \x01(\bB\xc4\x01\xc2H\xc0\x01\n" + - "^\n" + + "\x10bytes.ipv6_empty\x121value is empty, which is not a valid IPv6 address\x1a\x1f!rules.ipv6 || this.size() != 0H\x00R\x04ipv6\x12\xd5\x01\n" + + "\x04uuid\x18\x0f \x01(\bB\xbe\x01\xc2H\xba\x01\n" + + "X\n" + "\n" + - "bytes.uuid\x12\x1avalue must be a valid UUID\x1a4!rules.uuid || this.size() == 0 || this.size() == 16\n" + + "bytes.uuid\x12\x14must be a valid UUID\x1a4!rules.uuid || this.size() == 0 || this.size() == 16\n" + "^\n" + "\x10bytes.uuid_empty\x12)value is empty, which is not a valid UUID\x1a\x1f!rules.uuid || this.size() != 0H\x00R\x04uuid\x124\n" + "\aexample\x18\x0e \x03(\fB\x1a\xc2H\x17\n" + "\x15\n" + "\rbytes.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\f\n" + "\n" + - "well_known\"\xfd\x03\n" + - "\tEnumRules\x12\x89\x01\n" + - "\x05const\x18\x01 \x01(\x05Bs\xc2Hp\n" + - "n\n" + + "well_known\"\xea\x03\n" + + "\tEnumRules\x12\x83\x01\n" + + "\x05const\x18\x01 \x01(\x05Bm\xc2Hj\n" + + "h\n" + "\n" + - "enum.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12!\n" + - "\fdefined_only\x18\x02 \x01(\bR\vdefinedOnly\x12\x82\x01\n" + - "\x02in\x18\x03 \x03(\x05Br\xc2Ho\n" + - "m\n" + - "\aenum.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12|\n" + - "\x06not_in\x18\x04 \x03(\x05Be\xc2Hb\n" + - "`\n" + - "\venum.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x123\n" + + "enum.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12!\n" + + "\fdefined_only\x18\x02 \x01(\bR\vdefinedOnly\x12|\n" + + "\x02in\x18\x03 \x03(\x05Bl\xc2Hi\n" + + "g\n" + + "\aenum.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12v\n" + + "\x06not_in\x18\x04 \x03(\x05B_\xc2H\\\n" + + "Z\n" + + "\venum.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x123\n" + "\aexample\x18\x05 \x03(\x05B\x19\xc2H\x16\n" + "\x14\n" + - "\fenum.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\x9e\x04\n" + - "\rRepeatedRules\x12\xa8\x01\n" + - "\tmin_items\x18\x01 \x01(\x04B\x8a\x01\xc2H\x86\x01\n" + - "\x83\x01\n" + - "\x12repeated.min_items\x1amuint(this.size()) < rules.min_items ? 'value must contain at least %d item(s)'.format([rules.min_items]) : ''R\bminItems\x12\xac\x01\n" + - "\tmax_items\x18\x02 \x01(\x04B\x8e\x01\xc2H\x8a\x01\n" + - "\x87\x01\n" + - "\x12repeated.max_items\x1aquint(this.size()) > rules.max_items ? 'value must contain no more than %s item(s)'.format([rules.max_items]) : ''R\bmaxItems\x12x\n" + + "\fenum.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\x90\x04\n" + + "\rRepeatedRules\x12\xa0\x01\n" + + "\tmin_items\x18\x01 \x01(\x04B\x82\x01\xc2H\x7f\n" + + "}\n" + + "\x12repeated.min_items\x1aguint(this.size()) < rules.min_items ? 'must contain at least %d item(s)'.format([rules.min_items]) : ''R\bminItems\x12\xa6\x01\n" + + "\tmax_items\x18\x02 \x01(\x04B\x88\x01\xc2H\x84\x01\n" + + "\x81\x01\n" + + "\x12repeated.max_items\x1akuint(this.size()) > rules.max_items ? 'must contain no more than %s item(s)'.format([rules.max_items]) : ''R\bmaxItems\x12x\n" + "\x06unique\x18\x03 \x01(\bB`\xc2H]\n" + "[\n" + "\x0frepeated.unique\x12(repeated value must contain unique items\x1a\x1e!rules.unique || this.unique()R\x06unique\x12.\n" + @@ -17193,104 +17387,104 @@ const file_buf_validate_validate_proto_rawDesc = "" + "\x06values\x18\x05 \x01(\v2\x18.buf.validate.FieldRulesR\x06values*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"1\n" + "\bAnyRules\x12\x0e\n" + "\x02in\x18\x02 \x03(\tR\x02in\x12\x15\n" + - "\x06not_in\x18\x03 \x03(\tR\x05notIn\"\xc6\x17\n" + - "\rDurationRules\x12\xa8\x01\n" + - "\x05const\x18\x02 \x01(\v2\x19.google.protobuf.DurationBw\xc2Ht\n" + - "r\n" + - "\x0eduration.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xac\x01\n" + - "\x02lt\x18\x03 \x01(\v2\x19.google.protobuf.DurationB\x7f\xc2H|\n" + - "z\n" + - "\vduration.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xbf\x01\n" + - "\x03lte\x18\x04 \x01(\v2\x19.google.protobuf.DurationB\x8f\x01\xc2H\x8b\x01\n" + - "\x88\x01\n" + - "\fduration.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xc5\a\n" + - "\x02gt\x18\x05 \x01(\v2\x19.google.protobuf.DurationB\x97\a\xc2H\x93\a\n" + - "}\n" + - "\vduration.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb6\x01\n" + - "\x0eduration.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbe\x01\n" + - "\x18duration.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc6\x01\n" + - "\x0fduration.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xce\x01\n" + - "\x19duration.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\x92\b\n" + - "\x03gte\x18\x06 \x01(\v2\x19.google.protobuf.DurationB\xe2\a\xc2H\xde\a\n" + - "\x8b\x01\n" + - "\fduration.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc5\x01\n" + - "\x0fduration.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcd\x01\n" + - "\x19duration.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd5\x01\n" + - "\x10duration.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdd\x01\n" + - "\x1aduration.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\xa1\x01\n" + - "\x02in\x18\a \x03(\v2\x19.google.protobuf.DurationBv\xc2Hs\n" + - "q\n" + - "\vduration.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x9b\x01\n" + - "\x06not_in\x18\b \x03(\v2\x19.google.protobuf.DurationBi\xc2Hf\n" + - "d\n" + - "\x0fduration.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12R\n" + + "\x06not_in\x18\x03 \x03(\tR\x05notIn\"\xec\x16\n" + + "\rDurationRules\x12\xa2\x01\n" + + "\x05const\x18\x02 \x01(\v2\x19.google.protobuf.DurationBq\xc2Hn\n" + + "l\n" + + "\x0eduration.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xa6\x01\n" + + "\x02lt\x18\x03 \x01(\v2\x19.google.protobuf.DurationBy\xc2Hv\n" + + "t\n" + + "\vduration.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xb9\x01\n" + + "\x03lte\x18\x04 \x01(\v2\x19.google.protobuf.DurationB\x89\x01\xc2H\x85\x01\n" + + "\x82\x01\n" + + "\fduration.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa7\a\n" + + "\x02gt\x18\x05 \x01(\v2\x19.google.protobuf.DurationB\xf9\x06\xc2H\xf5\x06\n" + + "w\n" + + "\vduration.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xb0\x01\n" + + "\x0eduration.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb8\x01\n" + + "\x18duration.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc0\x01\n" + + "\x0fduration.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc8\x01\n" + + "\x19duration.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf4\a\n" + + "\x03gte\x18\x06 \x01(\v2\x19.google.protobuf.DurationB\xc4\a\xc2H\xc0\a\n" + + "\x85\x01\n" + + "\fduration.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbf\x01\n" + + "\x0fduration.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc7\x01\n" + + "\x19duration.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcf\x01\n" + + "\x10duration.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd7\x01\n" + + "\x1aduration.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x9b\x01\n" + + "\x02in\x18\a \x03(\v2\x19.google.protobuf.DurationBp\xc2Hm\n" + + "k\n" + + "\vduration.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x95\x01\n" + + "\x06not_in\x18\b \x03(\v2\x19.google.protobuf.DurationBc\xc2H`\n" + + "^\n" + + "\x0fduration.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12R\n" + "\aexample\x18\t \x03(\v2\x19.google.protobuf.DurationB\x1d\xc2H\x1a\n" + "\x18\n" + "\x10duration.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\x98\x06\n" + - "\x0eFieldMaskRules\x12\xc6\x01\n" + - "\x05const\x18\x01 \x01(\v2\x1a.google.protobuf.FieldMaskB\x93\x01\xc2H\x8f\x01\n" + - "\x8c\x01\n" + - "\x10field_mask.const\x1axthis.paths != getField(rules, 'const').paths ? 'value must equal paths %s'.format([getField(rules, 'const').paths]) : ''R\x05const\x12\xdd\x01\n" + - "\x02in\x18\x02 \x03(\tB\xcc\x01\xc2H\xc8\x01\n" + - "\xc5\x01\n" + - "\rfield_mask.in\x1a\xb3\x01!this.paths.all(p, p in getField(rules, 'in') || getField(rules, 'in').exists(f, p.startsWith(f+'.'))) ? 'value must only contain paths in %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\xfa\x01\n" + - "\x06not_in\x18\x03 \x03(\tB\xe2\x01\xc2H\xde\x01\n" + - "\xdb\x01\n" + - "\x11field_mask.not_in\x1a\xc5\x01!this.paths.all(p, !(p in getField(rules, 'not_in') || getField(rules, 'not_in').exists(f, p.startsWith(f+'.')))) ? 'value must not contain any paths in %s'.format([getField(rules, 'not_in')]) : ''R\x05notIn\x12U\n" + + "\fgreater_than\"\x86\x06\n" + + "\x0eFieldMaskRules\x12\xc0\x01\n" + + "\x05const\x18\x01 \x01(\v2\x1a.google.protobuf.FieldMaskB\x8d\x01\xc2H\x89\x01\n" + + "\x86\x01\n" + + "\x10field_mask.const\x1arthis.paths != getField(rules, 'const').paths ? 'must equal paths %s'.format([getField(rules, 'const').paths]) : ''R\x05const\x12\xd7\x01\n" + + "\x02in\x18\x02 \x03(\tB\xc6\x01\xc2H\xc2\x01\n" + + "\xbf\x01\n" + + "\rfield_mask.in\x1a\xad\x01!this.paths.all(p, p in getField(rules, 'in') || getField(rules, 'in').exists(f, p.startsWith(f+'.'))) ? 'must only contain paths in %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\xf4\x01\n" + + "\x06not_in\x18\x03 \x03(\tB\xdc\x01\xc2H\xd8\x01\n" + + "\xd5\x01\n" + + "\x11field_mask.not_in\x1a\xbf\x01!this.paths.all(p, !(p in getField(rules, 'not_in') || getField(rules, 'not_in').exists(f, p.startsWith(f+'.')))) ? 'must not contain any paths in %s'.format([getField(rules, 'not_in')]) : ''R\x05notIn\x12U\n" + "\aexample\x18\x04 \x03(\v2\x1a.google.protobuf.FieldMaskB\x1f\xc2H\x1c\n" + "\x1a\n" + - "\x12field_mask.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xca\x18\n" + - "\x0eTimestampRules\x12\xaa\x01\n" + - "\x05const\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampBx\xc2Hu\n" + - "s\n" + - "\x0ftimestamp.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xaf\x01\n" + - "\x02lt\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampB\x80\x01\xc2H}\n" + - "{\n" + - "\ftimestamp.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xc1\x01\n" + - "\x03lte\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampB\x90\x01\xc2H\x8c\x01\n" + - "\x89\x01\n" + - "\rtimestamp.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12s\n" + - "\x06lt_now\x18\a \x01(\bBZ\xc2HW\n" + - "U\n" + - "\x10timestamp.lt_now\x1aA(rules.lt_now && this > now) ? 'value must be less than now' : ''H\x00R\x05ltNow\x12\xcb\a\n" + - "\x02gt\x18\x05 \x01(\v2\x1a.google.protobuf.TimestampB\x9c\a\xc2H\x98\a\n" + - "~\n" + - "\ftimestamp.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb7\x01\n" + - "\x0ftimestamp.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbf\x01\n" + - "\x19timestamp.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc7\x01\n" + - "\x10timestamp.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcf\x01\n" + - "\x1atimestamp.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\x98\b\n" + - "\x03gte\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampB\xe7\a\xc2H\xe3\a\n" + - "\x8c\x01\n" + - "\rtimestamp.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc6\x01\n" + - "\x10timestamp.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xce\x01\n" + - "\x1atimestamp.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd6\x01\n" + - "\x11timestamp.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xde\x01\n" + - "\x1btimestamp.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12v\n" + - "\x06gt_now\x18\b \x01(\bB]\xc2HZ\n" + - "X\n" + - "\x10timestamp.gt_now\x1aD(rules.gt_now && this < now) ? 'value must be greater than now' : ''H\x01R\x05gtNow\x12\xc0\x01\n" + - "\x06within\x18\t \x01(\v2\x19.google.protobuf.DurationB\x8c\x01\xc2H\x88\x01\n" + - "\x85\x01\n" + - "\x10timestamp.within\x1aqthis < now-rules.within || this > now+rules.within ? 'value must be within %s of now'.format([rules.within]) : ''R\x06within\x12T\n" + + "\x12field_mask.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xe8\x17\n" + + "\x0eTimestampRules\x12\xa4\x01\n" + + "\x05const\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampBr\xc2Ho\n" + + "m\n" + + "\x0ftimestamp.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xa8\x01\n" + + "\x02lt\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampBz\xc2Hw\n" + + "u\n" + + "\ftimestamp.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xbb\x01\n" + + "\x03lte\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampB\x8a\x01\xc2H\x86\x01\n" + + "\x83\x01\n" + + "\rtimestamp.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12m\n" + + "\x06lt_now\x18\a \x01(\bBT\xc2HQ\n" + + "O\n" + + "\x10timestamp.lt_now\x1a;(rules.lt_now && this > now) ? 'must be less than now' : ''H\x00R\x05ltNow\x12\xad\a\n" + + "\x02gt\x18\x05 \x01(\v2\x1a.google.protobuf.TimestampB\xfe\x06\xc2H\xfa\x06\n" + + "x\n" + + "\ftimestamp.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xb1\x01\n" + + "\x0ftimestamp.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb9\x01\n" + + "\x19timestamp.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc1\x01\n" + + "\x10timestamp.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc9\x01\n" + + "\x1atimestamp.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xfa\a\n" + + "\x03gte\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampB\xc9\a\xc2H\xc5\a\n" + + "\x86\x01\n" + + "\rtimestamp.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xc0\x01\n" + + "\x10timestamp.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc8\x01\n" + + "\x1atimestamp.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xd0\x01\n" + + "\x11timestamp.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd8\x01\n" + + "\x1btimestamp.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12p\n" + + "\x06gt_now\x18\b \x01(\bBW\xc2HT\n" + + "R\n" + + "\x10timestamp.gt_now\x1a>(rules.gt_now && this < now) ? 'must be greater than now' : ''H\x01R\x05gtNow\x12\xb9\x01\n" + + "\x06within\x18\t \x01(\v2\x19.google.protobuf.DurationB\x85\x01\xc2H\x81\x01\n" + + "\x7f\n" + + "\x10timestamp.within\x1akthis < now-rules.within || this > now+rules.within ? 'must be within %s of now'.format([rules.within]) : ''R\x06within\x12T\n" + "\aexample\x18\n" + " \x03(\v2\x1a.google.protobuf.TimestampB\x1e\xc2H\x1b\n" + "\x19\n" + @@ -17581,6 +17775,8 @@ func file_buf_validate_validate_proto_init() { (*StringRules_Ipv6Prefix)(nil), (*StringRules_HostAndPort)(nil), (*StringRules_Ulid)(nil), + (*StringRules_ProtobufFqn)(nil), + (*StringRules_ProtobufDotFqn)(nil), (*StringRules_WellKnownRegex)(nil), } file_buf_validate_validate_proto_msgTypes[20].OneofWrappers = []any{ diff --git a/vendor/buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate/validate_protoopaque.pb.go b/vendor/buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate/validate_protoopaque.pb.go index 4ebc3935c1..67c7db3f05 100644 --- a/vendor/buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate/validate_protoopaque.pb.go +++ b/vendor/buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate/validate_protoopaque.pb.go @@ -41,7 +41,7 @@ // // These rules are enforced at runtime by language-specific libraries. // See the [developer quickstart](https://protovalidate.com/quickstart/) to get started, or go directly to the runtime library for your language: -// [Go](https://github.com/bufbuild/protovalidate-go) +// [Go](https://github.com/bufbuild/protovalidate-go), // [JavaScript/TypeScript](https://github.com/bufbuild/protovalidate-es), // [Java](https://github.com/bufbuild/protovalidate-java), // [Python](https://github.com/bufbuild/protovalidate-python), @@ -523,7 +523,7 @@ type MessageRules_builder struct { // // The field `foo` must be greater than 42. // option (buf.validate.message).cel = { // id: "my_message.value", - // message: "value must be greater than 42", + // message: "must be greater than 42", // expression: "this.foo > 42", // }; // optional int32 foo = 1; @@ -1684,7 +1684,7 @@ type FieldRules_builder struct { // // The field `value` must be greater than 42. // optional int32 value = 1 [(buf.validate.field).cel = { // id: "my_message.value", - // message: "value must be greater than 42", + // message: "must be greater than 42", // expression: "this > 42", // }]; // } @@ -2086,7 +2086,7 @@ type PredefinedRules_builder struct { // // The field `value` must be greater than 42. // optional int32 value = 1 [(buf.validate.predefined).cel = { // id: "my_message.value", - // message: "value must be greater than 42", + // message: "must be greater than 42", // expression: "this > 42", // }]; // } @@ -2416,7 +2416,7 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be less than 10.0 + // // must be less than 10.0 // float value = 1 [(buf.validate.field).float.lt = 10.0]; // } // @@ -2429,7 +2429,7 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be less than or equal to 10.0 + // // must be less than or equal to 10.0 // float value = 1 [(buf.validate.field).float.lte = 10.0]; // } // @@ -2446,13 +2446,13 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be greater than 5.0 [float.gt] + // // must be greater than 5.0 [float.gt] // float value = 1 [(buf.validate.field).float.gt = 5.0]; // - // // value must be greater than 5 and less than 10.0 [float.gt_lt] + // // must be greater than 5 and less than 10.0 [float.gt_lt] // float other_value = 2 [(buf.validate.field).float = { gt: 5.0, lt: 10.0 }]; // - // // value must be greater than 10 or less than 5.0 [float.gt_lt_exclusive] + // // must be greater than 10 or less than 5.0 [float.gt_lt_exclusive] // float another_value = 3 [(buf.validate.field).float = { gt: 10.0, lt: 5.0 }]; // } // @@ -2467,13 +2467,13 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be greater than or equal to 5.0 [float.gte] + // // must be greater than or equal to 5.0 [float.gte] // float value = 1 [(buf.validate.field).float.gte = 5.0]; // - // // value must be greater than or equal to 5.0 and less than 10.0 [float.gte_lt] + // // must be greater than or equal to 5.0 and less than 10.0 [float.gte_lt] // float other_value = 2 [(buf.validate.field).float = { gte: 5.0, lt: 10.0 }]; // - // // value must be greater than or equal to 10.0 or less than 5.0 [float.gte_lt_exclusive] + // // must be greater than or equal to 10.0 or less than 5.0 [float.gte_lt_exclusive] // float another_value = 3 [(buf.validate.field).float = { gte: 10.0, lt: 5.0 }]; // } // @@ -2487,13 +2487,13 @@ type FloatRules_builder struct { // ```proto // // message MyFloat { - // // value must be in list [1.0, 2.0, 3.0] + // // must be in list [1.0, 2.0, 3.0] // float value = 1 [(buf.validate.field).float = { in: [1.0, 2.0, 3.0] }]; // } // // ``` In []float32 - // `in` requires the field value to not be equal to any of the specified + // `not_in` requires the field value to not be equal to any of the specified // values. If the field value is one of the specified values, an error // message is generated. // @@ -2588,7 +2588,7 @@ type floatRules_Lt struct { // ```proto // // message MyFloat { - // // value must be less than 10.0 + // // must be less than 10.0 // float value = 1 [(buf.validate.field).float.lt = 10.0]; // } // @@ -2604,7 +2604,7 @@ type floatRules_Lte struct { // ```proto // // message MyFloat { - // // value must be less than or equal to 10.0 + // // must be less than or equal to 10.0 // float value = 1 [(buf.validate.field).float.lte = 10.0]; // } // @@ -2630,13 +2630,13 @@ type floatRules_Gt struct { // ```proto // // message MyFloat { - // // value must be greater than 5.0 [float.gt] + // // must be greater than 5.0 [float.gt] // float value = 1 [(buf.validate.field).float.gt = 5.0]; // - // // value must be greater than 5 and less than 10.0 [float.gt_lt] + // // must be greater than 5 and less than 10.0 [float.gt_lt] // float other_value = 2 [(buf.validate.field).float = { gt: 5.0, lt: 10.0 }]; // - // // value must be greater than 10 or less than 5.0 [float.gt_lt_exclusive] + // // must be greater than 10 or less than 5.0 [float.gt_lt_exclusive] // float another_value = 3 [(buf.validate.field).float = { gt: 10.0, lt: 5.0 }]; // } // @@ -2654,13 +2654,13 @@ type floatRules_Gte struct { // ```proto // // message MyFloat { - // // value must be greater than or equal to 5.0 [float.gte] + // // must be greater than or equal to 5.0 [float.gte] // float value = 1 [(buf.validate.field).float.gte = 5.0]; // - // // value must be greater than or equal to 5.0 and less than 10.0 [float.gte_lt] + // // must be greater than or equal to 5.0 and less than 10.0 [float.gte_lt] // float other_value = 2 [(buf.validate.field).float = { gte: 5.0, lt: 10.0 }]; // - // // value must be greater than or equal to 10.0 or less than 5.0 [float.gte_lt_exclusive] + // // must be greater than or equal to 10.0 or less than 5.0 [float.gte_lt_exclusive] // float another_value = 3 [(buf.validate.field).float = { gte: 10.0, lt: 5.0 }]; // } // @@ -2985,7 +2985,7 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be less than 10.0 + // // must be less than 10.0 // double value = 1 [(buf.validate.field).double.lt = 10.0]; // } // @@ -2998,7 +2998,7 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be less than or equal to 10.0 + // // must be less than or equal to 10.0 // double value = 1 [(buf.validate.field).double.lte = 10.0]; // } // @@ -3015,13 +3015,13 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be greater than 5.0 [double.gt] + // // must be greater than 5.0 [double.gt] // double value = 1 [(buf.validate.field).double.gt = 5.0]; // - // // value must be greater than 5 and less than 10.0 [double.gt_lt] + // // must be greater than 5 and less than 10.0 [double.gt_lt] // double other_value = 2 [(buf.validate.field).double = { gt: 5.0, lt: 10.0 }]; // - // // value must be greater than 10 or less than 5.0 [double.gt_lt_exclusive] + // // must be greater than 10 or less than 5.0 [double.gt_lt_exclusive] // double another_value = 3 [(buf.validate.field).double = { gt: 10.0, lt: 5.0 }]; // } // @@ -3036,13 +3036,13 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be greater than or equal to 5.0 [double.gte] + // // must be greater than or equal to 5.0 [double.gte] // double value = 1 [(buf.validate.field).double.gte = 5.0]; // - // // value must be greater than or equal to 5.0 and less than 10.0 [double.gte_lt] + // // must be greater than or equal to 5.0 and less than 10.0 [double.gte_lt] // double other_value = 2 [(buf.validate.field).double = { gte: 5.0, lt: 10.0 }]; // - // // value must be greater than or equal to 10.0 or less than 5.0 [double.gte_lt_exclusive] + // // must be greater than or equal to 10.0 or less than 5.0 [double.gte_lt_exclusive] // double another_value = 3 [(buf.validate.field).double = { gte: 10.0, lt: 5.0 }]; // } // @@ -3056,7 +3056,7 @@ type DoubleRules_builder struct { // ```proto // // message MyDouble { - // // value must be in list [1.0, 2.0, 3.0] + // // must be in list [1.0, 2.0, 3.0] // double value = 1 [(buf.validate.field).double = { in: [1.0, 2.0, 3.0] }]; // } // @@ -3157,7 +3157,7 @@ type doubleRules_Lt struct { // ```proto // // message MyDouble { - // // value must be less than 10.0 + // // must be less than 10.0 // double value = 1 [(buf.validate.field).double.lt = 10.0]; // } // @@ -3173,7 +3173,7 @@ type doubleRules_Lte struct { // ```proto // // message MyDouble { - // // value must be less than or equal to 10.0 + // // must be less than or equal to 10.0 // double value = 1 [(buf.validate.field).double.lte = 10.0]; // } // @@ -3199,13 +3199,13 @@ type doubleRules_Gt struct { // ```proto // // message MyDouble { - // // value must be greater than 5.0 [double.gt] + // // must be greater than 5.0 [double.gt] // double value = 1 [(buf.validate.field).double.gt = 5.0]; // - // // value must be greater than 5 and less than 10.0 [double.gt_lt] + // // must be greater than 5 and less than 10.0 [double.gt_lt] // double other_value = 2 [(buf.validate.field).double = { gt: 5.0, lt: 10.0 }]; // - // // value must be greater than 10 or less than 5.0 [double.gt_lt_exclusive] + // // must be greater than 10 or less than 5.0 [double.gt_lt_exclusive] // double another_value = 3 [(buf.validate.field).double = { gt: 10.0, lt: 5.0 }]; // } // @@ -3223,13 +3223,13 @@ type doubleRules_Gte struct { // ```proto // // message MyDouble { - // // value must be greater than or equal to 5.0 [double.gte] + // // must be greater than or equal to 5.0 [double.gte] // double value = 1 [(buf.validate.field).double.gte = 5.0]; // - // // value must be greater than or equal to 5.0 and less than 10.0 [double.gte_lt] + // // must be greater than or equal to 5.0 and less than 10.0 [double.gte_lt] // double other_value = 2 [(buf.validate.field).double = { gte: 5.0, lt: 10.0 }]; // - // // value must be greater than or equal to 10.0 or less than 5.0 [double.gte_lt_exclusive] + // // must be greater than or equal to 10.0 or less than 5.0 [double.gte_lt_exclusive] // double another_value = 3 [(buf.validate.field).double = { gte: 10.0, lt: 5.0 }]; // } // @@ -3529,7 +3529,7 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be less than 10 + // // must be less than 10 // int32 value = 1 [(buf.validate.field).int32.lt = 10]; // } // @@ -3542,7 +3542,7 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // int32 value = 1 [(buf.validate.field).int32.lte = 10]; // } // @@ -3559,13 +3559,13 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be greater than 5 [int32.gt] + // // must be greater than 5 [int32.gt] // int32 value = 1 [(buf.validate.field).int32.gt = 5]; // - // // value must be greater than 5 and less than 10 [int32.gt_lt] + // // must be greater than 5 and less than 10 [int32.gt_lt] // int32 other_value = 2 [(buf.validate.field).int32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [int32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [int32.gt_lt_exclusive] // int32 another_value = 3 [(buf.validate.field).int32 = { gt: 10, lt: 5 }]; // } // @@ -3580,13 +3580,13 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be greater than or equal to 5 [int32.gte] + // // must be greater than or equal to 5 [int32.gte] // int32 value = 1 [(buf.validate.field).int32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [int32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [int32.gte_lt] // int32 other_value = 2 [(buf.validate.field).int32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [int32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [int32.gte_lt_exclusive] // int32 another_value = 3 [(buf.validate.field).int32 = { gte: 10, lt: 5 }]; // } // @@ -3600,7 +3600,7 @@ type Int32Rules_builder struct { // ```proto // // message MyInt32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // int32 value = 1 [(buf.validate.field).int32 = { in: [1, 2, 3] }]; // } // @@ -3694,7 +3694,7 @@ type int32Rules_Lt struct { // ```proto // // message MyInt32 { - // // value must be less than 10 + // // must be less than 10 // int32 value = 1 [(buf.validate.field).int32.lt = 10]; // } // @@ -3710,7 +3710,7 @@ type int32Rules_Lte struct { // ```proto // // message MyInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // int32 value = 1 [(buf.validate.field).int32.lte = 10]; // } // @@ -3736,13 +3736,13 @@ type int32Rules_Gt struct { // ```proto // // message MyInt32 { - // // value must be greater than 5 [int32.gt] + // // must be greater than 5 [int32.gt] // int32 value = 1 [(buf.validate.field).int32.gt = 5]; // - // // value must be greater than 5 and less than 10 [int32.gt_lt] + // // must be greater than 5 and less than 10 [int32.gt_lt] // int32 other_value = 2 [(buf.validate.field).int32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [int32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [int32.gt_lt_exclusive] // int32 another_value = 3 [(buf.validate.field).int32 = { gt: 10, lt: 5 }]; // } // @@ -3760,13 +3760,13 @@ type int32Rules_Gte struct { // ```proto // // message MyInt32 { - // // value must be greater than or equal to 5 [int32.gte] + // // must be greater than or equal to 5 [int32.gte] // int32 value = 1 [(buf.validate.field).int32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [int32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [int32.gte_lt] // int32 other_value = 2 [(buf.validate.field).int32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [int32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [int32.gte_lt_exclusive] // int32 another_value = 3 [(buf.validate.field).int32 = { gte: 10, lt: 5 }]; // } // @@ -4066,7 +4066,7 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be less than 10 + // // must be less than 10 // int64 value = 1 [(buf.validate.field).int64.lt = 10]; // } // @@ -4079,7 +4079,7 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // int64 value = 1 [(buf.validate.field).int64.lte = 10]; // } // @@ -4096,13 +4096,13 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be greater than 5 [int64.gt] + // // must be greater than 5 [int64.gt] // int64 value = 1 [(buf.validate.field).int64.gt = 5]; // - // // value must be greater than 5 and less than 10 [int64.gt_lt] + // // must be greater than 5 and less than 10 [int64.gt_lt] // int64 other_value = 2 [(buf.validate.field).int64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [int64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [int64.gt_lt_exclusive] // int64 another_value = 3 [(buf.validate.field).int64 = { gt: 10, lt: 5 }]; // } // @@ -4117,13 +4117,13 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be greater than or equal to 5 [int64.gte] + // // must be greater than or equal to 5 [int64.gte] // int64 value = 1 [(buf.validate.field).int64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [int64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [int64.gte_lt] // int64 other_value = 2 [(buf.validate.field).int64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [int64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [int64.gte_lt_exclusive] // int64 another_value = 3 [(buf.validate.field).int64 = { gte: 10, lt: 5 }]; // } // @@ -4137,7 +4137,7 @@ type Int64Rules_builder struct { // ```proto // // message MyInt64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // int64 value = 1 [(buf.validate.field).int64 = { in: [1, 2, 3] }]; // } // @@ -4231,7 +4231,7 @@ type int64Rules_Lt struct { // ```proto // // message MyInt64 { - // // value must be less than 10 + // // must be less than 10 // int64 value = 1 [(buf.validate.field).int64.lt = 10]; // } // @@ -4247,7 +4247,7 @@ type int64Rules_Lte struct { // ```proto // // message MyInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // int64 value = 1 [(buf.validate.field).int64.lte = 10]; // } // @@ -4273,13 +4273,13 @@ type int64Rules_Gt struct { // ```proto // // message MyInt64 { - // // value must be greater than 5 [int64.gt] + // // must be greater than 5 [int64.gt] // int64 value = 1 [(buf.validate.field).int64.gt = 5]; // - // // value must be greater than 5 and less than 10 [int64.gt_lt] + // // must be greater than 5 and less than 10 [int64.gt_lt] // int64 other_value = 2 [(buf.validate.field).int64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [int64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [int64.gt_lt_exclusive] // int64 another_value = 3 [(buf.validate.field).int64 = { gt: 10, lt: 5 }]; // } // @@ -4297,13 +4297,13 @@ type int64Rules_Gte struct { // ```proto // // message MyInt64 { - // // value must be greater than or equal to 5 [int64.gte] + // // must be greater than or equal to 5 [int64.gte] // int64 value = 1 [(buf.validate.field).int64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [int64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [int64.gte_lt] // int64 other_value = 2 [(buf.validate.field).int64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [int64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [int64.gte_lt_exclusive] // int64 another_value = 3 [(buf.validate.field).int64 = { gte: 10, lt: 5 }]; // } // @@ -4603,7 +4603,7 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be less than 10 + // // must be less than 10 // uint32 value = 1 [(buf.validate.field).uint32.lt = 10]; // } // @@ -4616,7 +4616,7 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // uint32 value = 1 [(buf.validate.field).uint32.lte = 10]; // } // @@ -4633,13 +4633,13 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be greater than 5 [uint32.gt] + // // must be greater than 5 [uint32.gt] // uint32 value = 1 [(buf.validate.field).uint32.gt = 5]; // - // // value must be greater than 5 and less than 10 [uint32.gt_lt] + // // must be greater than 5 and less than 10 [uint32.gt_lt] // uint32 other_value = 2 [(buf.validate.field).uint32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [uint32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [uint32.gt_lt_exclusive] // uint32 another_value = 3 [(buf.validate.field).uint32 = { gt: 10, lt: 5 }]; // } // @@ -4654,13 +4654,13 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be greater than or equal to 5 [uint32.gte] + // // must be greater than or equal to 5 [uint32.gte] // uint32 value = 1 [(buf.validate.field).uint32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [uint32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [uint32.gte_lt] // uint32 other_value = 2 [(buf.validate.field).uint32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [uint32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [uint32.gte_lt_exclusive] // uint32 another_value = 3 [(buf.validate.field).uint32 = { gte: 10, lt: 5 }]; // } // @@ -4674,7 +4674,7 @@ type UInt32Rules_builder struct { // ```proto // // message MyUInt32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // uint32 value = 1 [(buf.validate.field).uint32 = { in: [1, 2, 3] }]; // } // @@ -4768,7 +4768,7 @@ type uInt32Rules_Lt struct { // ```proto // // message MyUInt32 { - // // value must be less than 10 + // // must be less than 10 // uint32 value = 1 [(buf.validate.field).uint32.lt = 10]; // } // @@ -4784,7 +4784,7 @@ type uInt32Rules_Lte struct { // ```proto // // message MyUInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // uint32 value = 1 [(buf.validate.field).uint32.lte = 10]; // } // @@ -4810,13 +4810,13 @@ type uInt32Rules_Gt struct { // ```proto // // message MyUInt32 { - // // value must be greater than 5 [uint32.gt] + // // must be greater than 5 [uint32.gt] // uint32 value = 1 [(buf.validate.field).uint32.gt = 5]; // - // // value must be greater than 5 and less than 10 [uint32.gt_lt] + // // must be greater than 5 and less than 10 [uint32.gt_lt] // uint32 other_value = 2 [(buf.validate.field).uint32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [uint32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [uint32.gt_lt_exclusive] // uint32 another_value = 3 [(buf.validate.field).uint32 = { gt: 10, lt: 5 }]; // } // @@ -4834,13 +4834,13 @@ type uInt32Rules_Gte struct { // ```proto // // message MyUInt32 { - // // value must be greater than or equal to 5 [uint32.gte] + // // must be greater than or equal to 5 [uint32.gte] // uint32 value = 1 [(buf.validate.field).uint32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [uint32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [uint32.gte_lt] // uint32 other_value = 2 [(buf.validate.field).uint32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [uint32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [uint32.gte_lt_exclusive] // uint32 another_value = 3 [(buf.validate.field).uint32 = { gte: 10, lt: 5 }]; // } // @@ -5140,7 +5140,7 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be less than 10 + // // must be less than 10 // uint64 value = 1 [(buf.validate.field).uint64.lt = 10]; // } // @@ -5153,7 +5153,7 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // uint64 value = 1 [(buf.validate.field).uint64.lte = 10]; // } // @@ -5170,13 +5170,13 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be greater than 5 [uint64.gt] + // // must be greater than 5 [uint64.gt] // uint64 value = 1 [(buf.validate.field).uint64.gt = 5]; // - // // value must be greater than 5 and less than 10 [uint64.gt_lt] + // // must be greater than 5 and less than 10 [uint64.gt_lt] // uint64 other_value = 2 [(buf.validate.field).uint64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [uint64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [uint64.gt_lt_exclusive] // uint64 another_value = 3 [(buf.validate.field).uint64 = { gt: 10, lt: 5 }]; // } // @@ -5191,13 +5191,13 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be greater than or equal to 5 [uint64.gte] + // // must be greater than or equal to 5 [uint64.gte] // uint64 value = 1 [(buf.validate.field).uint64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [uint64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [uint64.gte_lt] // uint64 other_value = 2 [(buf.validate.field).uint64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [uint64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [uint64.gte_lt_exclusive] // uint64 another_value = 3 [(buf.validate.field).uint64 = { gte: 10, lt: 5 }]; // } // @@ -5211,7 +5211,7 @@ type UInt64Rules_builder struct { // ```proto // // message MyUInt64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // uint64 value = 1 [(buf.validate.field).uint64 = { in: [1, 2, 3] }]; // } // @@ -5305,7 +5305,7 @@ type uInt64Rules_Lt struct { // ```proto // // message MyUInt64 { - // // value must be less than 10 + // // must be less than 10 // uint64 value = 1 [(buf.validate.field).uint64.lt = 10]; // } // @@ -5321,7 +5321,7 @@ type uInt64Rules_Lte struct { // ```proto // // message MyUInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // uint64 value = 1 [(buf.validate.field).uint64.lte = 10]; // } // @@ -5347,13 +5347,13 @@ type uInt64Rules_Gt struct { // ```proto // // message MyUInt64 { - // // value must be greater than 5 [uint64.gt] + // // must be greater than 5 [uint64.gt] // uint64 value = 1 [(buf.validate.field).uint64.gt = 5]; // - // // value must be greater than 5 and less than 10 [uint64.gt_lt] + // // must be greater than 5 and less than 10 [uint64.gt_lt] // uint64 other_value = 2 [(buf.validate.field).uint64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [uint64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [uint64.gt_lt_exclusive] // uint64 another_value = 3 [(buf.validate.field).uint64 = { gt: 10, lt: 5 }]; // } // @@ -5371,13 +5371,13 @@ type uInt64Rules_Gte struct { // ```proto // // message MyUInt64 { - // // value must be greater than or equal to 5 [uint64.gte] + // // must be greater than or equal to 5 [uint64.gte] // uint64 value = 1 [(buf.validate.field).uint64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [uint64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [uint64.gte_lt] // uint64 other_value = 2 [(buf.validate.field).uint64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [uint64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [uint64.gte_lt_exclusive] // uint64 another_value = 3 [(buf.validate.field).uint64 = { gte: 10, lt: 5 }]; // } // @@ -5676,7 +5676,7 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be less than 10 + // // must be less than 10 // sint32 value = 1 [(buf.validate.field).sint32.lt = 10]; // } // @@ -5689,7 +5689,7 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sint32 value = 1 [(buf.validate.field).sint32.lte = 10]; // } // @@ -5706,13 +5706,13 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be greater than 5 [sint32.gt] + // // must be greater than 5 [sint32.gt] // sint32 value = 1 [(buf.validate.field).sint32.gt = 5]; // - // // value must be greater than 5 and less than 10 [sint32.gt_lt] + // // must be greater than 5 and less than 10 [sint32.gt_lt] // sint32 other_value = 2 [(buf.validate.field).sint32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sint32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sint32.gt_lt_exclusive] // sint32 another_value = 3 [(buf.validate.field).sint32 = { gt: 10, lt: 5 }]; // } // @@ -5727,13 +5727,13 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be greater than or equal to 5 [sint32.gte] + // // must be greater than or equal to 5 [sint32.gte] // sint32 value = 1 [(buf.validate.field).sint32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sint32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sint32.gte_lt] // sint32 other_value = 2 [(buf.validate.field).sint32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sint32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sint32.gte_lt_exclusive] // sint32 another_value = 3 [(buf.validate.field).sint32 = { gte: 10, lt: 5 }]; // } // @@ -5747,7 +5747,7 @@ type SInt32Rules_builder struct { // ```proto // // message MySInt32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sint32 value = 1 [(buf.validate.field).sint32 = { in: [1, 2, 3] }]; // } // @@ -5841,7 +5841,7 @@ type sInt32Rules_Lt struct { // ```proto // // message MySInt32 { - // // value must be less than 10 + // // must be less than 10 // sint32 value = 1 [(buf.validate.field).sint32.lt = 10]; // } // @@ -5857,7 +5857,7 @@ type sInt32Rules_Lte struct { // ```proto // // message MySInt32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sint32 value = 1 [(buf.validate.field).sint32.lte = 10]; // } // @@ -5883,13 +5883,13 @@ type sInt32Rules_Gt struct { // ```proto // // message MySInt32 { - // // value must be greater than 5 [sint32.gt] + // // must be greater than 5 [sint32.gt] // sint32 value = 1 [(buf.validate.field).sint32.gt = 5]; // - // // value must be greater than 5 and less than 10 [sint32.gt_lt] + // // must be greater than 5 and less than 10 [sint32.gt_lt] // sint32 other_value = 2 [(buf.validate.field).sint32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sint32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sint32.gt_lt_exclusive] // sint32 another_value = 3 [(buf.validate.field).sint32 = { gt: 10, lt: 5 }]; // } // @@ -5907,13 +5907,13 @@ type sInt32Rules_Gte struct { // ```proto // // message MySInt32 { - // // value must be greater than or equal to 5 [sint32.gte] + // // must be greater than or equal to 5 [sint32.gte] // sint32 value = 1 [(buf.validate.field).sint32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sint32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sint32.gte_lt] // sint32 other_value = 2 [(buf.validate.field).sint32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sint32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sint32.gte_lt_exclusive] // sint32 another_value = 3 [(buf.validate.field).sint32 = { gte: 10, lt: 5 }]; // } // @@ -6212,7 +6212,7 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be less than 10 + // // must be less than 10 // sint64 value = 1 [(buf.validate.field).sint64.lt = 10]; // } // @@ -6225,7 +6225,7 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sint64 value = 1 [(buf.validate.field).sint64.lte = 10]; // } // @@ -6242,13 +6242,13 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be greater than 5 [sint64.gt] + // // must be greater than 5 [sint64.gt] // sint64 value = 1 [(buf.validate.field).sint64.gt = 5]; // - // // value must be greater than 5 and less than 10 [sint64.gt_lt] + // // must be greater than 5 and less than 10 [sint64.gt_lt] // sint64 other_value = 2 [(buf.validate.field).sint64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sint64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sint64.gt_lt_exclusive] // sint64 another_value = 3 [(buf.validate.field).sint64 = { gt: 10, lt: 5 }]; // } // @@ -6263,13 +6263,13 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be greater than or equal to 5 [sint64.gte] + // // must be greater than or equal to 5 [sint64.gte] // sint64 value = 1 [(buf.validate.field).sint64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sint64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sint64.gte_lt] // sint64 other_value = 2 [(buf.validate.field).sint64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sint64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sint64.gte_lt_exclusive] // sint64 another_value = 3 [(buf.validate.field).sint64 = { gte: 10, lt: 5 }]; // } // @@ -6283,7 +6283,7 @@ type SInt64Rules_builder struct { // ```proto // // message MySInt64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sint64 value = 1 [(buf.validate.field).sint64 = { in: [1, 2, 3] }]; // } // @@ -6377,7 +6377,7 @@ type sInt64Rules_Lt struct { // ```proto // // message MySInt64 { - // // value must be less than 10 + // // must be less than 10 // sint64 value = 1 [(buf.validate.field).sint64.lt = 10]; // } // @@ -6393,7 +6393,7 @@ type sInt64Rules_Lte struct { // ```proto // // message MySInt64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sint64 value = 1 [(buf.validate.field).sint64.lte = 10]; // } // @@ -6419,13 +6419,13 @@ type sInt64Rules_Gt struct { // ```proto // // message MySInt64 { - // // value must be greater than 5 [sint64.gt] + // // must be greater than 5 [sint64.gt] // sint64 value = 1 [(buf.validate.field).sint64.gt = 5]; // - // // value must be greater than 5 and less than 10 [sint64.gt_lt] + // // must be greater than 5 and less than 10 [sint64.gt_lt] // sint64 other_value = 2 [(buf.validate.field).sint64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sint64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sint64.gt_lt_exclusive] // sint64 another_value = 3 [(buf.validate.field).sint64 = { gt: 10, lt: 5 }]; // } // @@ -6443,13 +6443,13 @@ type sInt64Rules_Gte struct { // ```proto // // message MySInt64 { - // // value must be greater than or equal to 5 [sint64.gte] + // // must be greater than or equal to 5 [sint64.gte] // sint64 value = 1 [(buf.validate.field).sint64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sint64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sint64.gte_lt] // sint64 other_value = 2 [(buf.validate.field).sint64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sint64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sint64.gte_lt_exclusive] // sint64 another_value = 3 [(buf.validate.field).sint64 = { gte: 10, lt: 5 }]; // } // @@ -6748,7 +6748,7 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be less than 10 + // // must be less than 10 // fixed32 value = 1 [(buf.validate.field).fixed32.lt = 10]; // } // @@ -6761,7 +6761,7 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // fixed32 value = 1 [(buf.validate.field).fixed32.lte = 10]; // } // @@ -6778,13 +6778,13 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be greater than 5 [fixed32.gt] + // // must be greater than 5 [fixed32.gt] // fixed32 value = 1 [(buf.validate.field).fixed32.gt = 5]; // - // // value must be greater than 5 and less than 10 [fixed32.gt_lt] + // // must be greater than 5 and less than 10 [fixed32.gt_lt] // fixed32 other_value = 2 [(buf.validate.field).fixed32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [fixed32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [fixed32.gt_lt_exclusive] // fixed32 another_value = 3 [(buf.validate.field).fixed32 = { gt: 10, lt: 5 }]; // } // @@ -6799,13 +6799,13 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be greater than or equal to 5 [fixed32.gte] + // // must be greater than or equal to 5 [fixed32.gte] // fixed32 value = 1 [(buf.validate.field).fixed32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [fixed32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [fixed32.gte_lt] // fixed32 other_value = 2 [(buf.validate.field).fixed32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [fixed32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [fixed32.gte_lt_exclusive] // fixed32 another_value = 3 [(buf.validate.field).fixed32 = { gte: 10, lt: 5 }]; // } // @@ -6819,7 +6819,7 @@ type Fixed32Rules_builder struct { // ```proto // // message MyFixed32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // fixed32 value = 1 [(buf.validate.field).fixed32 = { in: [1, 2, 3] }]; // } // @@ -6913,7 +6913,7 @@ type fixed32Rules_Lt struct { // ```proto // // message MyFixed32 { - // // value must be less than 10 + // // must be less than 10 // fixed32 value = 1 [(buf.validate.field).fixed32.lt = 10]; // } // @@ -6929,7 +6929,7 @@ type fixed32Rules_Lte struct { // ```proto // // message MyFixed32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // fixed32 value = 1 [(buf.validate.field).fixed32.lte = 10]; // } // @@ -6955,13 +6955,13 @@ type fixed32Rules_Gt struct { // ```proto // // message MyFixed32 { - // // value must be greater than 5 [fixed32.gt] + // // must be greater than 5 [fixed32.gt] // fixed32 value = 1 [(buf.validate.field).fixed32.gt = 5]; // - // // value must be greater than 5 and less than 10 [fixed32.gt_lt] + // // must be greater than 5 and less than 10 [fixed32.gt_lt] // fixed32 other_value = 2 [(buf.validate.field).fixed32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [fixed32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [fixed32.gt_lt_exclusive] // fixed32 another_value = 3 [(buf.validate.field).fixed32 = { gt: 10, lt: 5 }]; // } // @@ -6979,13 +6979,13 @@ type fixed32Rules_Gte struct { // ```proto // // message MyFixed32 { - // // value must be greater than or equal to 5 [fixed32.gte] + // // must be greater than or equal to 5 [fixed32.gte] // fixed32 value = 1 [(buf.validate.field).fixed32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [fixed32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [fixed32.gte_lt] // fixed32 other_value = 2 [(buf.validate.field).fixed32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [fixed32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [fixed32.gte_lt_exclusive] // fixed32 another_value = 3 [(buf.validate.field).fixed32 = { gte: 10, lt: 5 }]; // } // @@ -7284,7 +7284,7 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be less than 10 + // // must be less than 10 // fixed64 value = 1 [(buf.validate.field).fixed64.lt = 10]; // } // @@ -7297,7 +7297,7 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // fixed64 value = 1 [(buf.validate.field).fixed64.lte = 10]; // } // @@ -7314,13 +7314,13 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be greater than 5 [fixed64.gt] + // // must be greater than 5 [fixed64.gt] // fixed64 value = 1 [(buf.validate.field).fixed64.gt = 5]; // - // // value must be greater than 5 and less than 10 [fixed64.gt_lt] + // // must be greater than 5 and less than 10 [fixed64.gt_lt] // fixed64 other_value = 2 [(buf.validate.field).fixed64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [fixed64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [fixed64.gt_lt_exclusive] // fixed64 another_value = 3 [(buf.validate.field).fixed64 = { gt: 10, lt: 5 }]; // } // @@ -7335,13 +7335,13 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be greater than or equal to 5 [fixed64.gte] + // // must be greater than or equal to 5 [fixed64.gte] // fixed64 value = 1 [(buf.validate.field).fixed64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [fixed64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [fixed64.gte_lt] // fixed64 other_value = 2 [(buf.validate.field).fixed64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [fixed64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [fixed64.gte_lt_exclusive] // fixed64 another_value = 3 [(buf.validate.field).fixed64 = { gte: 10, lt: 5 }]; // } // @@ -7355,7 +7355,7 @@ type Fixed64Rules_builder struct { // ```proto // // message MyFixed64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // fixed64 value = 1 [(buf.validate.field).fixed64 = { in: [1, 2, 3] }]; // } // @@ -7449,7 +7449,7 @@ type fixed64Rules_Lt struct { // ```proto // // message MyFixed64 { - // // value must be less than 10 + // // must be less than 10 // fixed64 value = 1 [(buf.validate.field).fixed64.lt = 10]; // } // @@ -7465,7 +7465,7 @@ type fixed64Rules_Lte struct { // ```proto // // message MyFixed64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // fixed64 value = 1 [(buf.validate.field).fixed64.lte = 10]; // } // @@ -7491,13 +7491,13 @@ type fixed64Rules_Gt struct { // ```proto // // message MyFixed64 { - // // value must be greater than 5 [fixed64.gt] + // // must be greater than 5 [fixed64.gt] // fixed64 value = 1 [(buf.validate.field).fixed64.gt = 5]; // - // // value must be greater than 5 and less than 10 [fixed64.gt_lt] + // // must be greater than 5 and less than 10 [fixed64.gt_lt] // fixed64 other_value = 2 [(buf.validate.field).fixed64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [fixed64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [fixed64.gt_lt_exclusive] // fixed64 another_value = 3 [(buf.validate.field).fixed64 = { gt: 10, lt: 5 }]; // } // @@ -7515,13 +7515,13 @@ type fixed64Rules_Gte struct { // ```proto // // message MyFixed64 { - // // value must be greater than or equal to 5 [fixed64.gte] + // // must be greater than or equal to 5 [fixed64.gte] // fixed64 value = 1 [(buf.validate.field).fixed64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [fixed64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [fixed64.gte_lt] // fixed64 other_value = 2 [(buf.validate.field).fixed64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [fixed64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [fixed64.gte_lt_exclusive] // fixed64 another_value = 3 [(buf.validate.field).fixed64 = { gte: 10, lt: 5 }]; // } // @@ -7820,7 +7820,7 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be less than 10 + // // must be less than 10 // sfixed32 value = 1 [(buf.validate.field).sfixed32.lt = 10]; // } // @@ -7833,7 +7833,7 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sfixed32 value = 1 [(buf.validate.field).sfixed32.lte = 10]; // } // @@ -7850,13 +7850,13 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be greater than 5 [sfixed32.gt] + // // must be greater than 5 [sfixed32.gt] // sfixed32 value = 1 [(buf.validate.field).sfixed32.gt = 5]; // - // // value must be greater than 5 and less than 10 [sfixed32.gt_lt] + // // must be greater than 5 and less than 10 [sfixed32.gt_lt] // sfixed32 other_value = 2 [(buf.validate.field).sfixed32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sfixed32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sfixed32.gt_lt_exclusive] // sfixed32 another_value = 3 [(buf.validate.field).sfixed32 = { gt: 10, lt: 5 }]; // } // @@ -7871,13 +7871,13 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be greater than or equal to 5 [sfixed32.gte] + // // must be greater than or equal to 5 [sfixed32.gte] // sfixed32 value = 1 [(buf.validate.field).sfixed32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sfixed32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sfixed32.gte_lt] // sfixed32 other_value = 2 [(buf.validate.field).sfixed32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sfixed32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sfixed32.gte_lt_exclusive] // sfixed32 another_value = 3 [(buf.validate.field).sfixed32 = { gte: 10, lt: 5 }]; // } // @@ -7891,7 +7891,7 @@ type SFixed32Rules_builder struct { // ```proto // // message MySFixed32 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sfixed32 value = 1 [(buf.validate.field).sfixed32 = { in: [1, 2, 3] }]; // } // @@ -7985,7 +7985,7 @@ type sFixed32Rules_Lt struct { // ```proto // // message MySFixed32 { - // // value must be less than 10 + // // must be less than 10 // sfixed32 value = 1 [(buf.validate.field).sfixed32.lt = 10]; // } // @@ -8001,7 +8001,7 @@ type sFixed32Rules_Lte struct { // ```proto // // message MySFixed32 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sfixed32 value = 1 [(buf.validate.field).sfixed32.lte = 10]; // } // @@ -8027,13 +8027,13 @@ type sFixed32Rules_Gt struct { // ```proto // // message MySFixed32 { - // // value must be greater than 5 [sfixed32.gt] + // // must be greater than 5 [sfixed32.gt] // sfixed32 value = 1 [(buf.validate.field).sfixed32.gt = 5]; // - // // value must be greater than 5 and less than 10 [sfixed32.gt_lt] + // // must be greater than 5 and less than 10 [sfixed32.gt_lt] // sfixed32 other_value = 2 [(buf.validate.field).sfixed32 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sfixed32.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sfixed32.gt_lt_exclusive] // sfixed32 another_value = 3 [(buf.validate.field).sfixed32 = { gt: 10, lt: 5 }]; // } // @@ -8051,13 +8051,13 @@ type sFixed32Rules_Gte struct { // ```proto // // message MySFixed32 { - // // value must be greater than or equal to 5 [sfixed32.gte] + // // must be greater than or equal to 5 [sfixed32.gte] // sfixed32 value = 1 [(buf.validate.field).sfixed32.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sfixed32.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sfixed32.gte_lt] // sfixed32 other_value = 2 [(buf.validate.field).sfixed32 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sfixed32.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sfixed32.gte_lt_exclusive] // sfixed32 another_value = 3 [(buf.validate.field).sfixed32 = { gte: 10, lt: 5 }]; // } // @@ -8356,7 +8356,7 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be less than 10 + // // must be less than 10 // sfixed64 value = 1 [(buf.validate.field).sfixed64.lt = 10]; // } // @@ -8369,7 +8369,7 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sfixed64 value = 1 [(buf.validate.field).sfixed64.lte = 10]; // } // @@ -8386,13 +8386,13 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be greater than 5 [sfixed64.gt] + // // must be greater than 5 [sfixed64.gt] // sfixed64 value = 1 [(buf.validate.field).sfixed64.gt = 5]; // - // // value must be greater than 5 and less than 10 [sfixed64.gt_lt] + // // must be greater than 5 and less than 10 [sfixed64.gt_lt] // sfixed64 other_value = 2 [(buf.validate.field).sfixed64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sfixed64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sfixed64.gt_lt_exclusive] // sfixed64 another_value = 3 [(buf.validate.field).sfixed64 = { gt: 10, lt: 5 }]; // } // @@ -8407,13 +8407,13 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be greater than or equal to 5 [sfixed64.gte] + // // must be greater than or equal to 5 [sfixed64.gte] // sfixed64 value = 1 [(buf.validate.field).sfixed64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sfixed64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sfixed64.gte_lt] // sfixed64 other_value = 2 [(buf.validate.field).sfixed64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sfixed64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sfixed64.gte_lt_exclusive] // sfixed64 another_value = 3 [(buf.validate.field).sfixed64 = { gte: 10, lt: 5 }]; // } // @@ -8427,7 +8427,7 @@ type SFixed64Rules_builder struct { // ```proto // // message MySFixed64 { - // // value must be in list [1, 2, 3] + // // must be in list [1, 2, 3] // sfixed64 value = 1 [(buf.validate.field).sfixed64 = { in: [1, 2, 3] }]; // } // @@ -8521,7 +8521,7 @@ type sFixed64Rules_Lt struct { // ```proto // // message MySFixed64 { - // // value must be less than 10 + // // must be less than 10 // sfixed64 value = 1 [(buf.validate.field).sfixed64.lt = 10]; // } // @@ -8537,7 +8537,7 @@ type sFixed64Rules_Lte struct { // ```proto // // message MySFixed64 { - // // value must be less than or equal to 10 + // // must be less than or equal to 10 // sfixed64 value = 1 [(buf.validate.field).sfixed64.lte = 10]; // } // @@ -8563,13 +8563,13 @@ type sFixed64Rules_Gt struct { // ```proto // // message MySFixed64 { - // // value must be greater than 5 [sfixed64.gt] + // // must be greater than 5 [sfixed64.gt] // sfixed64 value = 1 [(buf.validate.field).sfixed64.gt = 5]; // - // // value must be greater than 5 and less than 10 [sfixed64.gt_lt] + // // must be greater than 5 and less than 10 [sfixed64.gt_lt] // sfixed64 other_value = 2 [(buf.validate.field).sfixed64 = { gt: 5, lt: 10 }]; // - // // value must be greater than 10 or less than 5 [sfixed64.gt_lt_exclusive] + // // must be greater than 10 or less than 5 [sfixed64.gt_lt_exclusive] // sfixed64 another_value = 3 [(buf.validate.field).sfixed64 = { gt: 10, lt: 5 }]; // } // @@ -8587,13 +8587,13 @@ type sFixed64Rules_Gte struct { // ```proto // // message MySFixed64 { - // // value must be greater than or equal to 5 [sfixed64.gte] + // // must be greater than or equal to 5 [sfixed64.gte] // sfixed64 value = 1 [(buf.validate.field).sfixed64.gte = 5]; // - // // value must be greater than or equal to 5 and less than 10 [sfixed64.gte_lt] + // // must be greater than or equal to 5 and less than 10 [sfixed64.gte_lt] // sfixed64 other_value = 2 [(buf.validate.field).sfixed64 = { gte: 5, lt: 10 }]; // - // // value must be greater than or equal to 10 or less than 5 [sfixed64.gte_lt_exclusive] + // // must be greater than or equal to 10 or less than 5 [sfixed64.gte_lt_exclusive] // sfixed64 another_value = 3 [(buf.validate.field).sfixed64 = { gte: 10, lt: 5 }]; // } // @@ -9053,6 +9053,24 @@ func (x *StringRules) GetUlid() bool { return false } +func (x *StringRules) GetProtobufFqn() bool { + if x != nil { + if x, ok := x.xxx_hidden_WellKnown.(*stringRules_ProtobufFqn); ok { + return x.ProtobufFqn + } + } + return false +} + +func (x *StringRules) GetProtobufDotFqn() bool { + if x != nil { + if x, ok := x.xxx_hidden_WellKnown.(*stringRules_ProtobufDotFqn); ok { + return x.ProtobufDotFqn + } + } + return false +} + func (x *StringRules) GetWellKnownRegex() KnownRegex { if x != nil { if x, ok := x.xxx_hidden_WellKnown.(*stringRules_WellKnownRegex); ok { @@ -9216,6 +9234,14 @@ func (x *StringRules) SetUlid(v bool) { x.xxx_hidden_WellKnown = &stringRules_Ulid{v} } +func (x *StringRules) SetProtobufFqn(v bool) { + x.xxx_hidden_WellKnown = &stringRules_ProtobufFqn{v} +} + +func (x *StringRules) SetProtobufDotFqn(v bool) { + x.xxx_hidden_WellKnown = &stringRules_ProtobufDotFqn{v} +} + func (x *StringRules) SetWellKnownRegex(v KnownRegex) { x.xxx_hidden_WellKnown = &stringRules_WellKnownRegex{v} } @@ -9464,6 +9490,22 @@ func (x *StringRules) HasUlid() bool { return ok } +func (x *StringRules) HasProtobufFqn() bool { + if x == nil { + return false + } + _, ok := x.xxx_hidden_WellKnown.(*stringRules_ProtobufFqn) + return ok +} + +func (x *StringRules) HasProtobufDotFqn() bool { + if x == nil { + return false + } + _, ok := x.xxx_hidden_WellKnown.(*stringRules_ProtobufDotFqn) + return ok +} + func (x *StringRules) HasWellKnownRegex() bool { if x == nil { return false @@ -9651,6 +9693,18 @@ func (x *StringRules) ClearUlid() { } } +func (x *StringRules) ClearProtobufFqn() { + if _, ok := x.xxx_hidden_WellKnown.(*stringRules_ProtobufFqn); ok { + x.xxx_hidden_WellKnown = nil + } +} + +func (x *StringRules) ClearProtobufDotFqn() { + if _, ok := x.xxx_hidden_WellKnown.(*stringRules_ProtobufDotFqn); ok { + x.xxx_hidden_WellKnown = nil + } +} + func (x *StringRules) ClearWellKnownRegex() { if _, ok := x.xxx_hidden_WellKnown.(*stringRules_WellKnownRegex); ok { x.xxx_hidden_WellKnown = nil @@ -9681,6 +9735,8 @@ const StringRules_Ipv4Prefix_case case_StringRules_WellKnown = 30 const StringRules_Ipv6Prefix_case case_StringRules_WellKnown = 31 const StringRules_HostAndPort_case case_StringRules_WellKnown = 32 const StringRules_Ulid_case case_StringRules_WellKnown = 35 +const StringRules_ProtobufFqn_case case_StringRules_WellKnown = 37 +const StringRules_ProtobufDotFqn_case case_StringRules_WellKnown = 38 const StringRules_WellKnownRegex_case case_StringRules_WellKnown = 24 func (x *StringRules) WhichWellKnown() case_StringRules_WellKnown { @@ -9724,6 +9780,10 @@ func (x *StringRules) WhichWellKnown() case_StringRules_WellKnown { return StringRules_HostAndPort_case case *stringRules_Ulid: return StringRules_Ulid_case + case *stringRules_ProtobufFqn: + return StringRules_ProtobufFqn_case + case *stringRules_ProtobufDotFqn: + return StringRules_ProtobufDotFqn_case case *stringRules_WellKnownRegex: return StringRules_WellKnownRegex_case default: @@ -9901,7 +9961,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be in list ["apple", "banana"] + // // must be in list ["apple", "banana"] // string value = 1 [(buf.validate.field).string.in = "apple", (buf.validate.field).string.in = "banana"]; // } // @@ -9936,7 +9996,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid email address + // // must be a valid email address // string value = 1 [(buf.validate.field).string.email = true]; // } // @@ -9958,7 +10018,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid hostname + // // must be a valid hostname // string value = 1 [(buf.validate.field).string.hostname = true]; // } // @@ -9979,7 +10039,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IP address + // // must be a valid IP address // string value = 1 [(buf.validate.field).string.ip = true]; // } // @@ -9992,7 +10052,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv4 address + // // must be a valid IPv4 address // string value = 1 [(buf.validate.field).string.ipv4 = true]; // } // @@ -10005,7 +10065,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv6 address + // // must be a valid IPv6 address // string value = 1 [(buf.validate.field).string.ipv6 = true]; // } // @@ -10022,7 +10082,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid URI + // // must be a valid URI // string value = 1 [(buf.validate.field).string.uri = true]; // } // @@ -10042,7 +10102,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid URI Reference + // // must be a valid URI Reference // string value = 1 [(buf.validate.field).string.uri_ref = true]; // } // @@ -10056,7 +10116,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid hostname, or ip address + // // must be a valid hostname, or ip address // string value = 1 [(buf.validate.field).string.address = true]; // } // @@ -10069,7 +10129,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid UUID + // // must be a valid UUID // string value = 1 [(buf.validate.field).string.uuid = true]; // } // @@ -10083,7 +10143,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid trimmed UUID + // // must be a valid trimmed UUID // string value = 1 [(buf.validate.field).string.tuuid = true]; // } // @@ -10097,7 +10157,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IP with prefix length + // // must be a valid IP with prefix length // string value = 1 [(buf.validate.field).string.ip_with_prefixlen = true]; // } // @@ -10111,7 +10171,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv4 address with prefix length + // // must be a valid IPv4 address with prefix length // string value = 1 [(buf.validate.field).string.ipv4_with_prefixlen = true]; // } // @@ -10125,7 +10185,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv6 address prefix length + // // must be a valid IPv6 address prefix length // string value = 1 [(buf.validate.field).string.ipv6_with_prefixlen = true]; // } // @@ -10144,7 +10204,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IP prefix + // // must be a valid IP prefix // string value = 1 [(buf.validate.field).string.ip_prefix = true]; // } // @@ -10163,7 +10223,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv4 prefix + // // must be a valid IPv4 prefix // string value = 1 [(buf.validate.field).string.ipv4_prefix = true]; // } // @@ -10182,13 +10242,13 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid IPv6 prefix + // // must be a valid IPv6 prefix // string value = 1 [(buf.validate.field).string.ipv6_prefix = true]; // } // // ``` Ipv6Prefix *bool - // `host_and_port` specifies that the field value must be valid host/port + // `host_and_port` specifies that the field value must be a valid host/port // pair—for example, "example.com:8080". // // The host can be one of: @@ -10206,12 +10266,66 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid ULID + // // must be a valid ULID // string value = 1 [(buf.validate.field).string.ulid = true]; // } // // ``` Ulid *bool + // `protobuf_fqn` specifies that the field value must be a valid fully-qualified + // Protobuf name as defined by the [Protobuf Language Specification](https://protobuf.com/docs/language-spec). + // + // A fully-qualified Protobuf name is a dot-separated list of Protobuf identifiers, + // where each identifier starts with a letter or underscore and is followed by zero or + // more letters, underscores, or digits. + // + // Examples: "buf.validate", "google.protobuf.Timestamp", "my_package.MyMessage". + // + // Note: historically, fully-qualified Protobuf names were represented with a leading + // dot (for example, ".buf.validate.StringRules"). Modern Protobuf does not use the + // leading dot, and most fully-qualified names are represented without it. Use + // `protobuf_dot_fqn` if a leading dot is required. + // + // If the field value isn't a valid fully-qualified Protobuf name, an error message + // will be generated. + // + // ```proto + // + // message MyString { + // // value must be a valid fully-qualified Protobuf name + // string value = 1 [(buf.validate.field).string.protobuf_fqn = true]; + // } + // + // ``` + ProtobufFqn *bool + // `protobuf_dot_fqn` specifies that the field value must be a valid fully-qualified + // Protobuf name with a leading dot, as defined by the + // [Protobuf Language Specification](https://protobuf.com/docs/language-spec). + // + // A fully-qualified Protobuf name with a leading dot is a dot followed by a + // dot-separated list of Protobuf identifiers, where each identifier starts with a + // letter or underscore and is followed by zero or more letters, underscores, or + // digits. + // + // Examples: ".buf.validate", ".google.protobuf.Timestamp", ".my_package.MyMessage". + // + // Note: this is the historical representation of fully-qualified Protobuf names, + // where a leading dot denotes an absolute reference. Modern Protobuf does not use + // the leading dot, and most fully-qualified names are represented without it. Most + // users will want to use `protobuf_fqn` instead. + // + // If the field value isn't a valid fully-qualified Protobuf name with a leading dot, + // an error message will be generated. + // + // ```proto + // + // message MyString { + // // value must be a valid fully-qualified Protobuf name with a leading dot + // string value = 1 [(buf.validate.field).string.protobuf_dot_fqn = true]; + // } + // + // ``` + ProtobufDotFqn *bool // `well_known_regex` specifies a common well-known pattern // defined as a regex. If the field value doesn't match the well-known // regex, an error message will be generated. @@ -10219,7 +10333,7 @@ type StringRules_builder struct { // ```proto // // message MyString { - // // value must be a valid HTTP header value + // // must be a valid HTTP header value // string value = 1 [(buf.validate.field).string.well_known_regex = KNOWN_REGEX_HTTP_HEADER_VALUE]; // } // @@ -10376,6 +10490,12 @@ func (b0 StringRules_builder) Build() *StringRules { if b.Ulid != nil { x.xxx_hidden_WellKnown = &stringRules_Ulid{*b.Ulid} } + if b.ProtobufFqn != nil { + x.xxx_hidden_WellKnown = &stringRules_ProtobufFqn{*b.ProtobufFqn} + } + if b.ProtobufDotFqn != nil { + x.xxx_hidden_WellKnown = &stringRules_ProtobufDotFqn{*b.ProtobufDotFqn} + } if b.WellKnownRegex != nil { x.xxx_hidden_WellKnown = &stringRules_WellKnownRegex{*b.WellKnownRegex} } @@ -10415,7 +10535,7 @@ type stringRules_Email struct { // ```proto // // message MyString { - // // value must be a valid email address + // // must be a valid email address // string value = 1 [(buf.validate.field).string.email = true]; // } // @@ -10440,7 +10560,7 @@ type stringRules_Hostname struct { // ```proto // // message MyString { - // // value must be a valid hostname + // // must be a valid hostname // string value = 1 [(buf.validate.field).string.hostname = true]; // } // @@ -10464,7 +10584,7 @@ type stringRules_Ip struct { // ```proto // // message MyString { - // // value must be a valid IP address + // // must be a valid IP address // string value = 1 [(buf.validate.field).string.ip = true]; // } // @@ -10480,7 +10600,7 @@ type stringRules_Ipv4 struct { // ```proto // // message MyString { - // // value must be a valid IPv4 address + // // must be a valid IPv4 address // string value = 1 [(buf.validate.field).string.ipv4 = true]; // } // @@ -10496,7 +10616,7 @@ type stringRules_Ipv6 struct { // ```proto // // message MyString { - // // value must be a valid IPv6 address + // // must be a valid IPv6 address // string value = 1 [(buf.validate.field).string.ipv6 = true]; // } // @@ -10516,7 +10636,7 @@ type stringRules_Uri struct { // ```proto // // message MyString { - // // value must be a valid URI + // // must be a valid URI // string value = 1 [(buf.validate.field).string.uri = true]; // } // @@ -10539,7 +10659,7 @@ type stringRules_UriRef struct { // ```proto // // message MyString { - // // value must be a valid URI Reference + // // must be a valid URI Reference // string value = 1 [(buf.validate.field).string.uri_ref = true]; // } // @@ -10556,7 +10676,7 @@ type stringRules_Address struct { // ```proto // // message MyString { - // // value must be a valid hostname, or ip address + // // must be a valid hostname, or ip address // string value = 1 [(buf.validate.field).string.address = true]; // } // @@ -10572,7 +10692,7 @@ type stringRules_Uuid struct { // ```proto // // message MyString { - // // value must be a valid UUID + // // must be a valid UUID // string value = 1 [(buf.validate.field).string.uuid = true]; // } // @@ -10589,7 +10709,7 @@ type stringRules_Tuuid struct { // ```proto // // message MyString { - // // value must be a valid trimmed UUID + // // must be a valid trimmed UUID // string value = 1 [(buf.validate.field).string.tuuid = true]; // } // @@ -10606,7 +10726,7 @@ type stringRules_IpWithPrefixlen struct { // ```proto // // message MyString { - // // value must be a valid IP with prefix length + // // must be a valid IP with prefix length // string value = 1 [(buf.validate.field).string.ip_with_prefixlen = true]; // } // @@ -10623,7 +10743,7 @@ type stringRules_Ipv4WithPrefixlen struct { // ```proto // // message MyString { - // // value must be a valid IPv4 address with prefix length + // // must be a valid IPv4 address with prefix length // string value = 1 [(buf.validate.field).string.ipv4_with_prefixlen = true]; // } // @@ -10640,7 +10760,7 @@ type stringRules_Ipv6WithPrefixlen struct { // ```proto // // message MyString { - // // value must be a valid IPv6 address prefix length + // // must be a valid IPv6 address prefix length // string value = 1 [(buf.validate.field).string.ipv6_with_prefixlen = true]; // } // @@ -10662,7 +10782,7 @@ type stringRules_IpPrefix struct { // ```proto // // message MyString { - // // value must be a valid IP prefix + // // must be a valid IP prefix // string value = 1 [(buf.validate.field).string.ip_prefix = true]; // } // @@ -10684,7 +10804,7 @@ type stringRules_Ipv4Prefix struct { // ```proto // // message MyString { - // // value must be a valid IPv4 prefix + // // must be a valid IPv4 prefix // string value = 1 [(buf.validate.field).string.ipv4_prefix = true]; // } // @@ -10706,7 +10826,7 @@ type stringRules_Ipv6Prefix struct { // ```proto // // message MyString { - // // value must be a valid IPv6 prefix + // // must be a valid IPv6 prefix // string value = 1 [(buf.validate.field).string.ipv6_prefix = true]; // } // @@ -10715,7 +10835,7 @@ type stringRules_Ipv6Prefix struct { } type stringRules_HostAndPort struct { - // `host_and_port` specifies that the field value must be valid host/port + // `host_and_port` specifies that the field value must be a valid host/port // pair—for example, "example.com:8080". // // The host can be one of: @@ -10736,7 +10856,7 @@ type stringRules_Ulid struct { // ```proto // // message MyString { - // // value must be a valid ULID + // // must be a valid ULID // string value = 1 [(buf.validate.field).string.ulid = true]; // } // @@ -10744,6 +10864,66 @@ type stringRules_Ulid struct { Ulid bool `protobuf:"varint,35,opt,name=ulid,oneof"` } +type stringRules_ProtobufFqn struct { + // `protobuf_fqn` specifies that the field value must be a valid fully-qualified + // Protobuf name as defined by the [Protobuf Language Specification](https://protobuf.com/docs/language-spec). + // + // A fully-qualified Protobuf name is a dot-separated list of Protobuf identifiers, + // where each identifier starts with a letter or underscore and is followed by zero or + // more letters, underscores, or digits. + // + // Examples: "buf.validate", "google.protobuf.Timestamp", "my_package.MyMessage". + // + // Note: historically, fully-qualified Protobuf names were represented with a leading + // dot (for example, ".buf.validate.StringRules"). Modern Protobuf does not use the + // leading dot, and most fully-qualified names are represented without it. Use + // `protobuf_dot_fqn` if a leading dot is required. + // + // If the field value isn't a valid fully-qualified Protobuf name, an error message + // will be generated. + // + // ```proto + // + // message MyString { + // // value must be a valid fully-qualified Protobuf name + // string value = 1 [(buf.validate.field).string.protobuf_fqn = true]; + // } + // + // ``` + ProtobufFqn bool `protobuf:"varint,37,opt,name=protobuf_fqn,json=protobufFqn,oneof"` +} + +type stringRules_ProtobufDotFqn struct { + // `protobuf_dot_fqn` specifies that the field value must be a valid fully-qualified + // Protobuf name with a leading dot, as defined by the + // [Protobuf Language Specification](https://protobuf.com/docs/language-spec). + // + // A fully-qualified Protobuf name with a leading dot is a dot followed by a + // dot-separated list of Protobuf identifiers, where each identifier starts with a + // letter or underscore and is followed by zero or more letters, underscores, or + // digits. + // + // Examples: ".buf.validate", ".google.protobuf.Timestamp", ".my_package.MyMessage". + // + // Note: this is the historical representation of fully-qualified Protobuf names, + // where a leading dot denotes an absolute reference. Modern Protobuf does not use + // the leading dot, and most fully-qualified names are represented without it. Most + // users will want to use `protobuf_fqn` instead. + // + // If the field value isn't a valid fully-qualified Protobuf name with a leading dot, + // an error message will be generated. + // + // ```proto + // + // message MyString { + // // value must be a valid fully-qualified Protobuf name with a leading dot + // string value = 1 [(buf.validate.field).string.protobuf_dot_fqn = true]; + // } + // + // ``` + ProtobufDotFqn bool `protobuf:"varint,38,opt,name=protobuf_dot_fqn,json=protobufDotFqn,oneof"` +} + type stringRules_WellKnownRegex struct { // `well_known_regex` specifies a common well-known pattern // defined as a regex. If the field value doesn't match the well-known @@ -10752,7 +10932,7 @@ type stringRules_WellKnownRegex struct { // ```proto // // message MyString { - // // value must be a valid HTTP header value + // // must be a valid HTTP header value // string value = 1 [(buf.validate.field).string.well_known_regex = KNOWN_REGEX_HTTP_HEADER_VALUE]; // } // @@ -10806,6 +10986,10 @@ func (*stringRules_HostAndPort) isStringRules_WellKnown() {} func (*stringRules_Ulid) isStringRules_WellKnown() {} +func (*stringRules_ProtobufFqn) isStringRules_WellKnown() {} + +func (*stringRules_ProtobufDotFqn) isStringRules_WellKnown() {} + func (*stringRules_WellKnownRegex) isStringRules_WellKnown() {} // BytesRules describe the rules applied to `bytes` values. These rules @@ -11248,7 +11432,7 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be "\x01\x02\x03\x04" + // // must be "\x01\x02\x03\x04" // bytes value = 1 [(buf.validate.field).bytes.const = "\x01\x02\x03\x04"]; // } // @@ -11286,7 +11470,7 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be at most 6 bytes. + // // must be at most 6 bytes. // optional bytes value = 1 [(buf.validate.field).bytes.max_len = 6]; // } // @@ -11383,7 +11567,7 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be a valid IP address + // // must be a valid IP address // optional bytes value = 1 [(buf.validate.field).bytes.ip = true]; // } // @@ -11395,7 +11579,7 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be a valid IPv4 address + // // must be a valid IPv4 address // optional bytes value = 1 [(buf.validate.field).bytes.ipv4 = true]; // } // @@ -11406,22 +11590,21 @@ type BytesRules_builder struct { // ```proto // // message MyBytes { - // // value must be a valid IPv6 address + // // must be a valid IPv6 address // optional bytes value = 1 [(buf.validate.field).bytes.ipv6 = true]; // } // // ``` Ipv6 *bool - // `uuid` ensures that the field `value` encodes the 128-bit UUID data as - // defined by [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2). - // The field must contain exactly 16 bytes - // representing the UUID. If the field value isn't a valid UUID, an error - // message will be generated. + // `uuid` ensures that the field value encodes 128-bit UUID data as defined + // by [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2). + // The field must contain exactly 16 bytes representing the UUID. If the + // field value isn't a valid UUID, an error message will be generated. // // ```proto // // message MyBytes { - // // value must be a valid UUID + // // must be a valid UUID // optional bytes value = 1 [(buf.validate.field).bytes.uuid = true]; // } // @@ -11520,7 +11703,7 @@ type bytesRules_Ip struct { // ```proto // // message MyBytes { - // // value must be a valid IP address + // // must be a valid IP address // optional bytes value = 1 [(buf.validate.field).bytes.ip = true]; // } // @@ -11535,7 +11718,7 @@ type bytesRules_Ipv4 struct { // ```proto // // message MyBytes { - // // value must be a valid IPv4 address + // // must be a valid IPv4 address // optional bytes value = 1 [(buf.validate.field).bytes.ipv4 = true]; // } // @@ -11549,7 +11732,7 @@ type bytesRules_Ipv6 struct { // ```proto // // message MyBytes { - // // value must be a valid IPv6 address + // // must be a valid IPv6 address // optional bytes value = 1 [(buf.validate.field).bytes.ipv6 = true]; // } // @@ -11558,16 +11741,15 @@ type bytesRules_Ipv6 struct { } type bytesRules_Uuid struct { - // `uuid` ensures that the field `value` encodes the 128-bit UUID data as - // defined by [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2). - // The field must contain exactly 16 bytes - // representing the UUID. If the field value isn't a valid UUID, an error - // message will be generated. + // `uuid` ensures that the field value encodes 128-bit UUID data as defined + // by [RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2). + // The field must contain exactly 16 bytes representing the UUID. If the + // field value isn't a valid UUID, an error message will be generated. // // ```proto // // message MyBytes { - // // value must be a valid UUID + // // must be a valid UUID // optional bytes value = 1 [(buf.validate.field).bytes.uuid = true]; // } // @@ -12328,7 +12510,7 @@ type AnyRules_builder struct { // // ``` In []string - // requires the field's type_url to be not equal to any of the specified values. If it matches any of the specified values, an error message is generated. + // `not_in` requires the field's type_url to be not equal to any of the specified values. If it matches any of the specified values, an error message is generated. // // ```proto // @@ -12658,7 +12840,7 @@ type DurationRules_builder struct { // ```proto // // message MyDuration { - // // value must be less than 5s + // // must be less than 5s // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lt = "5s"]; // } // @@ -12671,7 +12853,7 @@ type DurationRules_builder struct { // ```proto // // message MyDuration { - // // value must be less than or equal to 10s + // // must be less than or equal to 10s // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lte = "10s"]; // } // @@ -12729,7 +12911,7 @@ type DurationRules_builder struct { // ```proto // // message MyDuration { - // // value must be in list [1s, 2s, 3s] + // // must be in list [1s, 2s, 3s] // google.protobuf.Duration value = 1 [(buf.validate.field).duration.in = ["1s", "2s", "3s"]]; // } // @@ -12821,7 +13003,7 @@ type durationRules_Lt struct { // ```proto // // message MyDuration { - // // value must be less than 5s + // // must be less than 5s // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lt = "5s"]; // } // @@ -12837,7 +13019,7 @@ type durationRules_Lte struct { // ```proto // // message MyDuration { - // // value must be less than or equal to 10s + // // must be less than or equal to 10s // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lte = "10s"]; // } // @@ -13431,18 +13613,18 @@ type TimestampRules_builder struct { // ``` Const *timestamppb.Timestamp // Fields of oneof xxx_hidden_LessThan: - // requires the duration field value to be less than the specified value (field < value). If the field value doesn't meet the required conditions, an error message is generated. + // `lt` requires the timestamp field value to be less than the specified value (field < value). If the field value doesn't meet the required conditions, an error message is generated. // // ```proto // - // message MyDuration { - // // duration must be less than 'P3D' [duration.lt] - // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lt = { seconds: 259200 }]; + // message MyTimestamp { + // // timestamp must be less than '2023-01-01T00:00:00Z' [timestamp.lt] + // google.protobuf.Timestamp value = 1 [(buf.validate.field).timestamp.lt = { seconds: 1672444800 }]; // } // // ``` Lt *timestamppb.Timestamp - // requires the timestamp field value to be less than or equal to the specified value (field <= value). If the field value doesn't meet the required conditions, an error message is generated. + // `lte` requires the timestamp field value to be less than or equal to the specified value (field <= value). If the field value doesn't meet the required conditions, an error message is generated. // // ```proto // @@ -13458,7 +13640,7 @@ type TimestampRules_builder struct { // ```proto // // message MyTimestamp { - // // value must be less than now + // // must be less than now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.lt_now = true]; // } // @@ -13513,7 +13695,7 @@ type TimestampRules_builder struct { // ```proto // // message MyTimestamp { - // // value must be greater than now + // // must be greater than now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.gt_now = true]; // } // @@ -13525,7 +13707,7 @@ type TimestampRules_builder struct { // ```proto // // message MyTimestamp { - // // value must be within 1 hour of now + // // must be within 1 hour of now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.within = {seconds: 3600}]; // } // @@ -13601,13 +13783,13 @@ type isTimestampRules_LessThan interface { } type timestampRules_Lt struct { - // requires the duration field value to be less than the specified value (field < value). If the field value doesn't meet the required conditions, an error message is generated. + // `lt` requires the timestamp field value to be less than the specified value (field < value). If the field value doesn't meet the required conditions, an error message is generated. // // ```proto // - // message MyDuration { - // // duration must be less than 'P3D' [duration.lt] - // google.protobuf.Duration value = 1 [(buf.validate.field).duration.lt = { seconds: 259200 }]; + // message MyTimestamp { + // // timestamp must be less than '2023-01-01T00:00:00Z' [timestamp.lt] + // google.protobuf.Timestamp value = 1 [(buf.validate.field).timestamp.lt = { seconds: 1672444800 }]; // } // // ``` @@ -13615,7 +13797,7 @@ type timestampRules_Lt struct { } type timestampRules_Lte struct { - // requires the timestamp field value to be less than or equal to the specified value (field <= value). If the field value doesn't meet the required conditions, an error message is generated. + // `lte` requires the timestamp field value to be less than or equal to the specified value (field <= value). If the field value doesn't meet the required conditions, an error message is generated. // // ```proto // @@ -13634,7 +13816,7 @@ type timestampRules_LtNow struct { // ```proto // // message MyTimestamp { - // // value must be less than now + // // must be less than now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.lt_now = true]; // } // @@ -13706,7 +13888,7 @@ type timestampRules_GtNow struct { // ```proto // // message MyTimestamp { - // // value must be greater than now + // // must be greater than now // google.protobuf.Timestamp created_at = 1 [(buf.validate.field).timestamp.gt_now = true]; // } // @@ -14693,7 +14875,7 @@ var ( // extend buf.validate.Int32Rules { // bool is_zero [(buf.validate.predefined).cel = { // id: "int32.is_zero", - // message: "value must be zero", + // message: "must be zero", // expression: "!rule || this == 0", // }]; // } @@ -14762,788 +14944,798 @@ const file_buf_validate_validate_proto_rawDesc = "" + "\ttimestamp\x18\x16 \x01(\v2\x1c.buf.validate.TimestampRulesH\x00R\ttimestampB\x06\n" + "\x04typeJ\x04\b\x18\x10\x19J\x04\b\x1a\x10\x1bR\askippedR\fignore_empty\"Z\n" + "\x0fPredefinedRules\x12$\n" + - "\x03cel\x18\x01 \x03(\v2\x12.buf.validate.RuleR\x03celJ\x04\b\x18\x10\x19J\x04\b\x1a\x10\x1bR\askippedR\fignore_empty\"\x90\x18\n" + + "\x03cel\x18\x01 \x03(\v2\x12.buf.validate.RuleR\x03celJ\x04\b\x18\x10\x19J\x04\b\x1a\x10\x1bR\askippedR\fignore_empty\"\xae\x17\n" + "\n" + - "FloatRules\x12\x8a\x01\n" + - "\x05const\x18\x01 \x01(\x02Bt\xc2Hq\n" + - "o\n" + - "\vfloat.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xa3\x01\n" + - "\x02lt\x18\x02 \x01(\x02B\x90\x01\xc2H\x8c\x01\n" + - "\x89\x01\n" + - "\bfloat.lt\x1a}!has(rules.gte) && !has(rules.gt) && (this.isNan() || this >= rules.lt)? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xb4\x01\n" + - "\x03lte\x18\x03 \x01(\x02B\x9f\x01\xc2H\x9b\x01\n" + - "\x98\x01\n" + - "\tfloat.lte\x1a\x8a\x01!has(rules.gte) && !has(rules.gt) && (this.isNan() || this > rules.lte)? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xf3\a\n" + - "\x02gt\x18\x04 \x01(\x02B\xe0\a\xc2H\xdc\a\n" + - "\x8d\x01\n" + - "\bfloat.gt\x1a\x80\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this <= rules.gt)? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xc3\x01\n" + - "\vfloat.gt_lt\x1a\xb3\x01has(rules.lt) && rules.lt >= rules.gt && (this.isNan() || this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "FloatRules\x12\x84\x01\n" + + "\x05const\x18\x01 \x01(\x02Bn\xc2Hk\n" + + "i\n" + + "\vfloat.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x9d\x01\n" + + "\x02lt\x18\x02 \x01(\x02B\x8a\x01\xc2H\x86\x01\n" + + "\x83\x01\n" + + "\bfloat.lt\x1aw!has(rules.gte) && !has(rules.gt) && (this.isNan() || this >= rules.lt)? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xae\x01\n" + + "\x03lte\x18\x03 \x01(\x02B\x99\x01\xc2H\x95\x01\n" + + "\x92\x01\n" + + "\tfloat.lte\x1a\x84\x01!has(rules.gte) && !has(rules.gt) && (this.isNan() || this > rules.lte)? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xd4\a\n" + + "\x02gt\x18\x04 \x01(\x02B\xc1\a\xc2H\xbd\a\n" + + "\x86\x01\n" + + "\bfloat.gt\x1az!has(rules.lt) && !has(rules.lte) && (this.isNan() || this <= rules.gt)? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xbd\x01\n" + + "\vfloat.gt_lt\x1a\xad\x01has(rules.lt) && rules.lt >= rules.gt && (this.isNan() || this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc7\x01\n" + + "\x15float.gt_lt_exclusive\x1a\xad\x01has(rules.lt) && rules.lt < rules.gt && (this.isNan() || (rules.lt <= this && this <= rules.gt))? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + "\xcd\x01\n" + - "\x15float.gt_lt_exclusive\x1a\xb3\x01has(rules.lt) && rules.lt < rules.gt && (this.isNan() || (rules.lt <= this && this <= rules.gt))? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\ffloat.gt_lte\x1a\xc2\x01has(rules.lte) && rules.lte >= rules.gt && (this.isNan() || this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xdd\x01\n" + - "\x16float.gt_lte_exclusive\x1a\xc2\x01has(rules.lte) && rules.lte < rules.gt && (this.isNan() || (rules.lte < this && this <= rules.gt))? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xbf\b\n" + - "\x03gte\x18\x05 \x01(\x02B\xaa\b\xc2H\xa6\b\n" + - "\x9b\x01\n" + - "\tfloat.gte\x1a\x8d\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this < rules.gte)? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xd2\x01\n" + - "\ffloat.gte_lt\x1a\xc1\x01has(rules.lt) && rules.lt >= rules.gte && (this.isNan() || this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\ffloat.gt_lte\x1a\xbc\x01has(rules.lte) && rules.lte >= rules.gt && (this.isNan() || this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xd7\x01\n" + + "\x16float.gt_lte_exclusive\x1a\xbc\x01has(rules.lte) && rules.lte < rules.gt && (this.isNan() || (rules.lte < this && this <= rules.gt))? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xa1\b\n" + + "\x03gte\x18\x05 \x01(\x02B\x8c\b\xc2H\x88\b\n" + + "\x95\x01\n" + + "\tfloat.gte\x1a\x87\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this < rules.gte)? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xcc\x01\n" + + "\ffloat.gte_lt\x1a\xbb\x01has(rules.lt) && rules.lt >= rules.gte && (this.isNan() || this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xd6\x01\n" + + "\x16float.gte_lt_exclusive\x1a\xbb\x01has(rules.lt) && rules.lt < rules.gte && (this.isNan() || (rules.lt <= this && this < rules.gte))? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + "\xdc\x01\n" + - "\x16float.gte_lt_exclusive\x1a\xc1\x01has(rules.lt) && rules.lt < rules.gte && (this.isNan() || (rules.lt <= this && this < rules.gte))? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xe2\x01\n" + - "\rfloat.gte_lte\x1a\xd0\x01has(rules.lte) && rules.lte >= rules.gte && (this.isNan() || this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xec\x01\n" + - "\x17float.gte_lte_exclusive\x1a\xd0\x01has(rules.lte) && rules.lte < rules.gte && (this.isNan() || (rules.lte < this && this < rules.gte))? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x83\x01\n" + - "\x02in\x18\x06 \x03(\x02Bs\xc2Hp\n" + - "n\n" + - "\bfloat.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12}\n" + - "\x06not_in\x18\a \x03(\x02Bf\xc2Hc\n" + - "a\n" + - "\ffloat.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12}\n" + - "\x06finite\x18\b \x01(\bBe\xc2Hb\n" + - "`\n" + - "\ffloat.finite\x1aPrules.finite ? (this.isNan() || this.isInf() ? 'value must be finite' : '') : ''R\x06finite\x124\n" + + "\rfloat.gte_lte\x1a\xca\x01has(rules.lte) && rules.lte >= rules.gte && (this.isNan() || this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xe6\x01\n" + + "\x17float.gte_lte_exclusive\x1a\xca\x01has(rules.lte) && rules.lte < rules.gte && (this.isNan() || (rules.lte < this && this < rules.gte))? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12}\n" + + "\x02in\x18\x06 \x03(\x02Bm\xc2Hj\n" + + "h\n" + + "\bfloat.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12w\n" + + "\x06not_in\x18\a \x03(\x02B`\xc2H]\n" + + "[\n" + + "\ffloat.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12w\n" + + "\x06finite\x18\b \x01(\bB_\xc2H\\\n" + + "Z\n" + + "\ffloat.finite\x1aJrules.finite ? (this.isNan() || this.isInf() ? 'must be finite' : '') : ''R\x06finite\x124\n" + "\aexample\x18\t \x03(\x02B\x1a\xc2H\x17\n" + "\x15\n" + "\rfloat.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xa2\x18\n" + - "\vDoubleRules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\x01Bu\xc2Hr\n" + - "p\n" + - "\fdouble.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xa4\x01\n" + - "\x02lt\x18\x02 \x01(\x01B\x91\x01\xc2H\x8d\x01\n" + - "\x8a\x01\n" + - "\tdouble.lt\x1a}!has(rules.gte) && !has(rules.gt) && (this.isNan() || this >= rules.lt)? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xb5\x01\n" + - "\x03lte\x18\x03 \x01(\x01B\xa0\x01\xc2H\x9c\x01\n" + - "\x99\x01\n" + + "\fgreater_than\"\xc0\x17\n" + + "\vDoubleRules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\x01Bo\xc2Hl\n" + + "j\n" + + "\fdouble.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x9e\x01\n" + + "\x02lt\x18\x02 \x01(\x01B\x8b\x01\xc2H\x87\x01\n" + + "\x84\x01\n" + + "\tdouble.lt\x1aw!has(rules.gte) && !has(rules.gt) && (this.isNan() || this >= rules.lt)? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xaf\x01\n" + + "\x03lte\x18\x03 \x01(\x01B\x9a\x01\xc2H\x96\x01\n" + + "\x93\x01\n" + "\n" + - "double.lte\x1a\x8a\x01!has(rules.gte) && !has(rules.gt) && (this.isNan() || this > rules.lte)? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xf8\a\n" + - "\x02gt\x18\x04 \x01(\x01B\xe5\a\xc2H\xe1\a\n" + - "\x8e\x01\n" + - "\tdouble.gt\x1a\x80\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this <= rules.gt)? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xc4\x01\n" + - "\fdouble.gt_lt\x1a\xb3\x01has(rules.lt) && rules.lt >= rules.gt && (this.isNan() || this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "double.lte\x1a\x84\x01!has(rules.gte) && !has(rules.gt) && (this.isNan() || this > rules.lte)? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xd9\a\n" + + "\x02gt\x18\x04 \x01(\x01B\xc6\a\xc2H\xc2\a\n" + + "\x87\x01\n" + + "\tdouble.gt\x1az!has(rules.lt) && !has(rules.lte) && (this.isNan() || this <= rules.gt)? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xbe\x01\n" + + "\fdouble.gt_lt\x1a\xad\x01has(rules.lt) && rules.lt >= rules.gt && (this.isNan() || this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc8\x01\n" + + "\x16double.gt_lt_exclusive\x1a\xad\x01has(rules.lt) && rules.lt < rules.gt && (this.isNan() || (rules.lt <= this && this <= rules.gt))? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + "\xce\x01\n" + - "\x16double.gt_lt_exclusive\x1a\xb3\x01has(rules.lt) && rules.lt < rules.gt && (this.isNan() || (rules.lt <= this && this <= rules.gt))? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xd4\x01\n" + - "\rdouble.gt_lte\x1a\xc2\x01has(rules.lte) && rules.lte >= rules.gt && (this.isNan() || this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xde\x01\n" + - "\x17double.gt_lte_exclusive\x1a\xc2\x01has(rules.lte) && rules.lte < rules.gt && (this.isNan() || (rules.lte < this && this <= rules.gt))? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xc4\b\n" + - "\x03gte\x18\x05 \x01(\x01B\xaf\b\xc2H\xab\b\n" + - "\x9c\x01\n" + + "\rdouble.gt_lte\x1a\xbc\x01has(rules.lte) && rules.lte >= rules.gt && (this.isNan() || this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xd8\x01\n" + + "\x17double.gt_lte_exclusive\x1a\xbc\x01has(rules.lte) && rules.lte < rules.gt && (this.isNan() || (rules.lte < this && this <= rules.gt))? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xa6\b\n" + + "\x03gte\x18\x05 \x01(\x01B\x91\b\xc2H\x8d\b\n" + + "\x96\x01\n" + "\n" + - "double.gte\x1a\x8d\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this < rules.gte)? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xd3\x01\n" + - "\rdouble.gte_lt\x1a\xc1\x01has(rules.lt) && rules.lt >= rules.gte && (this.isNan() || this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "double.gte\x1a\x87\x01!has(rules.lt) && !has(rules.lte) && (this.isNan() || this < rules.gte)? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xcd\x01\n" + + "\rdouble.gte_lt\x1a\xbb\x01has(rules.lt) && rules.lt >= rules.gte && (this.isNan() || this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xd7\x01\n" + + "\x17double.gte_lt_exclusive\x1a\xbb\x01has(rules.lt) && rules.lt < rules.gte && (this.isNan() || (rules.lt <= this && this < rules.gte))? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + "\xdd\x01\n" + - "\x17double.gte_lt_exclusive\x1a\xc1\x01has(rules.lt) && rules.lt < rules.gte && (this.isNan() || (rules.lt <= this && this < rules.gte))? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xe3\x01\n" + - "\x0edouble.gte_lte\x1a\xd0\x01has(rules.lte) && rules.lte >= rules.gte && (this.isNan() || this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xed\x01\n" + - "\x18double.gte_lte_exclusive\x1a\xd0\x01has(rules.lte) && rules.lte < rules.gte && (this.isNan() || (rules.lte < this && this < rules.gte))? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\x01Bt\xc2Hq\n" + - "o\n" + - "\tdouble.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\x01Bg\xc2Hd\n" + - "b\n" + - "\rdouble.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12~\n" + - "\x06finite\x18\b \x01(\bBf\xc2Hc\n" + - "a\n" + - "\rdouble.finite\x1aPrules.finite ? (this.isNan() || this.isInf() ? 'value must be finite' : '') : ''R\x06finite\x125\n" + + "\x0edouble.gte_lte\x1a\xca\x01has(rules.lte) && rules.lte >= rules.gte && (this.isNan() || this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xe7\x01\n" + + "\x18double.gte_lte_exclusive\x1a\xca\x01has(rules.lte) && rules.lte < rules.gte && (this.isNan() || (rules.lte < this && this < rules.gte))? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\x01Bn\xc2Hk\n" + + "i\n" + + "\tdouble.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\x01Ba\xc2H^\n" + + "\\\n" + + "\rdouble.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12x\n" + + "\x06finite\x18\b \x01(\bB`\xc2H]\n" + + "[\n" + + "\rdouble.finite\x1aJrules.finite ? (this.isNan() || this.isInf() ? 'must be finite' : '') : ''R\x06finite\x125\n" + "\aexample\x18\t \x03(\x01B\x1b\xc2H\x18\n" + "\x16\n" + "\x0edouble.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xba\x15\n" + + "\fgreater_than\"\xde\x14\n" + "\n" + - "Int32Rules\x12\x8a\x01\n" + - "\x05const\x18\x01 \x01(\x05Bt\xc2Hq\n" + - "o\n" + - "\vint32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8e\x01\n" + - "\x02lt\x18\x02 \x01(\x05B|\xc2Hy\n" + - "w\n" + - "\bint32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa1\x01\n" + - "\x03lte\x18\x03 \x01(\x05B\x8c\x01\xc2H\x88\x01\n" + - "\x85\x01\n" + - "\tint32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x9b\a\n" + - "\x02gt\x18\x04 \x01(\x05B\x88\a\xc2H\x84\a\n" + - "z\n" + - "\bint32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb3\x01\n" + - "\vint32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbb\x01\n" + - "\x15int32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc3\x01\n" + - "\fint32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcb\x01\n" + - "\x16int32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xe8\a\n" + - "\x03gte\x18\x05 \x01(\x05B\xd3\a\xc2H\xcf\a\n" + - "\x88\x01\n" + - "\tint32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc2\x01\n" + - "\fint32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xca\x01\n" + - "\x16int32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd2\x01\n" + - "\rint32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xda\x01\n" + - "\x17int32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x83\x01\n" + - "\x02in\x18\x06 \x03(\x05Bs\xc2Hp\n" + - "n\n" + - "\bint32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12}\n" + - "\x06not_in\x18\a \x03(\x05Bf\xc2Hc\n" + - "a\n" + - "\fint32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x124\n" + + "Int32Rules\x12\x84\x01\n" + + "\x05const\x18\x01 \x01(\x05Bn\xc2Hk\n" + + "i\n" + + "\vint32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x88\x01\n" + + "\x02lt\x18\x02 \x01(\x05Bv\xc2Hs\n" + + "q\n" + + "\bint32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9a\x01\n" + + "\x03lte\x18\x03 \x01(\x05B\x85\x01\xc2H\x81\x01\n" + + "\x7f\n" + + "\tint32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xfd\x06\n" + + "\x02gt\x18\x04 \x01(\x05B\xea\x06\xc2H\xe6\x06\n" + + "t\n" + + "\bint32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xad\x01\n" + + "\vint32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb5\x01\n" + + "\x15int32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbd\x01\n" + + "\fint32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc5\x01\n" + + "\x16int32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xca\a\n" + + "\x03gte\x18\x05 \x01(\x05B\xb5\a\xc2H\xb1\a\n" + + "\x82\x01\n" + + "\tint32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbc\x01\n" + + "\fint32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc4\x01\n" + + "\x16int32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcc\x01\n" + + "\rint32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd4\x01\n" + + "\x17int32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12}\n" + + "\x02in\x18\x06 \x03(\x05Bm\xc2Hj\n" + + "h\n" + + "\bint32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12w\n" + + "\x06not_in\x18\a \x03(\x05B`\xc2H]\n" + + "[\n" + + "\fint32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x124\n" + "\aexample\x18\b \x03(\x05B\x1a\xc2H\x17\n" + "\x15\n" + "\rint32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xba\x15\n" + + "\fgreater_than\"\xde\x14\n" + "\n" + - "Int64Rules\x12\x8a\x01\n" + - "\x05const\x18\x01 \x01(\x03Bt\xc2Hq\n" + - "o\n" + - "\vint64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8e\x01\n" + - "\x02lt\x18\x02 \x01(\x03B|\xc2Hy\n" + - "w\n" + - "\bint64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa1\x01\n" + - "\x03lte\x18\x03 \x01(\x03B\x8c\x01\xc2H\x88\x01\n" + - "\x85\x01\n" + - "\tint64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x9b\a\n" + - "\x02gt\x18\x04 \x01(\x03B\x88\a\xc2H\x84\a\n" + - "z\n" + - "\bint64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb3\x01\n" + - "\vint64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbb\x01\n" + - "\x15int64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc3\x01\n" + - "\fint64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcb\x01\n" + - "\x16int64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xe8\a\n" + - "\x03gte\x18\x05 \x01(\x03B\xd3\a\xc2H\xcf\a\n" + - "\x88\x01\n" + - "\tint64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc2\x01\n" + - "\fint64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xca\x01\n" + - "\x16int64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd2\x01\n" + - "\rint64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xda\x01\n" + - "\x17int64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x83\x01\n" + - "\x02in\x18\x06 \x03(\x03Bs\xc2Hp\n" + - "n\n" + - "\bint64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12}\n" + - "\x06not_in\x18\a \x03(\x03Bf\xc2Hc\n" + - "a\n" + - "\fint64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x124\n" + + "Int64Rules\x12\x84\x01\n" + + "\x05const\x18\x01 \x01(\x03Bn\xc2Hk\n" + + "i\n" + + "\vint64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x88\x01\n" + + "\x02lt\x18\x02 \x01(\x03Bv\xc2Hs\n" + + "q\n" + + "\bint64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9a\x01\n" + + "\x03lte\x18\x03 \x01(\x03B\x85\x01\xc2H\x81\x01\n" + + "\x7f\n" + + "\tint64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xfd\x06\n" + + "\x02gt\x18\x04 \x01(\x03B\xea\x06\xc2H\xe6\x06\n" + + "t\n" + + "\bint64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xad\x01\n" + + "\vint64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb5\x01\n" + + "\x15int64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbd\x01\n" + + "\fint64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc5\x01\n" + + "\x16int64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xca\a\n" + + "\x03gte\x18\x05 \x01(\x03B\xb5\a\xc2H\xb1\a\n" + + "\x82\x01\n" + + "\tint64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbc\x01\n" + + "\fint64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc4\x01\n" + + "\x16int64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcc\x01\n" + + "\rint64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd4\x01\n" + + "\x17int64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12}\n" + + "\x02in\x18\x06 \x03(\x03Bm\xc2Hj\n" + + "h\n" + + "\bint64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12w\n" + + "\x06not_in\x18\a \x03(\x03B`\xc2H]\n" + + "[\n" + + "\fint64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x124\n" + "\aexample\x18\t \x03(\x03B\x1a\xc2H\x17\n" + "\x15\n" + "\rint64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xcb\x15\n" + - "\vUInt32Rules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\rBu\xc2Hr\n" + - "p\n" + - "\fuint32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8f\x01\n" + - "\x02lt\x18\x02 \x01(\rB}\xc2Hz\n" + - "x\n" + - "\tuint32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa2\x01\n" + - "\x03lte\x18\x03 \x01(\rB\x8d\x01\xc2H\x89\x01\n" + - "\x86\x01\n" + + "\fgreater_than\"\xf0\x14\n" + + "\vUInt32Rules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\rBo\xc2Hl\n" + + "j\n" + + "\fuint32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x89\x01\n" + + "\x02lt\x18\x02 \x01(\rBw\xc2Ht\n" + + "r\n" + + "\tuint32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9c\x01\n" + + "\x03lte\x18\x03 \x01(\rB\x87\x01\xc2H\x83\x01\n" + + "\x80\x01\n" + "\n" + - "uint32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa0\a\n" + - "\x02gt\x18\x04 \x01(\rB\x8d\a\xc2H\x89\a\n" + - "{\n" + - "\tuint32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb4\x01\n" + - "\fuint32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbc\x01\n" + - "\x16uint32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc4\x01\n" + - "\ruint32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcc\x01\n" + - "\x17uint32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xed\a\n" + - "\x03gte\x18\x05 \x01(\rB\xd8\a\xc2H\xd4\a\n" + - "\x89\x01\n" + + "uint32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x82\a\n" + + "\x02gt\x18\x04 \x01(\rB\xef\x06\xc2H\xeb\x06\n" + + "u\n" + + "\tuint32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xae\x01\n" + + "\fuint32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb6\x01\n" + + "\x16uint32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbe\x01\n" + + "\ruint32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc6\x01\n" + + "\x17uint32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xcf\a\n" + + "\x03gte\x18\x05 \x01(\rB\xba\a\xc2H\xb6\a\n" + + "\x83\x01\n" + "\n" + - "uint32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc3\x01\n" + - "\ruint32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcb\x01\n" + - "\x17uint32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\x0euint32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdb\x01\n" + - "\x18uint32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\rBt\xc2Hq\n" + - "o\n" + - "\tuint32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\rBg\xc2Hd\n" + - "b\n" + - "\ruint32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + + "uint32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbd\x01\n" + + "\ruint32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc5\x01\n" + + "\x17uint32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcd\x01\n" + + "\x0euint32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd5\x01\n" + + "\x18uint32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\rBn\xc2Hk\n" + + "i\n" + + "\tuint32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\rBa\xc2H^\n" + + "\\\n" + + "\ruint32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + "\aexample\x18\b \x03(\rB\x1b\xc2H\x18\n" + "\x16\n" + "\x0euint32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xcb\x15\n" + - "\vUInt64Rules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\x04Bu\xc2Hr\n" + - "p\n" + - "\fuint64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8f\x01\n" + - "\x02lt\x18\x02 \x01(\x04B}\xc2Hz\n" + - "x\n" + - "\tuint64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa2\x01\n" + - "\x03lte\x18\x03 \x01(\x04B\x8d\x01\xc2H\x89\x01\n" + - "\x86\x01\n" + + "\fgreater_than\"\xf0\x14\n" + + "\vUInt64Rules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\x04Bo\xc2Hl\n" + + "j\n" + + "\fuint64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x89\x01\n" + + "\x02lt\x18\x02 \x01(\x04Bw\xc2Ht\n" + + "r\n" + + "\tuint64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9c\x01\n" + + "\x03lte\x18\x03 \x01(\x04B\x87\x01\xc2H\x83\x01\n" + + "\x80\x01\n" + "\n" + - "uint64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa0\a\n" + - "\x02gt\x18\x04 \x01(\x04B\x8d\a\xc2H\x89\a\n" + - "{\n" + - "\tuint64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb4\x01\n" + - "\fuint64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbc\x01\n" + - "\x16uint64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc4\x01\n" + - "\ruint64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcc\x01\n" + - "\x17uint64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xed\a\n" + - "\x03gte\x18\x05 \x01(\x04B\xd8\a\xc2H\xd4\a\n" + - "\x89\x01\n" + + "uint64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x82\a\n" + + "\x02gt\x18\x04 \x01(\x04B\xef\x06\xc2H\xeb\x06\n" + + "u\n" + + "\tuint64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xae\x01\n" + + "\fuint64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb6\x01\n" + + "\x16uint64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbe\x01\n" + + "\ruint64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc6\x01\n" + + "\x17uint64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xcf\a\n" + + "\x03gte\x18\x05 \x01(\x04B\xba\a\xc2H\xb6\a\n" + + "\x83\x01\n" + "\n" + - "uint64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc3\x01\n" + - "\ruint64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcb\x01\n" + - "\x17uint64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\x0euint64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdb\x01\n" + - "\x18uint64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\x04Bt\xc2Hq\n" + - "o\n" + - "\tuint64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\x04Bg\xc2Hd\n" + - "b\n" + - "\ruint64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + + "uint64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbd\x01\n" + + "\ruint64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc5\x01\n" + + "\x17uint64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcd\x01\n" + + "\x0euint64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd5\x01\n" + + "\x18uint64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\x04Bn\xc2Hk\n" + + "i\n" + + "\tuint64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\x04Ba\xc2H^\n" + + "\\\n" + + "\ruint64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + "\aexample\x18\b \x03(\x04B\x1b\xc2H\x18\n" + "\x16\n" + "\x0euint64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xcb\x15\n" + - "\vSInt32Rules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\x11Bu\xc2Hr\n" + - "p\n" + - "\fsint32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8f\x01\n" + - "\x02lt\x18\x02 \x01(\x11B}\xc2Hz\n" + - "x\n" + - "\tsint32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa2\x01\n" + - "\x03lte\x18\x03 \x01(\x11B\x8d\x01\xc2H\x89\x01\n" + - "\x86\x01\n" + + "\fgreater_than\"\xf0\x14\n" + + "\vSInt32Rules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\x11Bo\xc2Hl\n" + + "j\n" + + "\fsint32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x89\x01\n" + + "\x02lt\x18\x02 \x01(\x11Bw\xc2Ht\n" + + "r\n" + + "\tsint32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9c\x01\n" + + "\x03lte\x18\x03 \x01(\x11B\x87\x01\xc2H\x83\x01\n" + + "\x80\x01\n" + "\n" + - "sint32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa0\a\n" + - "\x02gt\x18\x04 \x01(\x11B\x8d\a\xc2H\x89\a\n" + - "{\n" + - "\tsint32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb4\x01\n" + - "\fsint32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbc\x01\n" + - "\x16sint32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc4\x01\n" + - "\rsint32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcc\x01\n" + - "\x17sint32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xed\a\n" + - "\x03gte\x18\x05 \x01(\x11B\xd8\a\xc2H\xd4\a\n" + - "\x89\x01\n" + + "sint32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x82\a\n" + + "\x02gt\x18\x04 \x01(\x11B\xef\x06\xc2H\xeb\x06\n" + + "u\n" + + "\tsint32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xae\x01\n" + + "\fsint32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb6\x01\n" + + "\x16sint32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbe\x01\n" + + "\rsint32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc6\x01\n" + + "\x17sint32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xcf\a\n" + + "\x03gte\x18\x05 \x01(\x11B\xba\a\xc2H\xb6\a\n" + + "\x83\x01\n" + "\n" + - "sint32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc3\x01\n" + - "\rsint32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcb\x01\n" + - "\x17sint32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\x0esint32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdb\x01\n" + - "\x18sint32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\x11Bt\xc2Hq\n" + - "o\n" + - "\tsint32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\x11Bg\xc2Hd\n" + - "b\n" + - "\rsint32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + + "sint32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbd\x01\n" + + "\rsint32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc5\x01\n" + + "\x17sint32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcd\x01\n" + + "\x0esint32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd5\x01\n" + + "\x18sint32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\x11Bn\xc2Hk\n" + + "i\n" + + "\tsint32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\x11Ba\xc2H^\n" + + "\\\n" + + "\rsint32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + "\aexample\x18\b \x03(\x11B\x1b\xc2H\x18\n" + "\x16\n" + "\x0esint32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xcb\x15\n" + - "\vSInt64Rules\x12\x8b\x01\n" + - "\x05const\x18\x01 \x01(\x12Bu\xc2Hr\n" + - "p\n" + - "\fsint64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8f\x01\n" + - "\x02lt\x18\x02 \x01(\x12B}\xc2Hz\n" + - "x\n" + - "\tsint64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa2\x01\n" + - "\x03lte\x18\x03 \x01(\x12B\x8d\x01\xc2H\x89\x01\n" + - "\x86\x01\n" + + "\fgreater_than\"\xf0\x14\n" + + "\vSInt64Rules\x12\x85\x01\n" + + "\x05const\x18\x01 \x01(\x12Bo\xc2Hl\n" + + "j\n" + + "\fsint64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x89\x01\n" + + "\x02lt\x18\x02 \x01(\x12Bw\xc2Ht\n" + + "r\n" + + "\tsint64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9c\x01\n" + + "\x03lte\x18\x03 \x01(\x12B\x87\x01\xc2H\x83\x01\n" + + "\x80\x01\n" + "\n" + - "sint64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa0\a\n" + - "\x02gt\x18\x04 \x01(\x12B\x8d\a\xc2H\x89\a\n" + - "{\n" + - "\tsint64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb4\x01\n" + - "\fsint64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbc\x01\n" + - "\x16sint64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc4\x01\n" + - "\rsint64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcc\x01\n" + - "\x17sint64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xed\a\n" + - "\x03gte\x18\x05 \x01(\x12B\xd8\a\xc2H\xd4\a\n" + - "\x89\x01\n" + + "sint64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x82\a\n" + + "\x02gt\x18\x04 \x01(\x12B\xef\x06\xc2H\xeb\x06\n" + + "u\n" + + "\tsint64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xae\x01\n" + + "\fsint64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb6\x01\n" + + "\x16sint64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbe\x01\n" + + "\rsint64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc6\x01\n" + + "\x17sint64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xcf\a\n" + + "\x03gte\x18\x05 \x01(\x12B\xba\a\xc2H\xb6\a\n" + + "\x83\x01\n" + "\n" + - "sint64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc3\x01\n" + - "\rsint64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcb\x01\n" + - "\x17sint64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd3\x01\n" + - "\x0esint64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdb\x01\n" + - "\x18sint64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x84\x01\n" + - "\x02in\x18\x06 \x03(\x12Bt\xc2Hq\n" + - "o\n" + - "\tsint64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\a \x03(\x12Bg\xc2Hd\n" + - "b\n" + - "\rsint64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + + "sint64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbd\x01\n" + + "\rsint64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc5\x01\n" + + "\x17sint64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcd\x01\n" + + "\x0esint64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd5\x01\n" + + "\x18sint64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12~\n" + + "\x02in\x18\x06 \x03(\x12Bn\xc2Hk\n" + + "i\n" + + "\tsint64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\a \x03(\x12Ba\xc2H^\n" + + "\\\n" + + "\rsint64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x125\n" + "\aexample\x18\b \x03(\x12B\x1b\xc2H\x18\n" + "\x16\n" + "\x0esint64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xdc\x15\n" + - "\fFixed32Rules\x12\x8c\x01\n" + - "\x05const\x18\x01 \x01(\aBv\xc2Hs\n" + - "q\n" + - "\rfixed32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x90\x01\n" + - "\x02lt\x18\x02 \x01(\aB~\xc2H{\n" + - "y\n" + + "\fgreater_than\"\x81\x15\n" + + "\fFixed32Rules\x12\x86\x01\n" + + "\x05const\x18\x01 \x01(\aBp\xc2Hm\n" + + "k\n" + + "\rfixed32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8a\x01\n" + + "\x02lt\x18\x02 \x01(\aBx\xc2Hu\n" + + "s\n" + "\n" + - "fixed32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa3\x01\n" + - "\x03lte\x18\x03 \x01(\aB\x8e\x01\xc2H\x8a\x01\n" + - "\x87\x01\n" + - "\vfixed32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa5\a\n" + - "\x02gt\x18\x04 \x01(\aB\x92\a\xc2H\x8e\a\n" + - "|\n" + + "fixed32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9d\x01\n" + + "\x03lte\x18\x03 \x01(\aB\x88\x01\xc2H\x84\x01\n" + + "\x81\x01\n" + + "\vfixed32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x87\a\n" + + "\x02gt\x18\x04 \x01(\aB\xf4\x06\xc2H\xf0\x06\n" + + "v\n" + "\n" + - "fixed32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb5\x01\n" + - "\rfixed32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbd\x01\n" + - "\x17fixed32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc5\x01\n" + - "\x0efixed32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcd\x01\n" + - "\x18fixed32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf2\a\n" + - "\x03gte\x18\x05 \x01(\aB\xdd\a\xc2H\xd9\a\n" + - "\x8a\x01\n" + - "\vfixed32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc4\x01\n" + - "\x0efixed32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcc\x01\n" + - "\x18fixed32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd4\x01\n" + - "\x0ffixed32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdc\x01\n" + - "\x19fixed32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x85\x01\n" + - "\x02in\x18\x06 \x03(\aBu\xc2Hr\n" + - "p\n" + + "fixed32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xaf\x01\n" + + "\rfixed32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb7\x01\n" + + "\x17fixed32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbf\x01\n" + + "\x0efixed32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc7\x01\n" + + "\x18fixed32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xd4\a\n" + + "\x03gte\x18\x05 \x01(\aB\xbf\a\xc2H\xbb\a\n" + + "\x84\x01\n" + + "\vfixed32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbe\x01\n" + + "\x0efixed32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc6\x01\n" + + "\x18fixed32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xce\x01\n" + + "\x0ffixed32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd6\x01\n" + + "\x19fixed32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x7f\n" + + "\x02in\x18\x06 \x03(\aBo\xc2Hl\n" + + "j\n" + "\n" + - "fixed32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x7f\n" + - "\x06not_in\x18\a \x03(\aBh\xc2He\n" + - "c\n" + - "\x0efixed32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x126\n" + + "fixed32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12y\n" + + "\x06not_in\x18\a \x03(\aBb\xc2H_\n" + + "]\n" + + "\x0efixed32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x126\n" + "\aexample\x18\b \x03(\aB\x1c\xc2H\x19\n" + "\x17\n" + "\x0ffixed32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xdc\x15\n" + - "\fFixed64Rules\x12\x8c\x01\n" + - "\x05const\x18\x01 \x01(\x06Bv\xc2Hs\n" + - "q\n" + - "\rfixed64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x90\x01\n" + - "\x02lt\x18\x02 \x01(\x06B~\xc2H{\n" + - "y\n" + + "\fgreater_than\"\x81\x15\n" + + "\fFixed64Rules\x12\x86\x01\n" + + "\x05const\x18\x01 \x01(\x06Bp\xc2Hm\n" + + "k\n" + + "\rfixed64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8a\x01\n" + + "\x02lt\x18\x02 \x01(\x06Bx\xc2Hu\n" + + "s\n" + "\n" + - "fixed64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa3\x01\n" + - "\x03lte\x18\x03 \x01(\x06B\x8e\x01\xc2H\x8a\x01\n" + - "\x87\x01\n" + - "\vfixed64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa5\a\n" + - "\x02gt\x18\x04 \x01(\x06B\x92\a\xc2H\x8e\a\n" + - "|\n" + + "fixed64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9d\x01\n" + + "\x03lte\x18\x03 \x01(\x06B\x88\x01\xc2H\x84\x01\n" + + "\x81\x01\n" + + "\vfixed64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x87\a\n" + + "\x02gt\x18\x04 \x01(\x06B\xf4\x06\xc2H\xf0\x06\n" + + "v\n" + "\n" + - "fixed64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb5\x01\n" + - "\rfixed64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbd\x01\n" + - "\x17fixed64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc5\x01\n" + - "\x0efixed64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcd\x01\n" + - "\x18fixed64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf2\a\n" + - "\x03gte\x18\x05 \x01(\x06B\xdd\a\xc2H\xd9\a\n" + - "\x8a\x01\n" + - "\vfixed64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc4\x01\n" + - "\x0efixed64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcc\x01\n" + - "\x18fixed64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd4\x01\n" + - "\x0ffixed64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdc\x01\n" + - "\x19fixed64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x85\x01\n" + - "\x02in\x18\x06 \x03(\x06Bu\xc2Hr\n" + - "p\n" + + "fixed64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xaf\x01\n" + + "\rfixed64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb7\x01\n" + + "\x17fixed64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xbf\x01\n" + + "\x0efixed64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc7\x01\n" + + "\x18fixed64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xd4\a\n" + + "\x03gte\x18\x05 \x01(\x06B\xbf\a\xc2H\xbb\a\n" + + "\x84\x01\n" + + "\vfixed64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbe\x01\n" + + "\x0efixed64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc6\x01\n" + + "\x18fixed64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xce\x01\n" + + "\x0ffixed64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd6\x01\n" + + "\x19fixed64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x7f\n" + + "\x02in\x18\x06 \x03(\x06Bo\xc2Hl\n" + + "j\n" + "\n" + - "fixed64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x7f\n" + - "\x06not_in\x18\a \x03(\x06Bh\xc2He\n" + - "c\n" + - "\x0efixed64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x126\n" + + "fixed64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12y\n" + + "\x06not_in\x18\a \x03(\x06Bb\xc2H_\n" + + "]\n" + + "\x0efixed64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x126\n" + "\aexample\x18\b \x03(\x06B\x1c\xc2H\x19\n" + "\x17\n" + "\x0ffixed64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xee\x15\n" + - "\rSFixed32Rules\x12\x8d\x01\n" + - "\x05const\x18\x01 \x01(\x0fBw\xc2Ht\n" + - "r\n" + - "\x0esfixed32.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x91\x01\n" + - "\x02lt\x18\x02 \x01(\x0fB\x7f\xc2H|\n" + - "z\n" + - "\vsfixed32.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa4\x01\n" + - "\x03lte\x18\x03 \x01(\x0fB\x8f\x01\xc2H\x8b\x01\n" + - "\x88\x01\n" + - "\fsfixed32.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xaa\a\n" + - "\x02gt\x18\x04 \x01(\x0fB\x97\a\xc2H\x93\a\n" + - "}\n" + - "\vsfixed32.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb6\x01\n" + - "\x0esfixed32.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbe\x01\n" + - "\x18sfixed32.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc6\x01\n" + - "\x0fsfixed32.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xce\x01\n" + - "\x19sfixed32.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf7\a\n" + - "\x03gte\x18\x05 \x01(\x0fB\xe2\a\xc2H\xde\a\n" + - "\x8b\x01\n" + - "\fsfixed32.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc5\x01\n" + - "\x0fsfixed32.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcd\x01\n" + - "\x19sfixed32.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd5\x01\n" + - "\x10sfixed32.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdd\x01\n" + - "\x1asfixed32.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x86\x01\n" + - "\x02in\x18\x06 \x03(\x0fBv\xc2Hs\n" + - "q\n" + - "\vsfixed32.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x80\x01\n" + - "\x06not_in\x18\a \x03(\x0fBi\xc2Hf\n" + - "d\n" + - "\x0fsfixed32.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x127\n" + + "\fgreater_than\"\x93\x15\n" + + "\rSFixed32Rules\x12\x87\x01\n" + + "\x05const\x18\x01 \x01(\x0fBq\xc2Hn\n" + + "l\n" + + "\x0esfixed32.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8b\x01\n" + + "\x02lt\x18\x02 \x01(\x0fBy\xc2Hv\n" + + "t\n" + + "\vsfixed32.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9e\x01\n" + + "\x03lte\x18\x03 \x01(\x0fB\x89\x01\xc2H\x85\x01\n" + + "\x82\x01\n" + + "\fsfixed32.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x8c\a\n" + + "\x02gt\x18\x04 \x01(\x0fB\xf9\x06\xc2H\xf5\x06\n" + + "w\n" + + "\vsfixed32.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xb0\x01\n" + + "\x0esfixed32.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb8\x01\n" + + "\x18sfixed32.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc0\x01\n" + + "\x0fsfixed32.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc8\x01\n" + + "\x19sfixed32.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xd9\a\n" + + "\x03gte\x18\x05 \x01(\x0fB\xc4\a\xc2H\xc0\a\n" + + "\x85\x01\n" + + "\fsfixed32.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbf\x01\n" + + "\x0fsfixed32.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc7\x01\n" + + "\x19sfixed32.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcf\x01\n" + + "\x10sfixed32.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd7\x01\n" + + "\x1asfixed32.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x80\x01\n" + + "\x02in\x18\x06 \x03(\x0fBp\xc2Hm\n" + + "k\n" + + "\vsfixed32.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12z\n" + + "\x06not_in\x18\a \x03(\x0fBc\xc2H`\n" + + "^\n" + + "\x0fsfixed32.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x127\n" + "\aexample\x18\b \x03(\x0fB\x1d\xc2H\x1a\n" + "\x18\n" + "\x10sfixed32.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xee\x15\n" + - "\rSFixed64Rules\x12\x8d\x01\n" + - "\x05const\x18\x01 \x01(\x10Bw\xc2Ht\n" + - "r\n" + - "\x0esfixed64.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x91\x01\n" + - "\x02lt\x18\x02 \x01(\x10B\x7f\xc2H|\n" + - "z\n" + - "\vsfixed64.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xa4\x01\n" + - "\x03lte\x18\x03 \x01(\x10B\x8f\x01\xc2H\x8b\x01\n" + - "\x88\x01\n" + - "\fsfixed64.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xaa\a\n" + - "\x02gt\x18\x04 \x01(\x10B\x97\a\xc2H\x93\a\n" + - "}\n" + - "\vsfixed64.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb6\x01\n" + - "\x0esfixed64.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbe\x01\n" + - "\x18sfixed64.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc6\x01\n" + - "\x0fsfixed64.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xce\x01\n" + - "\x19sfixed64.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf7\a\n" + - "\x03gte\x18\x05 \x01(\x10B\xe2\a\xc2H\xde\a\n" + - "\x8b\x01\n" + - "\fsfixed64.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc5\x01\n" + - "\x0fsfixed64.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcd\x01\n" + - "\x19sfixed64.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd5\x01\n" + - "\x10sfixed64.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdd\x01\n" + - "\x1asfixed64.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x86\x01\n" + - "\x02in\x18\x06 \x03(\x10Bv\xc2Hs\n" + - "q\n" + - "\vsfixed64.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x80\x01\n" + - "\x06not_in\x18\a \x03(\x10Bi\xc2Hf\n" + - "d\n" + - "\x0fsfixed64.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x127\n" + + "\fgreater_than\"\x93\x15\n" + + "\rSFixed64Rules\x12\x87\x01\n" + + "\x05const\x18\x01 \x01(\x10Bq\xc2Hn\n" + + "l\n" + + "\x0esfixed64.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\x8b\x01\n" + + "\x02lt\x18\x02 \x01(\x10By\xc2Hv\n" + + "t\n" + + "\vsfixed64.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\x9e\x01\n" + + "\x03lte\x18\x03 \x01(\x10B\x89\x01\xc2H\x85\x01\n" + + "\x82\x01\n" + + "\fsfixed64.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\x8c\a\n" + + "\x02gt\x18\x04 \x01(\x10B\xf9\x06\xc2H\xf5\x06\n" + + "w\n" + + "\vsfixed64.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xb0\x01\n" + + "\x0esfixed64.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb8\x01\n" + + "\x18sfixed64.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc0\x01\n" + + "\x0fsfixed64.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc8\x01\n" + + "\x19sfixed64.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xd9\a\n" + + "\x03gte\x18\x05 \x01(\x10B\xc4\a\xc2H\xc0\a\n" + + "\x85\x01\n" + + "\fsfixed64.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbf\x01\n" + + "\x0fsfixed64.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc7\x01\n" + + "\x19sfixed64.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcf\x01\n" + + "\x10sfixed64.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd7\x01\n" + + "\x1asfixed64.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x80\x01\n" + + "\x02in\x18\x06 \x03(\x10Bp\xc2Hm\n" + + "k\n" + + "\vsfixed64.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12z\n" + + "\x06not_in\x18\a \x03(\x10Bc\xc2H`\n" + + "^\n" + + "\x0fsfixed64.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x127\n" + "\aexample\x18\b \x03(\x10B\x1d\xc2H\x1a\n" + "\x18\n" + "\x10sfixed64.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\xd7\x01\n" + - "\tBoolRules\x12\x89\x01\n" + - "\x05const\x18\x01 \x01(\bBs\xc2Hp\n" + - "n\n" + + "\fgreater_than\"\xd1\x01\n" + + "\tBoolRules\x12\x83\x01\n" + + "\x05const\x18\x01 \x01(\bBm\xc2Hj\n" + + "h\n" + "\n" + - "bool.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x123\n" + + "bool.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x123\n" + "\aexample\x18\x02 \x03(\bB\x19\xc2H\x16\n" + "\x14\n" + - "\fbool.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xcf;\n" + - "\vStringRules\x12\x8d\x01\n" + - "\x05const\x18\x01 \x01(\tBw\xc2Ht\n" + - "r\n" + - "\fstring.const\x1abthis != getField(rules, 'const') ? 'value must equal `%s`'.format([getField(rules, 'const')]) : ''R\x05const\x12\x83\x01\n" + - "\x03len\x18\x13 \x01(\x04Bq\xc2Hn\n" + + "\fbool.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xcf?\n" + + "\vStringRules\x12\x87\x01\n" + + "\x05const\x18\x01 \x01(\tBq\xc2Hn\n" + "l\n" + + "\fstring.const\x1a\\this != getField(rules, 'const') ? 'must equal `%s`'.format([getField(rules, 'const')]) : ''R\x05const\x12v\n" + + "\x03len\x18\x13 \x01(\x04Bd\xc2Ha\n" + + "_\n" + "\n" + - "string.len\x1a^uint(this.size()) != rules.len ? 'value length must be %s characters'.format([rules.len]) : ''R\x03len\x12\xa1\x01\n" + - "\amin_len\x18\x02 \x01(\x04B\x87\x01\xc2H\x83\x01\n" + - "\x80\x01\n" + - "\x0estring.min_len\x1anuint(this.size()) < rules.min_len ? 'value length must be at least %s characters'.format([rules.min_len]) : ''R\x06minLen\x12\x9f\x01\n" + - "\amax_len\x18\x03 \x01(\x04B\x85\x01\xc2H\x81\x01\n" + - "\x7f\n" + - "\x0estring.max_len\x1amuint(this.size()) > rules.max_len ? 'value length must be at most %s characters'.format([rules.max_len]) : ''R\x06maxLen\x12\xa5\x01\n" + - "\tlen_bytes\x18\x14 \x01(\x04B\x87\x01\xc2H\x83\x01\n" + - "\x80\x01\n" + - "\x10string.len_bytes\x1aluint(bytes(this).size()) != rules.len_bytes ? 'value length must be %s bytes'.format([rules.len_bytes]) : ''R\blenBytes\x12\xad\x01\n" + - "\tmin_bytes\x18\x04 \x01(\x04B\x8f\x01\xc2H\x8b\x01\n" + - "\x88\x01\n" + - "\x10string.min_bytes\x1atuint(bytes(this).size()) < rules.min_bytes ? 'value length must be at least %s bytes'.format([rules.min_bytes]) : ''R\bminBytes\x12\xac\x01\n" + - "\tmax_bytes\x18\x05 \x01(\x04B\x8e\x01\xc2H\x8a\x01\n" + - "\x87\x01\n" + - "\x10string.max_bytes\x1asuint(bytes(this).size()) > rules.max_bytes ? 'value length must be at most %s bytes'.format([rules.max_bytes]) : ''R\bmaxBytes\x12\x96\x01\n" + - "\apattern\x18\x06 \x01(\tB|\xc2Hy\n" + - "w\n" + - "\x0estring.pattern\x1ae!this.matches(rules.pattern) ? 'value does not match regex pattern `%s`'.format([rules.pattern]) : ''R\apattern\x12\x8c\x01\n" + - "\x06prefix\x18\a \x01(\tBt\xc2Hq\n" + - "o\n" + - "\rstring.prefix\x1a^!this.startsWith(rules.prefix) ? 'value does not have prefix `%s`'.format([rules.prefix]) : ''R\x06prefix\x12\x8a\x01\n" + - "\x06suffix\x18\b \x01(\tBr\xc2Ho\n" + - "m\n" + - "\rstring.suffix\x1a\\!this.endsWith(rules.suffix) ? 'value does not have suffix `%s`'.format([rules.suffix]) : ''R\x06suffix\x12\x9a\x01\n" + - "\bcontains\x18\t \x01(\tB~\xc2H{\n" + - "y\n" + - "\x0fstring.contains\x1af!this.contains(rules.contains) ? 'value does not contain substring `%s`'.format([rules.contains]) : ''R\bcontains\x12\xa5\x01\n" + - "\fnot_contains\x18\x17 \x01(\tB\x81\x01\xc2H~\n" + - "|\n" + - "\x13string.not_contains\x1aethis.contains(rules.not_contains) ? 'value contains substring `%s`'.format([rules.not_contains]) : ''R\vnotContains\x12\x84\x01\n" + + "string.len\x1aQuint(this.size()) != rules.len ? 'must be %s characters'.format([rules.len]) : ''R\x03len\x12\x91\x01\n" + + "\amin_len\x18\x02 \x01(\x04Bx\xc2Hu\n" + + "s\n" + + "\x0estring.min_len\x1aauint(this.size()) < rules.min_len ? 'must be at least %s characters'.format([rules.min_len]) : ''R\x06minLen\x12\x90\x01\n" + + "\amax_len\x18\x03 \x01(\x04Bw\xc2Ht\n" + + "r\n" + + "\x0estring.max_len\x1a`uint(this.size()) > rules.max_len ? 'must be at most %s characters'.format([rules.max_len]) : ''R\x06maxLen\x12\x95\x01\n" + + "\tlen_bytes\x18\x14 \x01(\x04Bx\xc2Hu\n" + + "s\n" + + "\x10string.len_bytes\x1a_uint(bytes(this).size()) != rules.len_bytes ? 'must be %s bytes'.format([rules.len_bytes]) : ''R\blenBytes\x12\x9e\x01\n" + + "\tmin_bytes\x18\x04 \x01(\x04B\x80\x01\xc2H}\n" + + "{\n" + + "\x10string.min_bytes\x1aguint(bytes(this).size()) < rules.min_bytes ? 'must be at least %s bytes'.format([rules.min_bytes]) : ''R\bminBytes\x12\x9c\x01\n" + + "\tmax_bytes\x18\x05 \x01(\x04B\x7f\xc2H|\n" + + "z\n" + + "\x10string.max_bytes\x1afuint(bytes(this).size()) > rules.max_bytes ? 'must be at most %s bytes'.format([rules.max_bytes]) : ''R\bmaxBytes\x12\x90\x01\n" + + "\apattern\x18\x06 \x01(\tBv\xc2Hs\n" + + "q\n" + + "\x0estring.pattern\x1a_!this.matches(rules.pattern) ? 'does not match regex pattern `%s`'.format([rules.pattern]) : ''R\apattern\x12\x86\x01\n" + + "\x06prefix\x18\a \x01(\tBn\xc2Hk\n" + + "i\n" + + "\rstring.prefix\x1aX!this.startsWith(rules.prefix) ? 'does not have prefix `%s`'.format([rules.prefix]) : ''R\x06prefix\x12\x84\x01\n" + + "\x06suffix\x18\b \x01(\tBl\xc2Hi\n" + + "g\n" + + "\rstring.suffix\x1aV!this.endsWith(rules.suffix) ? 'does not have suffix `%s`'.format([rules.suffix]) : ''R\x06suffix\x12\x94\x01\n" + + "\bcontains\x18\t \x01(\tBx\xc2Hu\n" + + "s\n" + + "\x0fstring.contains\x1a`!this.contains(rules.contains) ? 'does not contain substring `%s`'.format([rules.contains]) : ''R\bcontains\x12\x9e\x01\n" + + "\fnot_contains\x18\x17 \x01(\tB{\xc2Hx\n" + + "v\n" + + "\x13string.not_contains\x1a_this.contains(rules.not_contains) ? 'contains substring `%s`'.format([rules.not_contains]) : ''R\vnotContains\x12~\n" + "\x02in\x18\n" + - " \x03(\tBt\xc2Hq\n" + - "o\n" + - "\tstring.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12~\n" + - "\x06not_in\x18\v \x03(\tBg\xc2Hd\n" + - "b\n" + - "\rstring.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12\xe6\x01\n" + - "\x05email\x18\f \x01(\bB\xcd\x01\xc2H\xc9\x01\n" + - "a\n" + - "\fstring.email\x12#value must be a valid email address\x1a,!rules.email || this == '' || this.isEmail()\n" + + " \x03(\tBn\xc2Hk\n" + + "i\n" + + "\tstring.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12x\n" + + "\x06not_in\x18\v \x03(\tBa\xc2H^\n" + + "\\\n" + + "\rstring.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12\xe0\x01\n" + + "\x05email\x18\f \x01(\bB\xc7\x01\xc2H\xc3\x01\n" + + "[\n" + + "\fstring.email\x12\x1dmust be a valid email address\x1a,!rules.email || this == '' || this.isEmail()\n" + "d\n" + - "\x12string.email_empty\x122value is empty, which is not a valid email address\x1a\x1a!rules.email || this != ''H\x00R\x05email\x12\xf1\x01\n" + - "\bhostname\x18\r \x01(\bB\xd2\x01\xc2H\xce\x01\n" + - "e\n" + - "\x0fstring.hostname\x12\x1evalue must be a valid hostname\x1a2!rules.hostname || this == '' || this.isHostname()\n" + + "\x12string.email_empty\x122value is empty, which is not a valid email address\x1a\x1a!rules.email || this != ''H\x00R\x05email\x12\xeb\x01\n" + + "\bhostname\x18\r \x01(\bB\xcc\x01\xc2H\xc8\x01\n" + + "_\n" + + "\x0fstring.hostname\x12\x18must be a valid hostname\x1a2!rules.hostname || this == '' || this.isHostname()\n" + "e\n" + - "\x15string.hostname_empty\x12-value is empty, which is not a valid hostname\x1a\x1d!rules.hostname || this != ''H\x00R\bhostname\x12\xcb\x01\n" + - "\x02ip\x18\x0e \x01(\bB\xb8\x01\xc2H\xb4\x01\n" + - "U\n" + - "\tstring.ip\x12 value must be a valid IP address\x1a&!rules.ip || this == '' || this.isIp()\n" + + "\x15string.hostname_empty\x12-value is empty, which is not a valid hostname\x1a\x1d!rules.hostname || this != ''H\x00R\bhostname\x12\xc5\x01\n" + + "\x02ip\x18\x0e \x01(\bB\xb2\x01\xc2H\xae\x01\n" + + "O\n" + + "\tstring.ip\x12\x1amust be a valid IP address\x1a&!rules.ip || this == '' || this.isIp()\n" + "[\n" + - "\x0fstring.ip_empty\x12/value is empty, which is not a valid IP address\x1a\x17!rules.ip || this != ''H\x00R\x02ip\x12\xdc\x01\n" + - "\x04ipv4\x18\x0f \x01(\bB\xc5\x01\xc2H\xc1\x01\n" + - "\\\n" + - "\vstring.ipv4\x12\"value must be a valid IPv4 address\x1a)!rules.ipv4 || this == '' || this.isIp(4)\n" + + "\x0fstring.ip_empty\x12/value is empty, which is not a valid IP address\x1a\x17!rules.ip || this != ''H\x00R\x02ip\x12\xd6\x01\n" + + "\x04ipv4\x18\x0f \x01(\bB\xbf\x01\xc2H\xbb\x01\n" + + "V\n" + + "\vstring.ipv4\x12\x1cmust be a valid IPv4 address\x1a)!rules.ipv4 || this == '' || this.isIp(4)\n" + "a\n" + - "\x11string.ipv4_empty\x121value is empty, which is not a valid IPv4 address\x1a\x19!rules.ipv4 || this != ''H\x00R\x04ipv4\x12\xdc\x01\n" + - "\x04ipv6\x18\x10 \x01(\bB\xc5\x01\xc2H\xc1\x01\n" + - "\\\n" + - "\vstring.ipv6\x12\"value must be a valid IPv6 address\x1a)!rules.ipv6 || this == '' || this.isIp(6)\n" + + "\x11string.ipv4_empty\x121value is empty, which is not a valid IPv4 address\x1a\x19!rules.ipv4 || this != ''H\x00R\x04ipv4\x12\xd6\x01\n" + + "\x04ipv6\x18\x10 \x01(\bB\xbf\x01\xc2H\xbb\x01\n" + + "V\n" + + "\vstring.ipv6\x12\x1cmust be a valid IPv6 address\x1a)!rules.ipv6 || this == '' || this.isIp(6)\n" + "a\n" + - "\x11string.ipv6_empty\x121value is empty, which is not a valid IPv6 address\x1a\x19!rules.ipv6 || this != ''H\x00R\x04ipv6\x12\xc4\x01\n" + - "\x03uri\x18\x11 \x01(\bB\xaf\x01\xc2H\xab\x01\n" + - "Q\n" + + "\x11string.ipv6_empty\x121value is empty, which is not a valid IPv6 address\x1a\x19!rules.ipv6 || this != ''H\x00R\x04ipv6\x12\xbe\x01\n" + + "\x03uri\x18\x11 \x01(\bB\xa9\x01\xc2H\xa5\x01\n" + + "K\n" + "\n" + - "string.uri\x12\x19value must be a valid URI\x1a(!rules.uri || this == '' || this.isUri()\n" + + "string.uri\x12\x13must be a valid URI\x1a(!rules.uri || this == '' || this.isUri()\n" + "V\n" + - "\x10string.uri_empty\x12(value is empty, which is not a valid URI\x1a\x18!rules.uri || this != ''H\x00R\x03uri\x12x\n" + - "\auri_ref\x18\x12 \x01(\bB]\xc2HZ\n" + - "X\n" + - "\x0estring.uri_ref\x12#value must be a valid URI Reference\x1a!!rules.uri_ref || this.isUriRef()H\x00R\x06uriRef\x12\x99\x02\n" + - "\aaddress\x18\x15 \x01(\bB\xfc\x01\xc2H\xf8\x01\n" + - "\x81\x01\n" + - "\x0estring.address\x12-value must be a valid hostname, or ip address\x1a@!rules.address || this == '' || this.isHostname() || this.isIp()\n" + + "\x10string.uri_empty\x12(value is empty, which is not a valid URI\x1a\x18!rules.uri || this != ''H\x00R\x03uri\x12r\n" + + "\auri_ref\x18\x12 \x01(\bBW\xc2HT\n" + + "R\n" + + "\x0estring.uri_ref\x12\x1dmust be a valid URI Reference\x1a!!rules.uri_ref || this.isUriRef()H\x00R\x06uriRef\x12\x92\x02\n" + + "\aaddress\x18\x15 \x01(\bB\xf5\x01\xc2H\xf1\x01\n" + + "{\n" + + "\x0estring.address\x12'must be a valid hostname, or ip address\x1a@!rules.address || this == '' || this.isHostname() || this.isIp()\n" + "r\n" + - "\x14string.address_empty\x12!rules.ipv4_with_prefixlen || this == '' || this.isIpPrefix(4)\n" + + "\x1estring.ip_with_prefixlen_empty\x12.value is empty, which is not a valid IP prefix\x1a&!rules.ip_with_prefixlen || this != ''H\x00R\x0fipWithPrefixlen\x12\xdc\x02\n" + + "\x13ipv4_with_prefixlen\x18\x1b \x01(\bB\xa9\x02\xc2H\xa5\x02\n" + + "\x8d\x01\n" + + "\x1astring.ipv4_with_prefixlen\x12/must be a valid IPv4 address with prefix length\x1a>!rules.ipv4_with_prefixlen || this == '' || this.isIpPrefix(4)\n" + "\x92\x01\n" + - " string.ipv4_with_prefixlen_empty\x12Dvalue is empty, which is not a valid IPv4 address with prefix length\x1a(!rules.ipv4_with_prefixlen || this != ''H\x00R\x11ipv4WithPrefixlen\x12\xe2\x02\n" + - "\x13ipv6_with_prefixlen\x18\x1c \x01(\bB\xaf\x02\xc2H\xab\x02\n" + - "\x93\x01\n" + - "\x1astring.ipv6_with_prefixlen\x125value must be a valid IPv6 address with prefix length\x1a>!rules.ipv6_with_prefixlen || this == '' || this.isIpPrefix(6)\n" + + " string.ipv4_with_prefixlen_empty\x12Dvalue is empty, which is not a valid IPv4 address with prefix length\x1a(!rules.ipv4_with_prefixlen || this != ''H\x00R\x11ipv4WithPrefixlen\x12\xdc\x02\n" + + "\x13ipv6_with_prefixlen\x18\x1c \x01(\bB\xa9\x02\xc2H\xa5\x02\n" + + "\x8d\x01\n" + + "\x1astring.ipv6_with_prefixlen\x12/must be a valid IPv6 address with prefix length\x1a>!rules.ipv6_with_prefixlen || this == '' || this.isIpPrefix(6)\n" + "\x92\x01\n" + - " string.ipv6_with_prefixlen_empty\x12Dvalue is empty, which is not a valid IPv6 address with prefix length\x1a(!rules.ipv6_with_prefixlen || this != ''H\x00R\x11ipv6WithPrefixlen\x12\xfc\x01\n" + - "\tip_prefix\x18\x1d \x01(\bB\xdc\x01\xc2H\xd8\x01\n" + - "l\n" + - "\x10string.ip_prefix\x12\x1fvalue must be a valid IP prefix\x1a7!rules.ip_prefix || this == '' || this.isIpPrefix(true)\n" + + " string.ipv6_with_prefixlen_empty\x12Dvalue is empty, which is not a valid IPv6 address with prefix length\x1a(!rules.ipv6_with_prefixlen || this != ''H\x00R\x11ipv6WithPrefixlen\x12\xf6\x01\n" + + "\tip_prefix\x18\x1d \x01(\bB\xd6\x01\xc2H\xd2\x01\n" + + "f\n" + + "\x10string.ip_prefix\x12\x19must be a valid IP prefix\x1a7!rules.ip_prefix || this == '' || this.isIpPrefix(true)\n" + "h\n" + - "\x16string.ip_prefix_empty\x12.value is empty, which is not a valid IP prefix\x1a\x1e!rules.ip_prefix || this != ''H\x00R\bipPrefix\x12\x8f\x02\n" + - "\vipv4_prefix\x18\x1e \x01(\bB\xeb\x01\xc2H\xe7\x01\n" + - "u\n" + - "\x12string.ipv4_prefix\x12!value must be a valid IPv4 prefix\x1a!rules.host_and_port || this == '' || this.isHostAndPort(true)\n" + + "ipv6Prefix\x12\xbc\x02\n" + + "\rhost_and_port\x18 \x01(\bB\x95\x02\xc2H\x91\x02\n" + + "\x93\x01\n" + + "\x14string.host_and_port\x12;must be a valid host (hostname or IP address) and port pair\x1a>!rules.host_and_port || this == '' || this.isHostAndPort(true)\n" + "y\n" + - "\x1astring.host_and_port_empty\x127value is empty, which is not a valid host and port pair\x1a\"!rules.host_and_port || this != ''H\x00R\vhostAndPort\x12\xfb\x01\n" + - "\x04ulid\x18# \x01(\bB\xe4\x01\xc2H\xe0\x01\n" + - "\x82\x01\n" + - "\vstring.ulid\x12\x1avalue must be a valid ULID\x1aW!rules.ulid || this == '' || this.matches('^[0-7][0-9A-HJKMNP-TV-Za-hjkmnp-tv-z]{25}$')\n" + + "\x1astring.host_and_port_empty\x127value is empty, which is not a valid host and port pair\x1a\"!rules.host_and_port || this != ''H\x00R\vhostAndPort\x12\xf4\x01\n" + + "\x04ulid\x18# \x01(\bB\xdd\x01\xc2H\xd9\x01\n" + + "|\n" + + "\vstring.ulid\x12\x14must be a valid ULID\x1aW!rules.ulid || this == '' || this.matches('^[0-7][0-9A-HJKMNP-TV-Za-hjkmnp-tv-z]{25}$')\n" + "Y\n" + - "\x11string.ulid_empty\x12)value is empty, which is not a valid ULID\x1a\x19!rules.ulid || this != ''H\x00R\x04ulid\x12\xb8\x05\n" + - "\x10well_known_regex\x18\x18 \x01(\x0e2\x18.buf.validate.KnownRegexB\xf1\x04\xc2H\xed\x04\n" + - "\xf0\x01\n" + - "#string.well_known_regex.header_name\x12&value must be a valid HTTP header name\x1a\xa0\x01rules.well_known_regex != 1 || this == '' || this.matches(!has(rules.strict) || rules.strict ?'^:?[0-9a-zA-Z!#$%&\\'*+-.^_|~\\x60]+$' :'^[^\\u0000\\u000A\\u000D]+$')\n" + + "\x11string.ulid_empty\x12)value is empty, which is not a valid ULID\x1a\x19!rules.ulid || this != ''H\x00R\x04ulid\x12\xe1\x02\n" + + "\fprotobuf_fqn\x18% \x01(\bB\xbb\x02\xc2H\xb7\x02\n" + + "\xaf\x01\n" + + "\x13string.protobuf_fqn\x12-must be a valid fully-qualified Protobuf name\x1ai!rules.protobuf_fqn || this == '' || this.matches('^[A-Za-z_][A-Za-z_0-9]*(\\\\.[A-Za-z_][A-Za-z_0-9]*)*$')\n" + + "\x82\x01\n" + + "\x19string.protobuf_fqn_empty\x12Bvalue is empty, which is not a valid fully-qualified Protobuf name\x1a!!rules.protobuf_fqn || this != ''H\x00R\vprotobufFqn\x12\xa1\x03\n" + + "\x10protobuf_dot_fqn\x18& \x01(\bB\xf4\x02\xc2H\xf0\x02\n" + + "\xcd\x01\n" + + "\x17string.protobuf_dot_fqn\x12@must be a valid fully-qualified Protobuf name with a leading dot\x1ap!rules.protobuf_dot_fqn || this == '' || this.matches('^\\\\.[A-Za-z_][A-Za-z_0-9]*(\\\\.[A-Za-z_][A-Za-z_0-9]*)*$')\n" + + "\x9d\x01\n" + + "\x1dstring.protobuf_dot_fqn_empty\x12Uvalue is empty, which is not a valid fully-qualified Protobuf name with a leading dot\x1a%!rules.protobuf_dot_fqn || this != ''H\x00R\x0eprotobufDotFqn\x12\xac\x05\n" + + "\x10well_known_regex\x18\x18 \x01(\x0e2\x18.buf.validate.KnownRegexB\xe5\x04\xc2H\xe1\x04\n" + + "\xea\x01\n" + + "#string.well_known_regex.header_name\x12 must be a valid HTTP header name\x1a\xa0\x01rules.well_known_regex != 1 || this == '' || this.matches(!has(rules.strict) || rules.strict ?'^:?[0-9a-zA-Z!#$%&\\'*+-.^_|~\\x60]+$' :'^[^\\u0000\\u000A\\u000D]+$')\n" + "\x8d\x01\n" + ")string.well_known_regex.header_name_empty\x125value is empty, which is not a valid HTTP header name\x1a)rules.well_known_regex != 1 || this != ''\n" + - "\xe7\x01\n" + - "$string.well_known_regex.header_value\x12'value must be a valid HTTP header value\x1a\x95\x01rules.well_known_regex != 2 || this.matches(!has(rules.strict) || rules.strict ?'^[^\\u0000-\\u0008\\u000A-\\u001F\\u007F]*$' :'^[^\\u0000\\u000A\\u000D]*$')H\x00R\x0ewellKnownRegex\x12\x16\n" + + "\xe1\x01\n" + + "$string.well_known_regex.header_value\x12!must be a valid HTTP header value\x1a\x95\x01rules.well_known_regex != 2 || this.matches(!has(rules.strict) || rules.strict ?'^[^\\u0000-\\u0008\\u000A-\\u001F\\u007F]*$' :'^[^\\u0000\\u000A\\u000D]*$')H\x00R\x0ewellKnownRegex\x12\x16\n" + "\x06strict\x18\x19 \x01(\bR\x06strict\x125\n" + "\aexample\x18\" \x03(\tB\x1b\xc2H\x18\n" + "\x16\n" + "\x0estring.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\f\n" + "\n" + - "well_known\"\xac\x13\n" + + "well_known\"\xca\x12\n" + "\n" + - "BytesRules\x12\x87\x01\n" + - "\x05const\x18\x01 \x01(\fBq\xc2Hn\n" + - "l\n" + - "\vbytes.const\x1a]this != getField(rules, 'const') ? 'value must be %x'.format([getField(rules, 'const')]) : ''R\x05const\x12}\n" + - "\x03len\x18\r \x01(\x04Bk\xc2Hh\n" + + "BytesRules\x12\x81\x01\n" + + "\x05const\x18\x01 \x01(\fBk\xc2Hh\n" + "f\n" + - "\tbytes.len\x1aYuint(this.size()) != rules.len ? 'value length must be %s bytes'.format([rules.len]) : ''R\x03len\x12\x98\x01\n" + - "\amin_len\x18\x02 \x01(\x04B\x7f\xc2H|\n" + - "z\n" + - "\rbytes.min_len\x1aiuint(this.size()) < rules.min_len ? 'value length must be at least %s bytes'.format([rules.min_len]) : ''R\x06minLen\x12\x90\x01\n" + - "\amax_len\x18\x03 \x01(\x04Bw\xc2Ht\n" + - "r\n" + - "\rbytes.max_len\x1aauint(this.size()) > rules.max_len ? 'value must be at most %s bytes'.format([rules.max_len]) : ''R\x06maxLen\x12\x99\x01\n" + - "\apattern\x18\x04 \x01(\tB\x7f\xc2H|\n" + - "z\n" + - "\rbytes.pattern\x1ai!string(this).matches(rules.pattern) ? 'value must match regex pattern `%s`'.format([rules.pattern]) : ''R\apattern\x12\x89\x01\n" + - "\x06prefix\x18\x05 \x01(\fBq\xc2Hn\n" + - "l\n" + - "\fbytes.prefix\x1a\\!this.startsWith(rules.prefix) ? 'value does not have prefix %x'.format([rules.prefix]) : ''R\x06prefix\x12\x87\x01\n" + - "\x06suffix\x18\x06 \x01(\fBo\xc2Hl\n" + - "j\n" + - "\fbytes.suffix\x1aZ!this.endsWith(rules.suffix) ? 'value does not have suffix %x'.format([rules.suffix]) : ''R\x06suffix\x12\x8d\x01\n" + - "\bcontains\x18\a \x01(\fBq\xc2Hn\n" + + "\vbytes.const\x1aWthis != getField(rules, 'const') ? 'must be %x'.format([getField(rules, 'const')]) : ''R\x05const\x12p\n" + + "\x03len\x18\r \x01(\x04B^\xc2H[\n" + + "Y\n" + + "\tbytes.len\x1aLuint(this.size()) != rules.len ? 'must be %s bytes'.format([rules.len]) : ''R\x03len\x12\x8b\x01\n" + + "\amin_len\x18\x02 \x01(\x04Br\xc2Ho\n" + + "m\n" + + "\rbytes.min_len\x1a\\uint(this.size()) < rules.min_len ? 'must be at least %s bytes'.format([rules.min_len]) : ''R\x06minLen\x12\x8a\x01\n" + + "\amax_len\x18\x03 \x01(\x04Bq\xc2Hn\n" + "l\n" + - "\x0ebytes.contains\x1aZ!this.contains(rules.contains) ? 'value does not contain %x'.format([rules.contains]) : ''R\bcontains\x12\xab\x01\n" + - "\x02in\x18\b \x03(\fB\x9a\x01\xc2H\x96\x01\n" + - "\x93\x01\n" + - "\bbytes.in\x1a\x86\x01getField(rules, 'in').size() > 0 && !(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12}\n" + - "\x06not_in\x18\t \x03(\fBf\xc2Hc\n" + - "a\n" + - "\fbytes.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12\xef\x01\n" + - "\x02ip\x18\n" + - " \x01(\bB\xdc\x01\xc2H\xd8\x01\n" + + "\rbytes.max_len\x1a[uint(this.size()) > rules.max_len ? 'must be at most %s bytes'.format([rules.max_len]) : ''R\x06maxLen\x12\x93\x01\n" + + "\apattern\x18\x04 \x01(\tBy\xc2Hv\n" + "t\n" + - "\bbytes.ip\x12 value must be a valid IP address\x1aF!rules.ip || this.size() == 0 || this.size() == 4 || this.size() == 16\n" + + "\rbytes.pattern\x1ac!string(this).matches(rules.pattern) ? 'must match regex pattern `%s`'.format([rules.pattern]) : ''R\apattern\x12\x83\x01\n" + + "\x06prefix\x18\x05 \x01(\fBk\xc2Hh\n" + + "f\n" + + "\fbytes.prefix\x1aV!this.startsWith(rules.prefix) ? 'does not have prefix %x'.format([rules.prefix]) : ''R\x06prefix\x12\x81\x01\n" + + "\x06suffix\x18\x06 \x01(\fBi\xc2Hf\n" + + "d\n" + + "\fbytes.suffix\x1aT!this.endsWith(rules.suffix) ? 'does not have suffix %x'.format([rules.suffix]) : ''R\x06suffix\x12\x87\x01\n" + + "\bcontains\x18\a \x01(\fBk\xc2Hh\n" + + "f\n" + + "\x0ebytes.contains\x1aT!this.contains(rules.contains) ? 'does not contain %x'.format([rules.contains]) : ''R\bcontains\x12\xa5\x01\n" + + "\x02in\x18\b \x03(\fB\x94\x01\xc2H\x90\x01\n" + + "\x8d\x01\n" + + "\bbytes.in\x1a\x80\x01getField(rules, 'in').size() > 0 && !(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12w\n" + + "\x06not_in\x18\t \x03(\fB`\xc2H]\n" + + "[\n" + + "\fbytes.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12\xe9\x01\n" + + "\x02ip\x18\n" + + " \x01(\bB\xd6\x01\xc2H\xd2\x01\n" + + "n\n" + + "\bbytes.ip\x12\x1amust be a valid IP address\x1aF!rules.ip || this.size() == 0 || this.size() == 4 || this.size() == 16\n" + "`\n" + - "\x0ebytes.ip_empty\x12/value is empty, which is not a valid IP address\x1a\x1d!rules.ip || this.size() != 0H\x00R\x02ip\x12\xea\x01\n" + - "\x04ipv4\x18\v \x01(\bB\xd3\x01\xc2H\xcf\x01\n" + - "e\n" + + "\x0ebytes.ip_empty\x12/value is empty, which is not a valid IP address\x1a\x1d!rules.ip || this.size() != 0H\x00R\x02ip\x12\xe4\x01\n" + + "\x04ipv4\x18\v \x01(\bB\xcd\x01\xc2H\xc9\x01\n" + + "_\n" + "\n" + - "bytes.ipv4\x12\"value must be a valid IPv4 address\x1a3!rules.ipv4 || this.size() == 0 || this.size() == 4\n" + - "f\n" + - "\x10bytes.ipv4_empty\x121value is empty, which is not a valid IPv4 address\x1a\x1f!rules.ipv4 || this.size() != 0H\x00R\x04ipv4\x12\xeb\x01\n" + - "\x04ipv6\x18\f \x01(\bB\xd4\x01\xc2H\xd0\x01\n" + + "bytes.ipv4\x12\x1cmust be a valid IPv4 address\x1a3!rules.ipv4 || this.size() == 0 || this.size() == 4\n" + "f\n" + + "\x10bytes.ipv4_empty\x121value is empty, which is not a valid IPv4 address\x1a\x1f!rules.ipv4 || this.size() != 0H\x00R\x04ipv4\x12\xe5\x01\n" + + "\x04ipv6\x18\f \x01(\bB\xce\x01\xc2H\xca\x01\n" + + "`\n" + "\n" + - "bytes.ipv6\x12\"value must be a valid IPv6 address\x1a4!rules.ipv6 || this.size() == 0 || this.size() == 16\n" + + "bytes.ipv6\x12\x1cmust be a valid IPv6 address\x1a4!rules.ipv6 || this.size() == 0 || this.size() == 16\n" + "f\n" + - "\x10bytes.ipv6_empty\x121value is empty, which is not a valid IPv6 address\x1a\x1f!rules.ipv6 || this.size() != 0H\x00R\x04ipv6\x12\xdb\x01\n" + - "\x04uuid\x18\x0f \x01(\bB\xc4\x01\xc2H\xc0\x01\n" + - "^\n" + + "\x10bytes.ipv6_empty\x121value is empty, which is not a valid IPv6 address\x1a\x1f!rules.ipv6 || this.size() != 0H\x00R\x04ipv6\x12\xd5\x01\n" + + "\x04uuid\x18\x0f \x01(\bB\xbe\x01\xc2H\xba\x01\n" + + "X\n" + "\n" + - "bytes.uuid\x12\x1avalue must be a valid UUID\x1a4!rules.uuid || this.size() == 0 || this.size() == 16\n" + + "bytes.uuid\x12\x14must be a valid UUID\x1a4!rules.uuid || this.size() == 0 || this.size() == 16\n" + "^\n" + "\x10bytes.uuid_empty\x12)value is empty, which is not a valid UUID\x1a\x1f!rules.uuid || this.size() != 0H\x00R\x04uuid\x124\n" + "\aexample\x18\x0e \x03(\fB\x1a\xc2H\x17\n" + "\x15\n" + "\rbytes.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\f\n" + "\n" + - "well_known\"\xfd\x03\n" + - "\tEnumRules\x12\x89\x01\n" + - "\x05const\x18\x01 \x01(\x05Bs\xc2Hp\n" + - "n\n" + + "well_known\"\xea\x03\n" + + "\tEnumRules\x12\x83\x01\n" + + "\x05const\x18\x01 \x01(\x05Bm\xc2Hj\n" + + "h\n" + "\n" + - "enum.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12!\n" + - "\fdefined_only\x18\x02 \x01(\bR\vdefinedOnly\x12\x82\x01\n" + - "\x02in\x18\x03 \x03(\x05Br\xc2Ho\n" + - "m\n" + - "\aenum.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12|\n" + - "\x06not_in\x18\x04 \x03(\x05Be\xc2Hb\n" + - "`\n" + - "\venum.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x123\n" + + "enum.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12!\n" + + "\fdefined_only\x18\x02 \x01(\bR\vdefinedOnly\x12|\n" + + "\x02in\x18\x03 \x03(\x05Bl\xc2Hi\n" + + "g\n" + + "\aenum.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12v\n" + + "\x06not_in\x18\x04 \x03(\x05B_\xc2H\\\n" + + "Z\n" + + "\venum.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x123\n" + "\aexample\x18\x05 \x03(\x05B\x19\xc2H\x16\n" + "\x14\n" + - "\fenum.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\x9e\x04\n" + - "\rRepeatedRules\x12\xa8\x01\n" + - "\tmin_items\x18\x01 \x01(\x04B\x8a\x01\xc2H\x86\x01\n" + - "\x83\x01\n" + - "\x12repeated.min_items\x1amuint(this.size()) < rules.min_items ? 'value must contain at least %d item(s)'.format([rules.min_items]) : ''R\bminItems\x12\xac\x01\n" + - "\tmax_items\x18\x02 \x01(\x04B\x8e\x01\xc2H\x8a\x01\n" + - "\x87\x01\n" + - "\x12repeated.max_items\x1aquint(this.size()) > rules.max_items ? 'value must contain no more than %s item(s)'.format([rules.max_items]) : ''R\bmaxItems\x12x\n" + + "\fenum.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\x90\x04\n" + + "\rRepeatedRules\x12\xa0\x01\n" + + "\tmin_items\x18\x01 \x01(\x04B\x82\x01\xc2H\x7f\n" + + "}\n" + + "\x12repeated.min_items\x1aguint(this.size()) < rules.min_items ? 'must contain at least %d item(s)'.format([rules.min_items]) : ''R\bminItems\x12\xa6\x01\n" + + "\tmax_items\x18\x02 \x01(\x04B\x88\x01\xc2H\x84\x01\n" + + "\x81\x01\n" + + "\x12repeated.max_items\x1akuint(this.size()) > rules.max_items ? 'must contain no more than %s item(s)'.format([rules.max_items]) : ''R\bmaxItems\x12x\n" + "\x06unique\x18\x03 \x01(\bB`\xc2H]\n" + "[\n" + "\x0frepeated.unique\x12(repeated value must contain unique items\x1a\x1e!rules.unique || this.unique()R\x06unique\x12.\n" + @@ -15559,104 +15751,104 @@ const file_buf_validate_validate_proto_rawDesc = "" + "\x06values\x18\x05 \x01(\v2\x18.buf.validate.FieldRulesR\x06values*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"1\n" + "\bAnyRules\x12\x0e\n" + "\x02in\x18\x02 \x03(\tR\x02in\x12\x15\n" + - "\x06not_in\x18\x03 \x03(\tR\x05notIn\"\xc6\x17\n" + - "\rDurationRules\x12\xa8\x01\n" + - "\x05const\x18\x02 \x01(\v2\x19.google.protobuf.DurationBw\xc2Ht\n" + - "r\n" + - "\x0eduration.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xac\x01\n" + - "\x02lt\x18\x03 \x01(\v2\x19.google.protobuf.DurationB\x7f\xc2H|\n" + - "z\n" + - "\vduration.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xbf\x01\n" + - "\x03lte\x18\x04 \x01(\v2\x19.google.protobuf.DurationB\x8f\x01\xc2H\x8b\x01\n" + - "\x88\x01\n" + - "\fduration.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xc5\a\n" + - "\x02gt\x18\x05 \x01(\v2\x19.google.protobuf.DurationB\x97\a\xc2H\x93\a\n" + - "}\n" + - "\vduration.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb6\x01\n" + - "\x0eduration.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbe\x01\n" + - "\x18duration.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc6\x01\n" + - "\x0fduration.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xce\x01\n" + - "\x19duration.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\x92\b\n" + - "\x03gte\x18\x06 \x01(\v2\x19.google.protobuf.DurationB\xe2\a\xc2H\xde\a\n" + - "\x8b\x01\n" + - "\fduration.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc5\x01\n" + - "\x0fduration.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xcd\x01\n" + - "\x19duration.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd5\x01\n" + - "\x10duration.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xdd\x01\n" + - "\x1aduration.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\xa1\x01\n" + - "\x02in\x18\a \x03(\v2\x19.google.protobuf.DurationBv\xc2Hs\n" + - "q\n" + - "\vduration.in\x1ab!(this in getField(rules, 'in')) ? 'value must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x9b\x01\n" + - "\x06not_in\x18\b \x03(\v2\x19.google.protobuf.DurationBi\xc2Hf\n" + - "d\n" + - "\x0fduration.not_in\x1aQthis in rules.not_in ? 'value must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12R\n" + + "\x06not_in\x18\x03 \x03(\tR\x05notIn\"\xec\x16\n" + + "\rDurationRules\x12\xa2\x01\n" + + "\x05const\x18\x02 \x01(\v2\x19.google.protobuf.DurationBq\xc2Hn\n" + + "l\n" + + "\x0eduration.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xa6\x01\n" + + "\x02lt\x18\x03 \x01(\v2\x19.google.protobuf.DurationBy\xc2Hv\n" + + "t\n" + + "\vduration.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xb9\x01\n" + + "\x03lte\x18\x04 \x01(\v2\x19.google.protobuf.DurationB\x89\x01\xc2H\x85\x01\n" + + "\x82\x01\n" + + "\fduration.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12\xa7\a\n" + + "\x02gt\x18\x05 \x01(\v2\x19.google.protobuf.DurationB\xf9\x06\xc2H\xf5\x06\n" + + "w\n" + + "\vduration.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xb0\x01\n" + + "\x0eduration.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb8\x01\n" + + "\x18duration.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc0\x01\n" + + "\x0fduration.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc8\x01\n" + + "\x19duration.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xf4\a\n" + + "\x03gte\x18\x06 \x01(\v2\x19.google.protobuf.DurationB\xc4\a\xc2H\xc0\a\n" + + "\x85\x01\n" + + "\fduration.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xbf\x01\n" + + "\x0fduration.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc7\x01\n" + + "\x19duration.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xcf\x01\n" + + "\x10duration.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd7\x01\n" + + "\x1aduration.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12\x9b\x01\n" + + "\x02in\x18\a \x03(\v2\x19.google.protobuf.DurationBp\xc2Hm\n" + + "k\n" + + "\vduration.in\x1a\\!(this in getField(rules, 'in')) ? 'must be in list %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\x95\x01\n" + + "\x06not_in\x18\b \x03(\v2\x19.google.protobuf.DurationBc\xc2H`\n" + + "^\n" + + "\x0fduration.not_in\x1aKthis in rules.not_in ? 'must not be in list %s'.format([rules.not_in]) : ''R\x05notIn\x12R\n" + "\aexample\x18\t \x03(\v2\x19.google.protobuf.DurationB\x1d\xc2H\x1a\n" + "\x18\n" + "\x10duration.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02B\v\n" + "\tless_thanB\x0e\n" + - "\fgreater_than\"\x98\x06\n" + - "\x0eFieldMaskRules\x12\xc6\x01\n" + - "\x05const\x18\x01 \x01(\v2\x1a.google.protobuf.FieldMaskB\x93\x01\xc2H\x8f\x01\n" + - "\x8c\x01\n" + - "\x10field_mask.const\x1axthis.paths != getField(rules, 'const').paths ? 'value must equal paths %s'.format([getField(rules, 'const').paths]) : ''R\x05const\x12\xdd\x01\n" + - "\x02in\x18\x02 \x03(\tB\xcc\x01\xc2H\xc8\x01\n" + - "\xc5\x01\n" + - "\rfield_mask.in\x1a\xb3\x01!this.paths.all(p, p in getField(rules, 'in') || getField(rules, 'in').exists(f, p.startsWith(f+'.'))) ? 'value must only contain paths in %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\xfa\x01\n" + - "\x06not_in\x18\x03 \x03(\tB\xe2\x01\xc2H\xde\x01\n" + - "\xdb\x01\n" + - "\x11field_mask.not_in\x1a\xc5\x01!this.paths.all(p, !(p in getField(rules, 'not_in') || getField(rules, 'not_in').exists(f, p.startsWith(f+'.')))) ? 'value must not contain any paths in %s'.format([getField(rules, 'not_in')]) : ''R\x05notIn\x12U\n" + + "\fgreater_than\"\x86\x06\n" + + "\x0eFieldMaskRules\x12\xc0\x01\n" + + "\x05const\x18\x01 \x01(\v2\x1a.google.protobuf.FieldMaskB\x8d\x01\xc2H\x89\x01\n" + + "\x86\x01\n" + + "\x10field_mask.const\x1arthis.paths != getField(rules, 'const').paths ? 'must equal paths %s'.format([getField(rules, 'const').paths]) : ''R\x05const\x12\xd7\x01\n" + + "\x02in\x18\x02 \x03(\tB\xc6\x01\xc2H\xc2\x01\n" + + "\xbf\x01\n" + + "\rfield_mask.in\x1a\xad\x01!this.paths.all(p, p in getField(rules, 'in') || getField(rules, 'in').exists(f, p.startsWith(f+'.'))) ? 'must only contain paths in %s'.format([getField(rules, 'in')]) : ''R\x02in\x12\xf4\x01\n" + + "\x06not_in\x18\x03 \x03(\tB\xdc\x01\xc2H\xd8\x01\n" + + "\xd5\x01\n" + + "\x11field_mask.not_in\x1a\xbf\x01!this.paths.all(p, !(p in getField(rules, 'not_in') || getField(rules, 'not_in').exists(f, p.startsWith(f+'.')))) ? 'must not contain any paths in %s'.format([getField(rules, 'not_in')]) : ''R\x05notIn\x12U\n" + "\aexample\x18\x04 \x03(\v2\x1a.google.protobuf.FieldMaskB\x1f\xc2H\x1c\n" + "\x1a\n" + - "\x12field_mask.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xca\x18\n" + - "\x0eTimestampRules\x12\xaa\x01\n" + - "\x05const\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampBx\xc2Hu\n" + - "s\n" + - "\x0ftimestamp.const\x1a`this != getField(rules, 'const') ? 'value must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xaf\x01\n" + - "\x02lt\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampB\x80\x01\xc2H}\n" + - "{\n" + - "\ftimestamp.lt\x1ak!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'value must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xc1\x01\n" + - "\x03lte\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampB\x90\x01\xc2H\x8c\x01\n" + - "\x89\x01\n" + - "\rtimestamp.lte\x1ax!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'value must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12s\n" + - "\x06lt_now\x18\a \x01(\bBZ\xc2HW\n" + - "U\n" + - "\x10timestamp.lt_now\x1aA(rules.lt_now && this > now) ? 'value must be less than now' : ''H\x00R\x05ltNow\x12\xcb\a\n" + - "\x02gt\x18\x05 \x01(\v2\x1a.google.protobuf.TimestampB\x9c\a\xc2H\x98\a\n" + - "~\n" + - "\ftimestamp.gt\x1an!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'value must be greater than %s'.format([rules.gt]) : ''\n" + - "\xb7\x01\n" + - "\x0ftimestamp.gt_lt\x1a\xa3\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'value must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xbf\x01\n" + - "\x19timestamp.gt_lt_exclusive\x1a\xa1\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'value must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + - "\xc7\x01\n" + - "\x10timestamp.gt_lte\x1a\xb2\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'value must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + - "\xcf\x01\n" + - "\x1atimestamp.gt_lte_exclusive\x1a\xb0\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'value must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\x98\b\n" + - "\x03gte\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampB\xe7\a\xc2H\xe3\a\n" + - "\x8c\x01\n" + - "\rtimestamp.gte\x1a{!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'value must be greater than or equal to %s'.format([rules.gte]) : ''\n" + - "\xc6\x01\n" + - "\x10timestamp.gte_lt\x1a\xb1\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'value must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xce\x01\n" + - "\x1atimestamp.gte_lt_exclusive\x1a\xaf\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'value must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + - "\xd6\x01\n" + - "\x11timestamp.gte_lte\x1a\xc0\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'value must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + - "\xde\x01\n" + - "\x1btimestamp.gte_lte_exclusive\x1a\xbe\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'value must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12v\n" + - "\x06gt_now\x18\b \x01(\bB]\xc2HZ\n" + - "X\n" + - "\x10timestamp.gt_now\x1aD(rules.gt_now && this < now) ? 'value must be greater than now' : ''H\x01R\x05gtNow\x12\xc0\x01\n" + - "\x06within\x18\t \x01(\v2\x19.google.protobuf.DurationB\x8c\x01\xc2H\x88\x01\n" + - "\x85\x01\n" + - "\x10timestamp.within\x1aqthis < now-rules.within || this > now+rules.within ? 'value must be within %s of now'.format([rules.within]) : ''R\x06within\x12T\n" + + "\x12field_mask.example\x1a\x04trueR\aexample*\t\b\xe8\a\x10\x80\x80\x80\x80\x02\"\xe8\x17\n" + + "\x0eTimestampRules\x12\xa4\x01\n" + + "\x05const\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampBr\xc2Ho\n" + + "m\n" + + "\x0ftimestamp.const\x1aZthis != getField(rules, 'const') ? 'must equal %s'.format([getField(rules, 'const')]) : ''R\x05const\x12\xa8\x01\n" + + "\x02lt\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampBz\xc2Hw\n" + + "u\n" + + "\ftimestamp.lt\x1ae!has(rules.gte) && !has(rules.gt) && this >= rules.lt? 'must be less than %s'.format([rules.lt]) : ''H\x00R\x02lt\x12\xbb\x01\n" + + "\x03lte\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampB\x8a\x01\xc2H\x86\x01\n" + + "\x83\x01\n" + + "\rtimestamp.lte\x1ar!has(rules.gte) && !has(rules.gt) && this > rules.lte? 'must be less than or equal to %s'.format([rules.lte]) : ''H\x00R\x03lte\x12m\n" + + "\x06lt_now\x18\a \x01(\bBT\xc2HQ\n" + + "O\n" + + "\x10timestamp.lt_now\x1a;(rules.lt_now && this > now) ? 'must be less than now' : ''H\x00R\x05ltNow\x12\xad\a\n" + + "\x02gt\x18\x05 \x01(\v2\x1a.google.protobuf.TimestampB\xfe\x06\xc2H\xfa\x06\n" + + "x\n" + + "\ftimestamp.gt\x1ah!has(rules.lt) && !has(rules.lte) && this <= rules.gt? 'must be greater than %s'.format([rules.gt]) : ''\n" + + "\xb1\x01\n" + + "\x0ftimestamp.gt_lt\x1a\x9d\x01has(rules.lt) && rules.lt >= rules.gt && (this >= rules.lt || this <= rules.gt)? 'must be greater than %s and less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xb9\x01\n" + + "\x19timestamp.gt_lt_exclusive\x1a\x9b\x01has(rules.lt) && rules.lt < rules.gt && (rules.lt <= this && this <= rules.gt)? 'must be greater than %s or less than %s'.format([rules.gt, rules.lt]) : ''\n" + + "\xc1\x01\n" + + "\x10timestamp.gt_lte\x1a\xac\x01has(rules.lte) && rules.lte >= rules.gt && (this > rules.lte || this <= rules.gt)? 'must be greater than %s and less than or equal to %s'.format([rules.gt, rules.lte]) : ''\n" + + "\xc9\x01\n" + + "\x1atimestamp.gt_lte_exclusive\x1a\xaa\x01has(rules.lte) && rules.lte < rules.gt && (rules.lte < this && this <= rules.gt)? 'must be greater than %s or less than or equal to %s'.format([rules.gt, rules.lte]) : ''H\x01R\x02gt\x12\xfa\a\n" + + "\x03gte\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampB\xc9\a\xc2H\xc5\a\n" + + "\x86\x01\n" + + "\rtimestamp.gte\x1au!has(rules.lt) && !has(rules.lte) && this < rules.gte? 'must be greater than or equal to %s'.format([rules.gte]) : ''\n" + + "\xc0\x01\n" + + "\x10timestamp.gte_lt\x1a\xab\x01has(rules.lt) && rules.lt >= rules.gte && (this >= rules.lt || this < rules.gte)? 'must be greater than or equal to %s and less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xc8\x01\n" + + "\x1atimestamp.gte_lt_exclusive\x1a\xa9\x01has(rules.lt) && rules.lt < rules.gte && (rules.lt <= this && this < rules.gte)? 'must be greater than or equal to %s or less than %s'.format([rules.gte, rules.lt]) : ''\n" + + "\xd0\x01\n" + + "\x11timestamp.gte_lte\x1a\xba\x01has(rules.lte) && rules.lte >= rules.gte && (this > rules.lte || this < rules.gte)? 'must be greater than or equal to %s and less than or equal to %s'.format([rules.gte, rules.lte]) : ''\n" + + "\xd8\x01\n" + + "\x1btimestamp.gte_lte_exclusive\x1a\xb8\x01has(rules.lte) && rules.lte < rules.gte && (rules.lte < this && this < rules.gte)? 'must be greater than or equal to %s or less than or equal to %s'.format([rules.gte, rules.lte]) : ''H\x01R\x03gte\x12p\n" + + "\x06gt_now\x18\b \x01(\bBW\xc2HT\n" + + "R\n" + + "\x10timestamp.gt_now\x1a>(rules.gt_now && this < now) ? 'must be greater than now' : ''H\x01R\x05gtNow\x12\xb9\x01\n" + + "\x06within\x18\t \x01(\v2\x19.google.protobuf.DurationB\x85\x01\xc2H\x81\x01\n" + + "\x7f\n" + + "\x10timestamp.within\x1akthis < now-rules.within || this > now+rules.within ? 'must be within %s of now'.format([rules.within]) : ''R\x06within\x12T\n" + "\aexample\x18\n" + " \x03(\v2\x1a.google.protobuf.TimestampB\x1e\xc2H\x1b\n" + "\x19\n" + @@ -15947,6 +16139,8 @@ func file_buf_validate_validate_proto_init() { (*stringRules_Ipv6Prefix)(nil), (*stringRules_HostAndPort)(nil), (*stringRules_Ulid)(nil), + (*stringRules_ProtobufFqn)(nil), + (*stringRules_ProtobufDotFqn)(nil), (*stringRules_WellKnownRegex)(nil), } file_buf_validate_validate_proto_msgTypes[20].OneofWrappers = []any{ diff --git a/vendor/cloud.google.com/go/auth/CHANGES.md b/vendor/cloud.google.com/go/auth/CHANGES.md index 38014c4fb2..2c1f6ff8fa 100644 --- a/vendor/cloud.google.com/go/auth/CHANGES.md +++ b/vendor/cloud.google.com/go/auth/CHANGES.md @@ -1,5 +1,7 @@ # Changes +## [0.20.0](https://github.com/googleapis/google-cloud-go/releases/tag/auth%2Fv0.20.0) (2026-04-06) + ## [0.19.0](https://github.com/googleapis/google-cloud-go/releases/tag/auth%2Fv0.19.0) (2026-03-23) ### Features diff --git a/vendor/cloud.google.com/go/auth/httptransport/transport.go b/vendor/cloud.google.com/go/auth/httptransport/transport.go index 2ece1ea360..87b3fef218 100644 --- a/vendor/cloud.google.com/go/auth/httptransport/transport.go +++ b/vendor/cloud.google.com/go/auth/httptransport/transport.go @@ -15,14 +15,17 @@ package httptransport import ( + "bytes" "context" "crypto/tls" - "errors" "fmt" + "io" + "log/slog" "net" "net/http" "os" "strconv" + "sync" "time" "cloud.google.com/go/auth" @@ -37,10 +40,12 @@ import ( "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/trace" "golang.org/x/net/http2" + "google.golang.org/api/googleapi" ) const ( quotaProjectHeaderKey = "X-goog-user-project" + maxErrorReadBytes = int64(8192) // 8KB ) func newTransport(base http.RoundTripper, opts *Options) (http.RoundTripper, error) { @@ -180,33 +185,65 @@ func addOpenTelemetryTransport(trans http.RoundTripper, opts *Options) http.Roun if opts.DisableTelemetry { return trans } - if !gax.IsFeatureEnabled("TRACING") { - return otelhttp.NewTransport(trans) + + var traceAttrs []attribute.KeyValue + var scopedLogger *slog.Logger + + if gax.IsFeatureEnabled("LOGGING") && opts.Logger != nil { + scopedLogger = opts.Logger } - var staticAttrs []attribute.KeyValue + if opts.InternalOptions != nil { - staticAttrs = transport.StaticTelemetryAttributes(opts.InternalOptions.TelemetryAttributes) + attrs := transport.StaticTelemetryAttributes(opts.InternalOptions.TelemetryAttributes) + if gax.IsFeatureEnabled("TRACING") { + traceAttrs = attrs + } + if scopedLogger != nil { + var logAttrs []any + for _, attr := range attrs { + logAttrs = append(logAttrs, slog.String(string(attr.Key), attr.Value.AsString())) + } + scopedLogger = scopedLogger.With(logAttrs...) + } + } + + if gax.IsFeatureEnabled("METRICS") || gax.IsFeatureEnabled("TRACING") || gax.IsFeatureEnabled("LOGGING") { + trans = &otelAttributeTransport{ + base: trans, + logger: scopedLogger, + } + } + + if !gax.IsFeatureEnabled("TRACING") && !gax.IsFeatureEnabled("LOGGING") { + return otelhttp.NewTransport(trans) } - otelOpts := []otelhttp.Option{ - otelhttp.WithSpanOptions(trace.WithAttributes(staticAttrs...)), + + var otelOpts []otelhttp.Option + if len(traceAttrs) > 0 { + otelOpts = append(otelOpts, otelhttp.WithSpanOptions(trace.WithAttributes(traceAttrs...))) } - return otelhttp.NewTransport(&otelAttributeTransport{ - base: trans, - }, otelOpts...) + return otelhttp.NewTransport(trans, otelOpts...) } // otelAttributeTransport is a wrapper around an http.RoundTripper that adds // custom Google Cloud-specific attributes to OpenTelemetry spans. type otelAttributeTransport struct { - base http.RoundTripper + base http.RoundTripper + logger *slog.Logger } // RoundTrip intercepts the HTTP request and response to enrich the active // OpenTelemetry span with static and dynamic attributes, as well as detailed // error information. func (t *otelAttributeTransport) RoundTrip(req *http.Request) (*http.Response, error) { - span := trace.SpanFromContext(req.Context()) - if span.IsRecording() { + var span trace.Span + if gax.IsFeatureEnabled("TRACING") { + if s := trace.SpanFromContext(req.Context()); s != nil && s.IsRecording() { + span = s + } + } + + if span != nil { var attrs []attribute.KeyValue attrs = append(attrs, attribute.String("rpc.system.name", "http")) if resName, ok := callctx.TelemetryFromContext(req.Context(), "resource_name"); ok { @@ -224,37 +261,232 @@ func (t *otelAttributeTransport) RoundTrip(req *http.Request) (*http.Response, e span.SetAttributes(attrs...) } + var data *gax.TransportTelemetryData + if gax.IsFeatureEnabled("METRICS") { + data = gax.ExtractTransportTelemetry(req.Context()) + if data != nil && req.URL != nil { + host := req.URL.Hostname() + if host != "" { + data.SetServerAddress(host) + } + portStr := req.URL.Port() + if portStr == "" { + if req.URL.Scheme == "https" { + portStr = "443" + } else if req.URL.Scheme == "http" { + portStr = "80" + } + } + if port, pErr := strconv.Atoi(portStr); pErr == nil { + data.SetServerPort(port) + } + } + } + resp, err := t.base.RoundTrip(req) - if span.IsRecording() { - if err != nil { - var errorType string - switch { - case errors.Is(err, context.DeadlineExceeded): - errorType = "CLIENT_TIMEOUT" - case errors.Is(err, context.Canceled): - errorType = "CLIENT_CANCELLED" - default: - errorType = "CLIENT_CONNECTION_ERROR" + var logger *slog.Logger + if gax.IsFeatureEnabled("LOGGING") { + if l := t.logger; l != nil && l.Enabled(req.Context(), slog.LevelDebug) { + logger = l + } + } + + if span == nil && logger == nil { + return resp, err + } + + if err != nil { + t.logAndSpanError(req, resp, err, err, span, logger) + } else if resp.StatusCode >= 400 { + if resp.Body != nil && resp.Body != http.NoBody && (resp.ContentLength < 0 || resp.ContentLength <= maxErrorReadBytes) { + resp.Body = &errorTrackingBody{ + ReadCloser: resp.Body, + req: req, + resp: resp, + span: span, + logger: logger, + t: t, } + } else { + t.logAndSpanError(req, resp, &googleapi.Error{ + Code: resp.StatusCode, + Message: resp.Status, + }, nil, span, logger) + } + } else { + if span != nil { + span.SetAttributes(attribute.Int("http.response.status_code", resp.StatusCode)) + } + } + + return resp, err +} + +func (t *otelAttributeTransport) logAndSpanError(req *http.Request, resp *http.Response, errToParse error, netErr error, span trace.Span, logger *slog.Logger) { + var httpStatusCode int + if resp != nil { + httpStatusCode = resp.StatusCode + } + + info := gax.ExtractTelemetryErrorInfo(req.Context(), errToParse) + + if netErr == nil && resp != nil && resp.StatusCode >= 400 { + if info.ErrorType == "*googleapi.Error" { + info.ErrorType = strconv.Itoa(resp.StatusCode) + } + } + + if logger != nil { + logAttrs := []slog.Attr{ + slog.String("rpc.system.name", "http"), + } + if httpStatusCode > 0 { + logAttrs = append(logAttrs, slog.Int64("http.response.status_code", int64(httpStatusCode))) + } + + ctx := req.Context() + if resendCountStr, ok := callctx.TelemetryFromContext(ctx, "resend_count"); ok { + if count, e := strconv.Atoi(resendCountStr); e == nil { + logAttrs = append(logAttrs, slog.Int64("http.request.resend_count", int64(count))) + } + } + if urlTemplate, ok := callctx.TelemetryFromContext(ctx, "url_template"); ok { + logAttrs = append(logAttrs, slog.String("url.template", urlTemplate)) + } + logAttrs = append(logAttrs, slog.String("http.request.method", req.Method)) + + msg := info.StatusMessage + if msg == "" { + msg = "API call failed" + } + + if rpcMethod, ok := callctx.TelemetryFromContext(ctx, "rpc_method"); ok { + logAttrs = append(logAttrs, slog.String("rpc.method", rpcMethod)) + } + + if resName, ok := callctx.TelemetryFromContext(ctx, "resource_name"); ok { + logAttrs = append(logAttrs, slog.String("gcp.resource.destination.id", resName)) + } + + if info.Domain != "" { + logAttrs = append(logAttrs, slog.String("gcp.errors.domain", info.Domain)) + } + for k, v := range info.Metadata { + logAttrs = append(logAttrs, slog.String("gcp.errors.metadata."+k, v)) + } + + logAttrs = append(logAttrs, slog.String("error.type", info.ErrorType)) + if info.StatusCode != "" { + logAttrs = append(logAttrs, slog.String("rpc.response.status_code", info.StatusCode)) + } + + logger.LogAttrs(ctx, slog.LevelDebug, msg, logAttrs...) + } + + if span != nil { + if netErr != nil { span.SetAttributes( - attribute.String("error.type", errorType), - attribute.String("status.message", err.Error()), - attribute.String("exception.type", fmt.Sprintf("%T", err)), + attribute.String("error.type", info.ErrorType), + attribute.String("status.message", info.StatusMessage), + attribute.String("exception.type", fmt.Sprintf("%T", netErr)), ) } else { - span.SetAttributes(attribute.Int("http.response.status_code", resp.StatusCode)) - if resp.StatusCode >= 400 { - errorType := strconv.Itoa(resp.StatusCode) - span.SetAttributes( - attribute.String("error.type", errorType), - attribute.String("status.message", resp.Status), - ) + span.SetAttributes( + attribute.Int("http.response.status_code", httpStatusCode), + attribute.String("error.type", info.ErrorType), + attribute.String("status.message", info.StatusMessage), + ) + } + } +} + +type errorTrackingBody struct { + io.ReadCloser + req *http.Request + resp *http.Response + span trace.Span + logger *slog.Logger + t *otelAttributeTransport + + mu sync.Mutex + buf bytes.Buffer + recorded bool +} + +func (b *errorTrackingBody) Read(p []byte) (n int, err error) { + n, err = b.ReadCloser.Read(p) + + b.mu.Lock() + shouldRecord := false + if !b.recorded { + if n > 0 { + remaining := maxErrorReadBytes - int64(b.buf.Len()) + if remaining > 0 { + if int64(n) > remaining { + b.buf.Write(p[:remaining]) + } else { + b.buf.Write(p[:n]) + } } } + + if err == io.EOF || int64(b.buf.Len()) >= maxErrorReadBytes { + shouldRecord = true + b.recorded = true + } } + b.mu.Unlock() - return resp, err + if shouldRecord { + b.recordError() + } + + return n, err +} + +func (b *errorTrackingBody) Close() error { + b.mu.Lock() + shouldRecord := !b.recorded + b.recorded = true + b.mu.Unlock() + + // We can close the network stream immediately. + err := b.ReadCloser.Close() + + // Do heavy in-memory telemetry parsing without holding the lock + if shouldRecord { + b.recordError() // If this panics here, the socket is already released + } + + return err +} + +func (b *errorTrackingBody) recordError() { + errToParse := &googleapi.Error{ + Code: b.resp.StatusCode, + Message: b.resp.Status, + } + + if b.buf.Len() > 0 { + clone := *b.resp + clone.Body = io.NopCloser(bytes.NewReader(b.buf.Bytes())) + if errResp := googleapi.CheckResponse(&clone); errResp != nil { + if gErr, ok := errResp.(*googleapi.Error); ok { + if gErr.Message == "" { + gErr.Message = b.resp.Status + } + errToParse = gErr + } else { + errToParse = &googleapi.Error{ + Code: b.resp.StatusCode, + Message: errResp.Error(), + } + } + } + } + + b.t.logAndSpanError(b.req, b.resp, errToParse, nil, b.span, b.logger) } type authTransport struct { diff --git a/vendor/cloud.google.com/go/auth/internal/version.go b/vendor/cloud.google.com/go/auth/internal/version.go index fb1c45739c..d627069b57 100644 --- a/vendor/cloud.google.com/go/auth/internal/version.go +++ b/vendor/cloud.google.com/go/auth/internal/version.go @@ -4,7 +4,7 @@ // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// https://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, @@ -17,4 +17,4 @@ package internal // Version is the current tagged release of the library. -const Version = "0.19.0" +const Version = "0.20.0" diff --git a/vendor/connectrpc.com/connect/.gitignore b/vendor/connectrpc.com/connect/.gitignore index 355314397c..9f72feebd7 100644 --- a/vendor/connectrpc.com/connect/.gitignore +++ b/vendor/connectrpc.com/connect/.gitignore @@ -1,5 +1,6 @@ /.tmp/ *.pprof *.svg +.idea cover.out connect.test diff --git a/vendor/connectrpc.com/connect/.golangci.yml b/vendor/connectrpc.com/connect/.golangci.yml index 15eed4409f..2a49ad697e 100644 --- a/vendor/connectrpc.com/connect/.golangci.yml +++ b/vendor/connectrpc.com/connect/.golangci.yml @@ -1,130 +1,173 @@ -linters-settings: - errcheck: - check-type-assertions: true - exhaustruct: - include: - # No zero values for param structs. - - 'connectrpc\.com/connect\..*[pP]arams' - forbidigo: - forbid: - - '^fmt\.Print' - - '^log\.' - - '^print$' - - '^println$' - - '^panic$' - godox: - # TODO, OPT, etc. comments are fine to commit. Use FIXME comments for - # temporary hacks, and use godox to prevent committing them. - keywords: [FIXME] - importas: - no-unaliased: true - alias: - - pkg: connectrpc.com/connect/internal/gen/connect/ping/v1 - alias: pingv1 - varnamelen: - ignore-decls: - - T any - - i int - - wg sync.WaitGroup +version: "2" linters: - enable-all: true + default: all disable: - - cyclop # covered by gocyclo - - depguard # unnecessary for small libraries - - funlen # rely on code review to limit function length - - gocognit # dubious "cognitive overhead" quantification - - gofumpt # prefer standard gofmt - - goimports # rely on gci instead - - inamedparam # convention is not followed - - ireturn # "accept interfaces, return structs" isn't ironclad - - lll # don't want hard limits for line length - - maintidx # covered by gocyclo - - mnd # status codes are clearer than constants - - nlreturn # generous whitespace violates house style - - nonamedreturns # named returns are fine; it's *bare* returns that are bad - - protogetter # too many false positives - - tenv # replaced by usetesting - - testpackage # internal tests are fine - - wrapcheck # don't _always_ need to wrap errors - - wsl # generous whitespace violates house style -issues: - exclude-dirs-use-default: false - - exclude: - # Don't ban use of fmt.Errorf to create new errors, but the remaining - # checks from err113 are useful. - - "do not define dynamic errors, use wrapped static errors instead: .*" - - exclude-rules: - # If future reflect.Kinds are nil-able, we'll find out when a test fails. - - linters: [exhaustive] - path: internal/assert/assert.go - # We need our duplex HTTP call to have access to the context. - - linters: [containedctx] - path: duplex_http_call.go - # We need to init a global in-mem HTTP server for testable examples. - - linters: [gochecknoinits, gochecknoglobals] - path: example_init_test.go - # We purposefully do an ineffectual assignment for an example. - - linters: [ineffassign] - path: client_example_test.go - # The generated file is effectively a global receiver. - - linters: [varnamelen] - path: cmd/protoc-gen-connect-go - text: "parameter name 'g' is too short" - # Thorough error logging and timeout config make this example unreadably long. - - linters: [errcheck, gosec] - path: error_writer_example_test.go - # It should be crystal clear that Connect uses plain *http.Clients. - - linters: [revive, stylecheck] - path: client_example_test.go - # Don't complain about timeout management or lack of output assertions in examples. - - linters: [gosec, testableexamples] - path: handler_example_test.go - # No output assertions needed for these examples. - - linters: [testableexamples] - path: error_writer_example_test.go - - linters: [testableexamples] - path: error_not_modified_example_test.go - - linters: [testableexamples] - path: error_example_test.go - # In examples, it's okay to use http.ListenAndServe. - - linters: [gosec] - path: error_not_modified_example_test.go - # There are many instances where we want to keep unused parameters - # as a matter of style or convention, for example when a context.Context - # is the first parameter, we choose to just globally ignore this. - - linters: [revive] - text: "^unused-parameter: " - # We want to return explicit nils in protocol_grpc.go - - linters: [revive] - text: "^if-return: " - path: protocol_grpc.go - # We want to return explicit nils in protocol_connect.go - - linters: [revive] - text: "^if-return: " - path: protocol_connect.go - # We want to return explicit nils in error_writer.go - - linters: [revive] - text: "^if-return: " - path: error_writer.go - # We want to set http.Server's logger - - linters: [forbidigo] - path: internal/memhttp - text: "use of `log.(New|Logger|Lshortfile)` forbidden by pattern .*" - # We want to show examples with http.Get - - linters: [noctx] - path: internal/memhttp/memhttp_test.go - # Allow fmt.Sprintf for cmd/protoc-gen-connect-go for consistency - - linters: [perfsprint] - path: cmd/protoc-gen-connect-go/main.go - # Allow non-canonical headers in tests - - linters: [canonicalheader] - path: '.*_test.go' - # Allow Code pointer receiver for UnmarshalText method - - linters: [recvcheck] - path: code.go - # Avoid false positives for int overflow in tests - - linters: [gosec] - text: "^G115: integer overflow conversion" - path: ".*_test.go" + - cyclop # covered by gocyclo + - depguard # unnecessary for small libraries + - funcorder # consider enabling in the future + - funlen # rely on code review to limit function length + - gocognit # dubious "cognitive overhead" quantification + - inamedparam # convention is not followed + - ireturn # "accept interfaces, return structs" isn't ironclad + - lll # don't want hard limits for line length + - maintidx # covered by gocyclo + - mnd # status codes are clearer than constants + - nlreturn # generous whitespace violates house style + - noinlineerr # inline is fine + - nonamedreturns # named returns are fine; it's *bare* returns that are bad + - protogetter # too many false positives + - testpackage # internal tests are fine + - wrapcheck # don't _always_ need to wrap errors + - wsl # generous whitespace violates house style + - wsl_v5 # generous whitespace violates house style + settings: + errcheck: + check-type-assertions: true + exhaustruct: + include: + - connectrpc\.com/connect\..*[pP]arams + forbidigo: + forbid: + - pattern: ^fmt\.Print + - pattern: ^log\. + - pattern: ^print$ + - pattern: ^println$ + - pattern: ^panic$ + godox: + keywords: + - FIXME + importas: + alias: + - pkg: connectrpc.com/connect/internal/gen/connect/ping/v1 + alias: pingv1 + no-unaliased: true + varnamelen: + ignore-decls: + - T any + - i int + - wg sync.WaitGroup + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + rules: + # Loosen requirements on tests + - linters: + - funlen + - gosec + - gosmopolitan + - unparam + - varnamelen + - prealloc + path: _test.go + # If future reflect.Kinds are nil-able, we'll find out when a test fails. + - linters: + - exhaustive + path: internal/assert/assert.go + # We need our duplex HTTP call to have access to the context. + - linters: + - containedctx + path: duplex_http_call.go + # We need to init a global in-mem HTTP server for testable examples. + - linters: + - gochecknoglobals + - gochecknoinits + path: example_init_test.go + # We purposefully do an ineffectual assignment for an example. + - linters: + - ineffassign + path: client_example_test.go + # The generated file is effectively a global receiver. + - linters: + - varnamelen + path: cmd/protoc-gen-connect-go + text: parameter name 'g' is too short + # Thorough error logging and timeout config make this example unreadably long. + - linters: + - errcheck + - gosec + path: error_writer_example_test.go + # It should be crystal clear that Connect uses plain *http.Clients. + - linters: + - revive + - staticcheck + path: client_example_test.go + # Don't complain about timeout management or lack of output assertions in examples. + - linters: + - gosec + - testableexamples + path: handler_example_test.go + # No output assertions needed for these examples. + - linters: + - testableexamples + path: error_writer_example_test.go + - linters: + - testableexamples + path: error_not_modified_example_test.go + - linters: + - testableexamples + path: error_example_test.go + # In examples, it's okay to use http.ListenAndServe. + - linters: + - gosec + path: error_not_modified_example_test.go + # There are many instances where we want to keep unused parameters + # as a matter of style or convention, for example when a context.Context + # is the first parameter, we choose to just globally ignore this. + - linters: + - revive + text: '^unused-parameter: ' + # We want to return explicit nils in protocol_grpc.go + - linters: + - revive + path: protocol_grpc.go + text: '^if-return: ' + # We want to return explicit nils in protocol_connect.go + - linters: + - revive + path: protocol_connect.go + text: '^if-return: ' + # We want to return explicit nils in error_writer.go + - linters: + - revive + path: error_writer.go + text: '^if-return: ' + # We want to set http.Server's logger + - linters: + - forbidigo + path: internal/memhttp + text: use of `log.(New|Logger|Lshortfile)` forbidden by pattern .* + # We want to show examples with http.Get + - linters: + - noctx + path: internal/memhttp/memhttp_test.go + # Allow fmt.Sprintf for cmd/protoc-gen-connect-go for consistency + - linters: + - perfsprint + path: cmd/protoc-gen-connect-go/main.go + # Allow non-canonical headers in tests + - linters: + - canonicalheader + path: .*_test.go + # Allow Code pointer receiver for UnmarshalText method + - linters: + - recvcheck + path: code.go + # Avoid false positives for int overflow in tests + - linters: + - gosec + path: .*_test.go + text: '^G115: integer overflow conversion' + # Don't ban use of fmt.Errorf to create new errors, but the remaining + # checks from err113 are useful. + - path: (.+)\.go$ + text: 'do not define dynamic errors, use wrapped static errors instead: .*' +formatters: + enable: + - gci + - gofmt + exclusions: + generated: lax diff --git a/vendor/connectrpc.com/connect/MAINTAINERS.md b/vendor/connectrpc.com/connect/MAINTAINERS.md index 0b7495c704..237be09894 100644 --- a/vendor/connectrpc.com/connect/MAINTAINERS.md +++ b/vendor/connectrpc.com/connect/MAINTAINERS.md @@ -6,6 +6,7 @@ Maintainers * [Josh Humphries](https://github.com/jhump), [Buf](https://buf.build) * [Matt Robenolt](https://github.com/mattrobenolt), [PlanetScale](https://planetscale.com) * [Edward McFarlane](https://github.com/emcfarlane), [Buf](https://buf.build) +* [Timo Stamm](https://github.com/timostamm), [Buf](https://buf.build) ## Former * [Akshay Shah](https://github.com/akshayjshah) diff --git a/vendor/connectrpc.com/connect/Makefile b/vendor/connectrpc.com/connect/Makefile index 8cba3fedfe..d68ff29f81 100644 --- a/vendor/connectrpc.com/connect/Makefile +++ b/vendor/connectrpc.com/connect/Makefile @@ -12,6 +12,7 @@ export GOBIN := $(abspath $(BIN)) COPYRIGHT_YEARS := 2021-2025 LICENSE_IGNORE := --ignore /testdata/ BUF_VERSION := 1.50.1 +GOLANGCI_LINT_VERSION ?= v2.11.4 .PHONY: help help: ## Describe useful make targets @@ -112,7 +113,7 @@ $(BIN)/license-header: Makefile $(BIN)/golangci-lint: Makefile @mkdir -p $(@D) - go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.7 + go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION) $(BIN)/protoc-gen-go: Makefile go.mod @mkdir -p $(@D) diff --git a/vendor/connectrpc.com/connect/RELEASE.md b/vendor/connectrpc.com/connect/RELEASE.md index 22364cd144..de7e70a5b4 100644 --- a/vendor/connectrpc.com/connect/RELEASE.md +++ b/vendor/connectrpc.com/connect/RELEASE.md @@ -19,7 +19,7 @@ This document outlines how to create a release of connect-go. *Make sure no new commits are merged until the release is complete.* -5. Review all commits in the new release and for each PR check an appropriate label is used and edit the title to be meaninful to end users. This will help auto-generated release notes match the final notes as closely as possible. +5. Review all commits in the new release and for each PR check an appropriate label is used and edit the title to be meaningful to end users. This will help auto-generated release notes match the final notes as closely as possible. 6. Using the Github UI, create a new release. - Under “Choose a tag”, type in “vX.Y.Z” to create a new tag for the release upon publish. diff --git a/vendor/connectrpc.com/connect/client_stream.go b/vendor/connectrpc.com/connect/client_stream.go index 5a24f4a3d0..521e408165 100644 --- a/vendor/connectrpc.com/connect/client_stream.go +++ b/vendor/connectrpc.com/connect/client_stream.go @@ -32,6 +32,8 @@ var ( // exported constructor function. // // When using this stream, request headers should be set via the [ClientStreamForClient.RequestHeader] method. +// +// Send is not safe to call concurrently. type ClientStreamForClient[Req, Res any] struct { conn StreamingClientConn initializer maybeInitializer @@ -110,6 +112,8 @@ func (c *ClientStreamForClient[Req, Res]) Conn() (StreamingClientConn, error) { // In addition, the response returned by [ClientStreamForClientSimple.CloseAndReceive] is the response type defined for // the stream and _not_ a Connect [Response] wrapper type. As a result, response headers/trailers should be read from // the [CallInfo] object in context. +// +// Send is not safe to call concurrently. type ClientStreamForClientSimple[Req, Res any] struct { stream *ClientStreamForClient[Req, Res] } @@ -160,6 +164,8 @@ func (c *ClientStreamForClientSimple[Req, Res]) CloseAndReceive() (*Res, error) // // It's returned from [Client].CallServerStream, but doesn't currently have an // exported constructor function. +// +// Receive is not safe to call concurrently. type ServerStreamForClient[Res any] struct { conn StreamingClientConn initializer maybeInitializer @@ -247,6 +253,9 @@ func (s *ServerStreamForClient[Res]) Conn() (StreamingClientConn, error) { // // It's returned from [Client].CallBidiStream, but doesn't currently have an // exported constructor function. +// +// Send and Receive may be called from separate goroutines concurrently, but +// neither may be called concurrently with itself. type BidiStreamForClient[Req, Res any] struct { conn StreamingClientConn initializer maybeInitializer @@ -358,6 +367,9 @@ func (b *BidiStreamForClient[Req, Res]) Conn() (StreamingClientConn, error) { // // It's returned from [Client].CallBidiStream, but doesn't currently have an // exported constructor function. +// +// Send and Receive may be called from separate goroutines concurrently, but +// neither may be called concurrently with itself. type BidiStreamForClientSimple[Req, Res any] struct { stream *BidiStreamForClient[Req, Res] } diff --git a/vendor/connectrpc.com/connect/connect.go b/vendor/connectrpc.com/connect/connect.go index 04bbca85cb..a23aa0c5e8 100644 --- a/vendor/connectrpc.com/connect/connect.go +++ b/vendor/connectrpc.com/connect/connect.go @@ -33,7 +33,7 @@ import ( ) // Version is the semantic version of the connect module. -const Version = "1.19.1" +const Version = "1.19.2" // These constants are used in compile-time handshakes with connect's generated // code. @@ -87,14 +87,24 @@ func (s StreamType) String() string { // all returned errors can be cast to [*Error] using the standard library's // [errors.As]. // -// StreamingHandlerConn implementations do not need to be safe for concurrent use. +// StreamingHandlerConn implementations provided by this module support limited +// concurrent use: the read side (Receive, RequestHeader) may be called +// concurrently with the write side (Send, ResponseHeader, ResponseTrailer), but +// the read side must not be called concurrently with itself, and the write side +// must not be called concurrently with itself. type StreamingHandlerConn interface { Spec() Spec Peer() Peer + // Receive and RequestHeader form the read side of the stream. They are not + // safe to call concurrently with each other, but may be called concurrently + // with Send, ResponseHeader, and ResponseTrailer. Receive(any) error RequestHeader() http.Header + // Send, ResponseHeader, and ResponseTrailer form the write side of the + // stream. They are not safe to call concurrently with each other, but may + // be called concurrently with Receive and RequestHeader. Send(any) error ResponseHeader() http.Header ResponseTrailer() http.Header @@ -120,22 +130,29 @@ type StreamingHandlerConn interface { // all returned errors can be cast to [*Error] using the standard library's // [errors.As]. // -// In order to support bidirectional streaming RPCs, all StreamingClientConn -// implementations must support limited concurrent use. See the comments on -// each group of methods for details. +// StreamingClientConn implementations provided by this module support limited +// concurrent use: the read side (Receive, ResponseHeader, ResponseTrailer, +// CloseResponse) may be called concurrently with the write side (Send, +// RequestHeader, CloseRequest), but the read side must not be called +// concurrently with itself, and the write side must not be called concurrently +// with itself. type StreamingClientConn interface { - // Spec and Peer must be safe to call concurrently with all other methods. + // Spec and Peer are safe to call concurrently with all other methods. Spec() Spec Peer() Peer - // Send, RequestHeader, and CloseRequest may race with each other, but must - // be safe to call concurrently with all other methods. + // Send, RequestHeader, and CloseRequest form the write side of the stream. + // They are not safe to call concurrently with each other, but may be called + // concurrently with Receive, ResponseHeader, ResponseTrailer, and + // CloseResponse. Send(any) error RequestHeader() http.Header CloseRequest() error - // Receive, ResponseHeader, ResponseTrailer, and CloseResponse may race with - // each other, but must be safe to call concurrently with all other methods. + // Receive, ResponseHeader, ResponseTrailer, and CloseResponse form the read + // side of the stream. They are not safe to call concurrently with each + // other, but may be called concurrently with Send, RequestHeader, and + // CloseRequest. Receive(any) error ResponseHeader() http.Header ResponseTrailer() http.Header diff --git a/vendor/connectrpc.com/connect/context.go b/vendor/connectrpc.com/connect/context.go index 9f2d018086..3722076418 100644 --- a/vendor/connectrpc.com/connect/context.go +++ b/vendor/connectrpc.com/connect/context.go @@ -63,10 +63,10 @@ type CallInfo interface { internalOnly() } -// Create a new client (i.e. outgoing) context for use from a client. When the -// returned context is passed to RPCs, the returned call info can be used to set -// request metadata before the RPC is invoked and to inspect response -// metadata after the RPC completes. +// NewClientContext creates a new client (i.e. outgoing) context for use from a +// client. When the returned context is passed to RPCs, the returned call info +// can be used to set request metadata before the RPC is invoked and to inspect +// response metadata after the RPC completes. // // The returned context may be re-used across RPCs as long as they are // not concurrent. Results of all CallInfo methods other than @@ -164,6 +164,7 @@ func (c *streamingHandlerCallInfo) internalOnly() {} // clientCallInfo is a CallInfo implementation used for clients. type clientCallInfo struct { responseSource + spec Spec peer Peer method string diff --git a/vendor/connectrpc.com/connect/duplex_http_call.go b/vendor/connectrpc.com/connect/duplex_http_call.go index 80f6b671ce..4a708d3ede 100644 --- a/vendor/connectrpc.com/connect/duplex_http_call.go +++ b/vendor/connectrpc.com/connect/duplex_http_call.go @@ -36,8 +36,9 @@ type duplexHTTPCall struct { onRequestSend func(*http.Request) validateResponse func(*http.Response) *Error - // io.Pipe is used to implement the request body for client streaming calls. - // If the request is unary, requestBodyWriter is nil. + // requestBodyWriter streams the request body for client-streaming and bidi + // RPCs. Assigned once in newDuplexHTTPCall and never reassigned, so it is + // safe to read without synchronisation. Nil for unary and server-streaming. requestBodyWriter *io.PipeWriter // requestSent ensures we only send the request once. @@ -81,13 +82,24 @@ func newDuplexHTTPCall( GetBody: getNoBody, Host: url.Host, }).WithContext(ctx) - return &duplexHTTPCall{ + duplex := &duplexHTTPCall{ ctx: ctx, httpClient: httpClient, streamType: spec.StreamType, request: request, responseReady: make(chan struct{}), } + // Client-streaming and bidi RPCs stream the request body through an + // io.Pipe. Set it up here so requestBodyWriter is assigned once at + // construction and safe to read concurrently from Send and CloseWrite. + if spec.StreamType&StreamTypeClient != 0 { + pipeReader, pipeWriter := io.Pipe() + duplex.requestBodyWriter = pipeWriter + duplex.request.Body = pipeReader + duplex.request.GetBody = nil // GetBody is not supported for client streaming. + duplex.request.ContentLength = -1 + } + return duplex } // Send sends a message to the server. @@ -97,13 +109,9 @@ func (d *duplexHTTPCall) Send(payload messagePayload) (int64, error) { } isFirst := d.requestSent.CompareAndSwap(false, true) if isFirst { - // This is the first time we're sending a message to the server. - // We need to send the request headers and start the request. - pipeReader, pipeWriter := io.Pipe() - d.requestBodyWriter = pipeWriter - d.request.Body = pipeReader - d.request.GetBody = nil // GetBody not supported for client streaming - d.request.ContentLength = -1 + // This is the first time we're sending a message to the server. The + // request body pipe has already been set up by newDuplexHTTPCall, so + // we just kick off the HTTP request here. go d.makeRequest() // concurrent request } if err := d.ctx.Err(); err != nil { @@ -168,9 +176,6 @@ func (d *duplexHTTPCall) CloseWrite() error { // response to read from. if d.requestSent.CompareAndSwap(false, true) { go d.makeRequest() - // We never setup a request body, so it's effectively already closed. - // So nothing else to do. - return nil } // The user calls CloseWrite to indicate that they're done sending data. It's // safe to close the write side of the pipe while net/http is reading from @@ -183,6 +188,11 @@ func (d *duplexHTTPCall) CloseWrite() error { // forever. To make sure users don't have to worry about this, the generated // code for unary, client streaming, and server streaming RPCs must call // CloseWrite automatically rather than requiring the user to do it. + // + // For client-streaming and bidi RPCs requestBodyWriter is always non-nil + // (it is set in newDuplexHTTPCall); for unary and server-streaming RPCs + // it remains nil and we fall back to closing whatever request body was + // attached (typically http.NoBody or a payloadCloser set by sendUnary). if d.requestBodyWriter != nil { return d.requestBodyWriter.Close() } @@ -229,7 +239,7 @@ func (d *duplexHTTPCall) Read(data []byte) (int, error) { n, err := d.response.Body.Read(data) if err != nil && !errors.Is(err, io.EOF) { err = wrapIfContextDone(d.ctx, err) - err = wrapIfRSTError(err) + err = wrapIfRSTError(d.ctx, err) } return n, err } @@ -241,7 +251,7 @@ func (d *duplexHTTPCall) CloseRead() error { } err := d.response.Body.Close() err = wrapIfContextDone(d.ctx, err) - return wrapIfRSTError(err) + return wrapIfRSTError(d.ctx, err) } // ResponseStatusCode is the response's HTTP status code. @@ -310,7 +320,7 @@ func (d *duplexHTTPCall) makeRequest() { err = wrapIfContextError(err) err = wrapIfLikelyH2CNotConfiguredError(d.request, err) err = wrapIfLikelyWithGRPCNotUsedError(err) - err = wrapIfRSTError(err) + err = wrapIfRSTError(d.ctx, err) if _, ok := asError(err); !ok { err = NewError(CodeUnavailable, err) } diff --git a/vendor/connectrpc.com/connect/error.go b/vendor/connectrpc.com/connect/error.go index 65558065a4..466c8f6758 100644 --- a/vendor/connectrpc.com/connect/error.go +++ b/vendor/connectrpc.com/connect/error.go @@ -22,6 +22,7 @@ import ( "net/url" "os" "strings" + "time" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" @@ -389,7 +390,7 @@ func wrapIfLikelyWithGRPCNotUsedError(err error) error { // the StreamError type is exported. When x/net/http2 gets vendored into // net/http, though, all these types become unexported...so we're left with // string munging. -func wrapIfRSTError(err error) error { +func wrapIfRSTError(ctx context.Context, err error) error { const ( streamErrPrefix = "stream error: " fromPeerSuffix = "; received from peer" @@ -426,6 +427,18 @@ func wrapIfRSTError(err error) error { case "REFUSED_STREAM": return NewError(CodeUnavailable, err) case "CANCEL": + if deadline, ok := ctx.Deadline(); ok && time.Now().After(deadline) { + // Some server implementations will cancel the HTTP/2 stream with + // a RST_STREAM frame when they observe that the client's deadline + // has elapsed. + // We don't inspect ctx.Err() because we could be racing with the + // timer goroutine that is setting it. But there is no race when + // directly inspecting the context's deadline. In fact, if we get + // here, we have likely already examined ctx.Err() in a prior call + // to wrapIfContextError but observed a nil error and then fell + // through to here. + return NewError(CodeDeadlineExceeded, err) + } return NewError(CodeCanceled, err) case "ENHANCE_YOUR_CALM": return NewError(CodeResourceExhausted, fmt.Errorf("bandwidth exhausted: %w", err)) diff --git a/vendor/connectrpc.com/connect/handler.go b/vendor/connectrpc.com/connect/handler.go index e33934ea2e..de14ef6c6c 100644 --- a/vendor/connectrpc.com/connect/handler.go +++ b/vendor/connectrpc.com/connect/handler.go @@ -54,6 +54,10 @@ func NewUnaryHandler[Req, Res any]( // if we panic here instead, so we can include the procedure name. panic(procedure + " returned nil *connect.Response and nil error") //nolint: forbidigo } + if res == nil { + // Avoid returning a typed nil (*Response[Res]) as an AnyResponse interface value. + return nil, err + } return res, err }) config := newHandlerConfig(procedure, StreamTypeUnary, options) diff --git a/vendor/connectrpc.com/connect/handler_stream.go b/vendor/connectrpc.com/connect/handler_stream.go index 21092717b0..5fbb84c7e3 100644 --- a/vendor/connectrpc.com/connect/handler_stream.go +++ b/vendor/connectrpc.com/connect/handler_stream.go @@ -24,6 +24,8 @@ import ( // // It's constructed as part of [Handler] invocation, but doesn't currently have // an exported constructor. +// +// Receive is not safe to call concurrently. type ClientStream[Req any] struct { conn StreamingHandlerConn initializer maybeInitializer @@ -90,6 +92,8 @@ func (c *ClientStream[Req]) Conn() StreamingHandlerConn { // // It's constructed as part of [Handler] invocation, but doesn't currently have // an exported constructor. +// +// Send is not safe to call concurrently. type ServerStream[Res any] struct { conn StreamingHandlerConn } @@ -131,6 +135,9 @@ func (s *ServerStream[Res]) Conn() StreamingHandlerConn { // // It's constructed as part of [Handler] invocation, but doesn't currently have // an exported constructor. +// +// Send and Receive may be called from separate goroutines concurrently, but +// neither may be called concurrently with itself. type BidiStream[Req, Res any] struct { conn StreamingHandlerConn initializer maybeInitializer diff --git a/vendor/connectrpc.com/connect/interceptor.go b/vendor/connectrpc.com/connect/interceptor.go index d3bc137488..a9f6f91122 100644 --- a/vendor/connectrpc.com/connect/interceptor.go +++ b/vendor/connectrpc.com/connect/interceptor.go @@ -31,6 +31,8 @@ var ( // The type of the request and response structs depend on the codec being used. // When using Protobuf, request.Any() and response.Any() will always be // [proto.Message] implementations. +// +// On return, response is non-nil if and only if err is nil. type UnaryFunc func(context.Context, AnyRequest) (AnyResponse, error) // StreamingClientFunc is the generic signature of a streaming RPC from the client's diff --git a/vendor/connectrpc.com/connect/protocol_connect.go b/vendor/connectrpc.com/connect/protocol_connect.go index 371f382e34..40607946a5 100644 --- a/vendor/connectrpc.com/connect/protocol_connect.go +++ b/vendor/connectrpc.com/connect/protocol_connect.go @@ -860,7 +860,7 @@ func (m *connectStreamingMarshaler) MarshalEndStream(err error, trailer http.Hea return errorf(CodeInternal, "marshal end stream: %w", marshalErr) } raw := bytes.NewBuffer(data) - defer m.envelopeWriter.bufferPool.Put(raw) + defer m.bufferPool.Put(raw) return m.Write(&envelope{ Data: raw, Flags: connectFlagEnvelopeEndStream, diff --git a/vendor/connectrpc.com/connect/protocol_grpc.go b/vendor/connectrpc.com/connect/protocol_grpc.go index 4c0e8125e7..6ab78e7240 100644 --- a/vendor/connectrpc.com/connect/protocol_grpc.go +++ b/vendor/connectrpc.com/connect/protocol_grpc.go @@ -577,8 +577,8 @@ type grpcMarshaler struct { } func (m *grpcMarshaler) MarshalWebTrailers(trailer http.Header) *Error { - raw := m.envelopeWriter.bufferPool.Get() - defer m.envelopeWriter.bufferPool.Put(raw) + raw := m.bufferPool.Get() + defer m.bufferPool.Put(raw) for key, values := range trailer { // Per the Go specification, keys inserted during iteration may be produced // later in the iteration or may be skipped. For safety, avoid mutating the diff --git a/vendor/connectrpc.com/connect/recover.go b/vendor/connectrpc.com/connect/recover.go index 2fee6ab274..8c6f2891ce 100644 --- a/vendor/connectrpc.com/connect/recover.go +++ b/vendor/connectrpc.com/connect/recover.go @@ -36,7 +36,7 @@ func (i *recoverHandlerInterceptor) WrapUnary(next UnaryFunc) UnaryFunc { defer func() { if r := recover(); r != nil { // net/http checks for ErrAbortHandler with ==, so we should too. - if r == http.ErrAbortHandler { //nolint:errorlint,goerr113 + if r == http.ErrAbortHandler { //nolint:errorlint,err113 panic(r) //nolint:forbidigo } retErr = i.handle(ctx, req.Spec(), req.Header(), r) @@ -52,7 +52,7 @@ func (i *recoverHandlerInterceptor) WrapStreamingHandler(next StreamingHandlerFu defer func() { if r := recover(); r != nil { // net/http checks for ErrAbortHandler with ==, so we should too. - if r == http.ErrAbortHandler { //nolint:errorlint,goerr113 + if r == http.ErrAbortHandler { //nolint:errorlint,err113 panic(r) //nolint:forbidigo } retErr = i.handle(ctx, conn.Spec(), conn.RequestHeader(), r) diff --git a/vendor/cuelabs.dev/go/oci/ociregistry/ociauth/authfile.go b/vendor/cuelabs.dev/go/oci/ociregistry/ociauth/authfile.go index 0d4e89895f..c0e510f93e 100644 --- a/vendor/cuelabs.dev/go/oci/ociregistry/ociauth/authfile.go +++ b/vendor/cuelabs.dev/go/oci/ociregistry/ociauth/authfile.go @@ -56,7 +56,7 @@ var ErrHelperNotFound = errors.New("helper not found") // and no error. // // If the helper doesn't exist, it should return an [ErrHelperNotFound] error. -type HelperRunner = func(helperName string, serverURL string) (ConfigEntry, error) +type HelperRunner = func(helperName, serverURL string) (ConfigEntry, error) // configData holds the part of ~/.docker/config.json that pertains to auth. type configData struct { @@ -65,6 +65,12 @@ type configData struct { CredHelpers map[string]string `json:"credHelpers,omitempty"` } +type configSource struct { + Name string + Path string + Raw []byte +} + // authConfig contains authorization information for connecting to a Registry. type authConfig struct { // derivedFrom records the entries from which this one was derived. @@ -96,53 +102,43 @@ func LoadWithEnv(runner HelperRunner, env []string) (*ConfigFile, error) { if env != nil { getenv = getenvFunc(env) } - // DOCKER_AUTH_CONFIG has precedence, therefore check if - // it has the inlined JSON. - if data := getenv("DOCKER_AUTH_CONFIG"); data != "" { - f, err := decodeConfigFile([]byte(data)) + config := &ConfigFile{ + data: configData{ + Auths: map[string]authConfig{}, + CredsStore: "", + CredHelpers: map[string]string{}, + }, + runner: runner, + } + for _, source := range getConfigFileSources(getenv) { + data, err := source.Read() if err != nil { - return nil, fmt.Errorf("invalid config: %v", err) + return nil, fmt.Errorf("read %s: %w", source.Name, err) } - return &ConfigFile{ - data: f, - runner: runner, - }, nil - } - for _, f := range configFileLocations { - filename := f(getenv) - if filename == "" { + if len(data) == 0 { continue } - data, err := os.ReadFile(filename) - if err != nil { - if os.IsNotExist(err) { - continue - } - return nil, err - } f, err := decodeConfigFile(data) if err != nil { - return nil, fmt.Errorf("invalid config file %q: %v", filename, err) + return nil, fmt.Errorf("invalid config %s: %v", source.Name, err) } - return &ConfigFile{ - data: f, - runner: runner, - }, nil + f.mergeInto(&config.data) } - return &ConfigFile{ - runner: runner, - }, nil + return config, nil } // Load loads the auth configuration from the first location it can find. // It uses runner to run any external helper commands; if runner // is nil, [ExecHelper] will be used. // -// In order, it tries: -// - $DOCKER_AUTH_CONFIG (inlined JSON) -// - $DOCKER_CONFIG/config.json -// - ~/.docker/config.json -// - $XDG_RUNTIME_DIR/containers/auth.json +// In order, it loads: +// +// 1. $DOCKER_AUTH_CONFIG (inlined JSON) +// 2. $DOCKER_CONFIG/config.json, or ~/.docker/config.json if DOCKER_CONFIG is unset +// 3. $XDG_RUNTIME_DIR/containers/auth.json +// +// When multiple of the above sources exist, then authentication for a given +// registry hostname from earlier sources are prioritized. func Load(runner HelperRunner) (*ConfigFile, error) { return LoadWithEnv(runner, nil) } @@ -158,28 +154,71 @@ func getenvFunc(env []string) func(string) string { } } -var configFileLocations = []func(func(string) string) string{ - func(getenv func(string) string) string { - if d := getenv("DOCKER_CONFIG"); d != "" { - return filepath.Join(d, "config.json") +func getConfigFileSources(getenv func(string) string) []configSource { + var sources []configSource + if data := getenv("DOCKER_AUTH_CONFIG"); data != "" { + sources = append(sources, configSource{ + Name: "content of $DOCKER_AUTH_CONFIG", + Raw: []byte(data), + }) + } + // DOCKER_CONFIG relocates the Docker config directory, so when set it + // replaces ~/.docker rather than supplementing it, matching the Docker CLI. + if d := getenv("DOCKER_CONFIG"); d != "" { + sources = append(sources, configSource{ + Name: "file at $DOCKER_CONFIG", + Path: filepath.Join(d, "config.json"), + }) + } else if home := userHomeDir(getenv); home != "" { + sources = append(sources, configSource{ + Name: "file at ~/.docker/config.json", + Path: filepath.Join(home, ".docker", "config.json"), + }) + } + if d := getenv("XDG_RUNTIME_DIR"); d != "" { + sources = append(sources, configSource{ + Name: "file at $XDG_RUNTIME_DIR/containers/auth.json", + Path: filepath.Join(d, "containers", "auth.json"), + }) + } + return sources +} + +func (s configSource) Read() ([]byte, error) { + switch { + case s.Raw != nil: + return s.Raw, nil + case s.Path != "": + b, err := os.ReadFile(s.Path) + if err != nil && !os.IsNotExist(err) { + return nil, err } - return "" - }, - func(getenv func(string) string) string { - if home := userHomeDir(getenv); home != "" { - return filepath.Join(home, ".docker", "config.json") + return b, nil + } + return nil, nil +} + +// mergeInto merges c into other, with other taking precedence per key. +// other must have non-nil Auths and CredHelpers maps; LoadWithEnv guarantees this. +func (c configData) mergeInto(other *configData) { + for host, value := range c.Auths { + if _, alreadySet := other.Auths[host]; !alreadySet { + other.Auths[host] = value } - return "" - }, - // If neither of the above locations was found, look for Podman's auth at - // $XDG_RUNTIME_DIR/containers/auth.json and attempt to load it as a - // Docker config. - func(getenv func(string) string) string { - if d := getenv("XDG_RUNTIME_DIR"); d != "" { - return filepath.Join(d, "containers", "auth.json") + } + for host, value := range c.CredHelpers { + if _, alreadySet := other.CredHelpers[host]; !alreadySet { + other.CredHelpers[host] = value } - return "" - }, + } + // CredsStore is a global fallback helper rather than a per-host entry, so + // taking the first non-empty value means an earlier source's CredsStore + // can act as the fallback for hosts that are only defined (via Auths) in + // a later source. This is a subtle inconsistency, but expected to be rare + // in practice; revisit if it causes confusion. + if c.CredsStore != "" && other.CredsStore == "" { + other.CredsStore = c.CredsStore + } } // userHomeDir returns the current user's home directory. @@ -289,10 +328,10 @@ func decodeConfigFile(data []byte) (configData, error) { // to keep the logic the same as that. func urlHost(url string) string { stripped := url - if strings.HasPrefix(url, "http://") { - stripped = strings.TrimPrefix(url, "http://") - } else if strings.HasPrefix(url, "https://") { - stripped = strings.TrimPrefix(url, "https://") + if after, ok := strings.CutPrefix(url, "http://"); ok { + stripped = after + } else if after0, ok0 := strings.CutPrefix(url, "https://"); ok0 { + stripped = after0 } hostName, _, _ := strings.Cut(stripped, "/") @@ -316,7 +355,7 @@ func decodeAuth(authStr string) (string, string, error) { // ExecHelper executes an external program to get the credentials from a native store. // It implements [HelperRunner]. -func ExecHelper(helperName string, serverURL string) (ConfigEntry, error) { +func ExecHelper(helperName, serverURL string) (ConfigEntry, error) { return ExecHelperWithEnv(nil)(helperName, serverURL) } @@ -325,7 +364,7 @@ func ExecHelper(helperName string, serverURL string) (ConfigEntry, error) { // variables to pass to the executed helper command. If env is nil, // the current process's environment will be used. func ExecHelperWithEnv(env []string) HelperRunner { - return func(helperName string, serverURL string) (ConfigEntry, error) { + return func(helperName, serverURL string) (ConfigEntry, error) { var out bytes.Buffer cmd := exec.Command("docker-credential-"+helperName, "get") // TODO this doesn't produce a decent error message for diff --git a/vendor/cuelang.org/go/cue/format/node.go b/vendor/cuelang.org/go/cue/format/node.go index 288e57f6cd..bb4a083c66 100644 --- a/vendor/cuelang.org/go/cue/format/node.go +++ b/vendor/cuelang.org/go/cue/format/node.go @@ -228,9 +228,9 @@ func (f *formatter) walkClauseList(list []ast.Clause, ws whiteSpace) { func fallbackKeyword(n *ast.Comprehension) token.Token { if len(n.Clauses) > 1 { - return token.FALLBACK + return token.OTHERWISE } else if _, ok := n.Clauses[0].(*ast.ForClause); ok { - return token.FALLBACK + return token.OTHERWISE } return token.ELSE } diff --git a/vendor/cuelang.org/go/cue/parser/parser.go b/vendor/cuelang.org/go/cue/parser/parser.go index 1934cb46b9..7cb2502cbf 100644 --- a/vendor/cuelang.org/go/cue/parser/parser.go +++ b/vendor/cuelang.org/go/cue/parser/parser.go @@ -867,7 +867,7 @@ func (p *parser) parseComprehension() (decl ast.Decl, ident *ast.Ident) { sc.closeExpr(p, expr) var fallbackClause *ast.FallbackClause - if p.tok == token.ELSE || p.tok == token.FALLBACK { + if p.tok == token.ELSE || p.tok == token.FALLBACK || p.tok == token.OTHERWISE { fallbackClause = p.parseFallbackClause(clauses) } @@ -951,7 +951,7 @@ func (p *parser) parseField() (decl ast.Decl) { token.STRING, token.INTERPOLATION, token.NULL, token.TRUE, token.FALSE, token.FOR, token.IF, token.LET, token.IN, - token.TRY, token.ELSE, token.FALLBACK: + token.TRY, token.ELSE, token.FALLBACK, token.OTHERWISE: return &ast.EmbedDecl{Expr: expr} } fallthrough @@ -1042,7 +1042,7 @@ func (p *parser) parseLabel(rhs bool) (label ast.Label, expr ast.Expr, decl ast. } expr = ident - case token.ELSE, token.FALLBACK: + case token.ELSE, token.FALLBACK, token.OTHERWISE: // These keywords can be used as field labels expr = p.parseExpr() @@ -1264,7 +1264,7 @@ func (p *parser) parseFallbackClause(clauses []ast.Clause) *ast.FallbackClause { var pos token.Pos if isSingleGuard { // Single if/try clause: must use else - if p.tok == token.FALLBACK { + if p.tok == token.FALLBACK || p.tok == token.OTHERWISE { p.errf(p.pos, "use 'else' with single 'if' or 'try' clause") pos = p.pos p.next() @@ -1272,13 +1272,17 @@ func (p *parser) parseFallbackClause(clauses []ast.Clause) *ast.FallbackClause { pos = p.expect(token.ELSE) } } else { - // Everything else: must use fallback + // Everything else: must use otherwise (or legacy fallback) if p.tok == token.ELSE { - p.errf(p.pos, "use 'fallback' for comprehensions with multiple clauses or 'for' clauses") + p.errf(p.pos, "use 'otherwise' for comprehensions with multiple clauses or 'for' clauses") pos = p.pos p.next() } else { - pos = p.expect(token.FALLBACK) + // Accept both 'otherwise' (primary) and 'fallback' (legacy alias) + // TODO: once support for fallback token is removed, use + // p.expect(token.OTHERWISE) here instead. + pos = p.pos + p.next() } } body := p.parseStruct() @@ -1410,7 +1414,7 @@ func (p *parser) parseListElement() (expr ast.Expr, ok bool) { sc.closeExpr(p, expr) var fallbackClause *ast.FallbackClause - if p.tok == token.ELSE || p.tok == token.FALLBACK { + if p.tok == token.ELSE || p.tok == token.FALLBACK || p.tok == token.OTHERWISE { fallbackClause = p.parseFallbackClause(clauses) } diff --git a/vendor/cuelang.org/go/cue/token/token.go b/vendor/cuelang.org/go/cue/token/token.go index ee03611052..9c4be3b9e7 100644 --- a/vendor/cuelang.org/go/cue/token/token.go +++ b/vendor/cuelang.org/go/cue/token/token.go @@ -100,13 +100,15 @@ const ( keywordBeg - IF // if - ELSE // else - FOR // for - IN // in - LET // let - TRY // try - FALLBACK // fallback + IF // if + ELSE // else + FOR // for + IN // in + LET // let + TRY // try + // TODO: remove in favor of OTHERWISE + FALLBACK // fallback + OTHERWISE // otherwise // experimental FUNC // func diff --git a/vendor/cuelang.org/go/cue/token/token_string.go b/vendor/cuelang.org/go/cue/token/token_string.go index 24374da5a9..473292add2 100644 --- a/vendor/cuelang.org/go/cue/token/token_string.go +++ b/vendor/cuelang.org/go/cue/token/token_string.go @@ -67,16 +67,17 @@ func _() { _ = x[LET-56] _ = x[TRY-57] _ = x[FALLBACK-58] - _ = x[FUNC-59] - _ = x[TRUE-60] - _ = x[FALSE-61] - _ = x[NULL-62] - _ = x[keywordEnd-63] + _ = x[OTHERWISE-59] + _ = x[FUNC-60] + _ = x[TRUE-61] + _ = x[FALSE-62] + _ = x[NULL-63] + _ = x[keywordEnd-64] } -const _Token_name = "ILLEGALEOFCOMMENTATTRIBUTEliteralBegIDENTINTFLOATSTRINGINTERPOLATION_|_literalEndoperatorBeg+-*^/quoremdivmod&|&&||===<>!<-!=<=>==~!~([{,....)]};:?~operatorEndkeywordBegifelseforinlettryfallbackfunctruefalsenullkeywordEnd" +const _Token_name = "ILLEGALEOFCOMMENTATTRIBUTEliteralBegIDENTINTFLOATSTRINGINTERPOLATION_|_literalEndoperatorBeg+-*^/quoremdivmod&|&&||===<>!<-!=<=>==~!~([{,....)]};:?~operatorEndkeywordBegifelseforinlettryfallbackotherwisefunctruefalsenullkeywordEnd" -var _Token_index = [...]uint8{0, 7, 10, 17, 26, 36, 41, 44, 49, 55, 68, 71, 81, 92, 93, 94, 95, 96, 97, 100, 103, 106, 109, 110, 111, 113, 115, 116, 118, 119, 120, 121, 123, 125, 127, 129, 131, 133, 134, 135, 136, 137, 138, 141, 142, 143, 144, 145, 146, 147, 148, 159, 169, 171, 175, 178, 180, 183, 186, 194, 198, 202, 207, 211, 221} +var _Token_index = [...]uint8{0, 7, 10, 17, 26, 36, 41, 44, 49, 55, 68, 71, 81, 92, 93, 94, 95, 96, 97, 100, 103, 106, 109, 110, 111, 113, 115, 116, 118, 119, 120, 121, 123, 125, 127, 129, 131, 133, 134, 135, 136, 137, 138, 141, 142, 143, 144, 145, 146, 147, 148, 159, 169, 171, 175, 178, 180, 183, 186, 194, 203, 207, 211, 216, 220, 230} func (i Token) String() string { idx := int(i) - 0 diff --git a/vendor/cuelang.org/go/encoding/json/json.go b/vendor/cuelang.org/go/encoding/json/json.go index 97cc4d96f3..edd9aa0b0c 100644 --- a/vendor/cuelang.org/go/encoding/json/json.go +++ b/vendor/cuelang.org/go/encoding/json/json.go @@ -56,6 +56,8 @@ func Validate(b []byte, v cue.Value) error { // Extract parses JSON-encoded data to a CUE expression, using path for // position information. +// +// The result can be converted to a [cue.Value] via [cue.Context.BuildExpr]. func Extract(path string, data []byte) (ast.Expr, error) { expr, err := extract(path, data) if err != nil { @@ -114,8 +116,10 @@ type Decoder struct { readAllErr error } -// Extract converts the current JSON value to a CUE ast. It returns io.EOF +// Extract converts the current JSON value to a CUE ast. It returns [io.EOF] // if the input has been exhausted. +// +// The result can be converted to a [cue.Value] via [cue.Context.BuildExpr]. func (d *Decoder) Extract() (ast.Expr, error) { if d.readAllErr != nil { return nil, d.readAllErr diff --git a/vendor/cuelang.org/go/encoding/jsonschema/generate.go b/vendor/cuelang.org/go/encoding/jsonschema/generate.go index b8f7874467..7cfeaa7ce7 100644 --- a/vendor/cuelang.org/go/encoding/jsonschema/generate.go +++ b/vendor/cuelang.org/go/encoding/jsonschema/generate.go @@ -71,6 +71,9 @@ func (m closedMode) descend() closedMode { // Generate generates a JSON Schema for the given CUE value, // with the returned AST representing the generated JSON result. +// +// The result is typically encoded as JSON, for example by obtaining a value via +// [cue.Context.BuildExpr] and then encoding it via [encoding/json.Marshal]. func Generate(v cue.Value, cfg *GenerateConfig) (ast.Expr, error) { if err := v.Validate(); err != nil { return nil, err diff --git a/vendor/cuelang.org/go/encoding/jsonschema/jsonschema.go b/vendor/cuelang.org/go/encoding/jsonschema/jsonschema.go index 17f4d18944..d68e621c20 100644 --- a/vendor/cuelang.org/go/encoding/jsonschema/jsonschema.go +++ b/vendor/cuelang.org/go/encoding/jsonschema/jsonschema.go @@ -45,6 +45,8 @@ import ( // // The generated CUE schema is guaranteed to deem valid any value that is // a valid instance of the source JSON schema. +// +// The result can be converted to a [cue.Value] via [cue.Context.BuildFile]. func Extract(data cue.InstanceOrValue, cfg *Config) (*ast.File, error) { cfg = ref(*cfg) if cfg.MapURL == nil { diff --git a/vendor/cuelang.org/go/encoding/openapi/decode.go b/vendor/cuelang.org/go/encoding/openapi/decode.go index 71a37ee1b9..67616e8829 100644 --- a/vendor/cuelang.org/go/encoding/openapi/decode.go +++ b/vendor/cuelang.org/go/encoding/openapi/decode.go @@ -30,6 +30,8 @@ import ( // // It currently only converts entries in #/components/schema and extracts some // meta data. +// +// The result can be converted to a [cue.Value] via [cue.Context.BuildFile]. func Extract(data cue.InstanceOrValue, c *Config) (*ast.File, error) { // TODO: find a good OpenAPI validator. Both go-openapi and kin-openapi // seem outdated. The k8s one might be good, but avoid pulling in massive diff --git a/vendor/cuelang.org/go/encoding/protobuf/protobuf.go b/vendor/cuelang.org/go/encoding/protobuf/protobuf.go index 7a24aa8fc0..2a20da5505 100644 --- a/vendor/cuelang.org/go/encoding/protobuf/protobuf.go +++ b/vendor/cuelang.org/go/encoding/protobuf/protobuf.go @@ -401,7 +401,9 @@ func (b *Extractor) getInst(p *protoConverter) *build.Instance { // // Extract assumes the proto file compiles with protoc and may not report an error // if it does not. Imports are resolved using the paths defined in Config. -func Extract(filename string, src interface{}, c *Config) (f *ast.File, err error) { +// +// The result can be converted to a [cue.Value] via [cue.Context.BuildFile]. +func Extract(filename string, src any, c *Config) (f *ast.File, err error) { if c == nil { c = &Config{} } diff --git a/vendor/cuelang.org/go/encoding/toml/decode.go b/vendor/cuelang.org/go/encoding/toml/decode.go index 45d4e0a64c..609bdc45a4 100644 --- a/vendor/cuelang.org/go/encoding/toml/decode.go +++ b/vendor/cuelang.org/go/encoding/toml/decode.go @@ -116,6 +116,8 @@ type openTableArray struct { // Decode parses the input stream as TOML and converts it to a CUE [*ast.File]. // Because TOML files only contain a single top-level expression, // subsequent calls to this method may return [io.EOF]. +// +// The result can be converted to a [cue.Value] via [cue.Context.BuildExpr]. func (d *Decoder) Decode() (ast.Expr, error) { if d.decoded { return nil, io.EOF diff --git a/vendor/cuelang.org/go/encoding/xml/koala/decode.go b/vendor/cuelang.org/go/encoding/xml/koala/decode.go index e26e9474fe..19e4f39457 100644 --- a/vendor/cuelang.org/go/encoding/xml/koala/decode.go +++ b/vendor/cuelang.org/go/encoding/xml/koala/decode.go @@ -91,6 +91,8 @@ func NewDecoder(fileName string, r io.Reader) *Decoder { // Decode parses the input stream as XML and converts it to a CUE [ast.Expr]. // The input stream is taken from the [Decoder] and consumed. +// +// The result can be converted to a [cue.Value] via [cue.Context.BuildExpr]. func (dec *Decoder) Decode() (ast.Expr, error) { if dec.decoderRan { return nil, io.EOF diff --git a/vendor/cuelang.org/go/encoding/yaml/yaml.go b/vendor/cuelang.org/go/encoding/yaml/yaml.go index c0a5da3190..f4c446aae4 100644 --- a/vendor/cuelang.org/go/encoding/yaml/yaml.go +++ b/vendor/cuelang.org/go/encoding/yaml/yaml.go @@ -32,7 +32,9 @@ import ( // list. The src argument may be a nil, string, []byte, or io.Reader. If // src is nil, the result of reading the file specified by filename will // be used. -func Extract(filename string, src interface{}) (*ast.File, error) { +// +// The result can be converted to a [cue.Value] via [cue.Context.BuildFile]. +func Extract(filename string, src any) (*ast.File, error) { data, err := source.ReadAll(filename, src) if err != nil { return nil, err @@ -118,11 +120,13 @@ type Decoder struct { readAllErr error } -// Extract converts the current YAML value to a CUE ast. It returns io.EOF +// Extract converts the current YAML value to a CUE ast. It returns [io.EOF] // if the input has been exhausted. // // For YAML streams with multiple documents separated by `---`, each call to // Extract will return the next document as a separate CUE expression. +// +// The result can be converted to a [cue.Value] via [cue.Context.BuildExpr]. func (d *Decoder) Extract() (ast.Expr, error) { if d.readAllErr != nil { return nil, d.readAllErr diff --git a/vendor/cuelang.org/go/internal/astinternal/debug.go b/vendor/cuelang.org/go/internal/astinternal/debug.go index c09cb751be..bbaad73962 100644 --- a/vendor/cuelang.org/go/internal/astinternal/debug.go +++ b/vendor/cuelang.org/go/internal/astinternal/debug.go @@ -422,12 +422,12 @@ func DebugStr(x interface{}) (out string) { out := DebugStr(v.Clauses) out += DebugStr(v.Value) if v.Fallback != nil { - // Use "fallback" for 'for' comprehensions, "else" for 'if'/'try' + // Use "otherwise" for 'for' comprehensions, "else" for 'if'/'try' kw := "else" if len(v.Clauses) > 1 { - kw = "fallback" + kw = "otherwise" } else if _, ok := v.Clauses[0].(*ast.ForClause); ok { - kw = "fallback" + kw = "otherwise" } out += " " + kw + " " + DebugStr(v.Fallback.Body) } diff --git a/vendor/cuelang.org/go/internal/core/compile/compile.go b/vendor/cuelang.org/go/internal/core/compile/compile.go index a547956575..6d64cfbf02 100644 --- a/vendor/cuelang.org/go/internal/core/compile/compile.go +++ b/vendor/cuelang.org/go/internal/core/compile/compile.go @@ -847,10 +847,6 @@ func (c *compiler) decl(d ast.Decl) adt.Decl { return c.comprehension(x, false) case *ast.EmbedDecl: // Deprecated - for _, c := range ast.Comments(x.Expr) { - ast.AddComment(x, c) - } - ast.SetComments(x.Expr, ast.Comments(x)) return c.expr(x.Expr) case ast.Expr: diff --git a/vendor/cuelang.org/go/internal/core/convert/go.go b/vendor/cuelang.org/go/internal/core/convert/go.go index 1904adfb1e..71f98596b7 100644 --- a/vendor/cuelang.org/go/internal/core/convert/go.go +++ b/vendor/cuelang.org/go/internal/core/convert/go.go @@ -269,18 +269,15 @@ func fromGoValue(ctx *adt.OpContext, nilIsTop bool, val reflect.Value) (result a return n } - if _, ok := implements(typ, typesInterface); ok { - v, _ := reflect.TypeAssert[types.Interface](val) + if v, ok := typeAssert[types.Interface](val, typesInterface); ok { t := v.Core() // TODO: panic if not the same runtime. return t.V } - if _, ok := implements(typ, astExpr); ok { - v, _ := reflect.TypeAssert[ast.Expr](val) + if v, ok := typeAssert[ast.Expr](val, astExpr); ok { return compileExpr(ctx, v) } - if _, ok := implements(typ, jsonMarshaler); ok { - v, _ := reflect.TypeAssert[json.Marshaler](val) + if v, ok := typeAssert[json.Marshaler](val, jsonMarshaler); ok { b, err := v.MarshalJSON() if err != nil { return ctx.AddErr(errors.Promote(err, "json.Marshaler")) @@ -291,8 +288,7 @@ func fromGoValue(ctx *adt.OpContext, nilIsTop bool, val reflect.Value) (result a } return compileExpr(ctx, expr) } - if _, ok := implements(typ, textMarshaler); ok { - v, _ := reflect.TypeAssert[encoding.TextMarshaler](val) + if v, ok := typeAssert[encoding.TextMarshaler](val, textMarshaler); ok { b, err := v.MarshalText() if err != nil { return ctx.AddErr(errors.Promote(err, "encoding.TextMarshaler")) @@ -300,8 +296,7 @@ func fromGoValue(ctx *adt.OpContext, nilIsTop bool, val reflect.Value) (result a str := strings.ToValidUTF8(string(b), string(utf8.RuneError)) return &adt.String{Src: src, Str: str} } - if _, ok := implements(typ, goError); ok { - v, _ := reflect.TypeAssert[error](val) + if v, ok := typeAssert[error](val, goError); ok { errs, ok := v.(errors.Error) if !ok { errs = ctx.Newf("%s", v.Error()) @@ -557,20 +552,27 @@ var ( topSentinel = ast.NewIdent("_") ) -// implements is like t.Implements(ifaceType) but checks whether -// either t or reflect.PointerTo(t) implements the interface. -// It also returns false for the case where t is an interface type. -func implements(t, ifaceType reflect.Type) (needAddr, ok bool) { +// typeAssert is similar to [reflect.TypeAssert] except that +// it will also convert v to a pointer if its pointer type implements +// the given interface T, allocating a value if necessary. +func typeAssert[T any](v reflect.Value, t reflect.Type) (T, bool) { + vt := v.Type() switch { - case t.Kind() == reflect.Interface: - return false, false - case t.Implements(ifaceType): - return false, true - case reflect.PointerTo(t).Implements(ifaceType): - return true, true - default: - return false, false + case vt.Kind() == reflect.Interface: + return *new(T), false + case vt.Implements(t): + return reflect.TypeAssert[T](v) + case reflect.PointerTo(vt).Implements(t): + if v.CanAddr() { + v = v.Addr() + } else { + p := reflect.New(vt) + p.Elem().Set(v) + v = p + } + return reflect.TypeAssert[T](v) } + return *new(T), false } func fromGoType(ctx *adt.OpContext, allowNullDefault bool, t reflect.Type) (e ast.Expr, expr adt.Expr) { diff --git a/vendor/cuelang.org/go/internal/core/export/adt.go b/vendor/cuelang.org/go/internal/core/export/adt.go index 77821ab75f..205339ae40 100644 --- a/vendor/cuelang.org/go/internal/core/export/adt.go +++ b/vendor/cuelang.org/go/internal/core/export/adt.go @@ -619,7 +619,12 @@ func (e *exporter) decl(env *adt.Environment, d adt.Decl) ast.Decl { frame.labelExpr = expr // see astutil.Resolve. if x.Label != 0 { - expr = &ast.Alias{Ident: e.ident(x.Label), Expr: expr} + // Mark features used in the value expression so that + // uniqueAlias can avoid generating a conflicting name + // when the alias has the same name as a field in the value. + e.markUsedFeatures(x.Value) + name := e.uniqueAlias(e.identString(x.Label)) + expr = &ast.Alias{Ident: ast.NewIdent(name), Expr: expr} } f := &ast.Field{ Label: ast.NewList(expr), diff --git a/vendor/cuelang.org/go/internal/cueversion/version.go b/vendor/cuelang.org/go/internal/cueversion/version.go index 28b1f675e6..4472b47352 100644 --- a/vendor/cuelang.org/go/internal/cueversion/version.go +++ b/vendor/cuelang.org/go/internal/cueversion/version.go @@ -14,7 +14,7 @@ import ( // This determines the latest version of CUE that // is accepted by the module. func LanguageVersion() string { - return "v0.16.0" + return "v0.16.1" } // ModuleVersion returns the version of the cuelang.org/go module as best as can diff --git a/vendor/cuelang.org/go/pkg/encoding/hex/hex.go b/vendor/cuelang.org/go/pkg/encoding/hex/hex.go index 2e43d8b62b..62b4e25370 100644 --- a/vendor/cuelang.org/go/pkg/encoding/hex/hex.go +++ b/vendor/cuelang.org/go/pkg/encoding/hex/hex.go @@ -36,8 +36,8 @@ func DecodedLen(x int) int { // Decode returns the bytes represented by the hexadecimal string s. // -// Decode expects that src contains only hexadecimal -// characters and that src has even length. +// Decode expects that s contains only hexadecimal +// characters and that s has even length. // If the input is malformed, Decode returns // the bytes decoded before the error. func Decode(s string) ([]byte, error) { diff --git a/vendor/cuelang.org/go/pkg/html/html.go b/vendor/cuelang.org/go/pkg/html/html.go index a2a13dbdf5..ce1385c252 100644 --- a/vendor/cuelang.org/go/pkg/html/html.go +++ b/vendor/cuelang.org/go/pkg/html/html.go @@ -24,16 +24,16 @@ import "html" // Escape escapes special characters like "<" to become "<". It // escapes only five such characters: <, >, &, ' and ". -// UnescapeString(Escape(s)) == s always holds, but the converse isn't +// Unescape(Escape(s)) == s always holds, but the converse isn't // always true. func Escape(s string) string { return html.EscapeString(s) } // Unescape unescapes entities like "<" to become "<". It unescapes a -// larger range of entities than EscapeString escapes. For example, "á" +// larger range of entities than Escape escapes. For example, "á" // unescapes to "á", as does "á" and "á". -// Unescape(EscapeString(s)) == s always holds, but the converse isn't +// Unescape(Escape(s)) == s always holds, but the converse isn't // always true. func Unescape(s string) string { return html.UnescapeString(s) diff --git a/vendor/cuelang.org/go/pkg/list/sort.go b/vendor/cuelang.org/go/pkg/list/sort.go index 917572a7bc..1d5e4825b8 100644 --- a/vendor/cuelang.org/go/pkg/list/sort.go +++ b/vendor/cuelang.org/go/pkg/list/sort.go @@ -181,7 +181,7 @@ func IsSorted(list []cue.Value, cmp cue.Value) bool { return sort.IsSorted(&s) } -// IsSortedStrings tests whether a list is a sorted lists of strings. +// IsSortedStrings tests whether a list is a sorted list of strings. func IsSortedStrings(a []string) bool { return slices.IsSorted(a) } diff --git a/vendor/cuelang.org/go/pkg/net/ip.go b/vendor/cuelang.org/go/pkg/net/ip.go index 22e306c469..a4bf53f0f7 100644 --- a/vendor/cuelang.org/go/pkg/net/ip.go +++ b/vendor/cuelang.org/go/pkg/net/ip.go @@ -116,7 +116,7 @@ func netGetIPCIDR(ip cue.Value) (gonet *netip.Prefix, err error) { // The string s can be in dotted decimal ("192.0.2.1") // or IPv6 ("2001:db8::68") form. // If s is not a valid textual representation of an IP address, -// ParseIP returns nil. +// ParseIP returns an error. func ParseIP(s string) ([]uint, error) { goip, err := netip.ParseAddr(s) if err != nil { diff --git a/vendor/cuelang.org/go/pkg/regexp/manual.go b/vendor/cuelang.org/go/pkg/regexp/manual.go index a4e5825f33..9419c84097 100644 --- a/vendor/cuelang.org/go/pkg/regexp/manual.go +++ b/vendor/cuelang.org/go/pkg/regexp/manual.go @@ -62,7 +62,7 @@ import ( var errNoMatch = errors.New("no match") -// Find returns a list holding the text of the leftmost match in b of the regular expression. +// Find returns a string holding the text of the leftmost match in s of the regular expression. // A return value of bottom indicates no match. func Find(pattern, s string) (string, error) { re, err := regexp.Compile(pattern) @@ -93,7 +93,7 @@ func FindAll(pattern, s string, n int) ([]string, error) { } // FindAllNamedSubmatch is like [FindAllSubmatch], but returns a list of maps -// with the named used in capturing groups. See [FindNamedSubmatch] for an +// with the names used in capturing groups. See [FindNamedSubmatch] for an // example on how to use named groups. func FindAllNamedSubmatch(pattern, s string, n int) ([]map[string]string, error) { re, err := regexp.Compile(pattern) @@ -148,7 +148,7 @@ func FindAllSubmatch(pattern, s string, n int) ([][]string, error) { // // Output: // -// [{person: "World"}] +// {person: "World"} func FindNamedSubmatch(pattern, s string) (map[string]string, error) { re, err := regexp.Compile(pattern) if err != nil { @@ -171,8 +171,8 @@ func FindNamedSubmatch(pattern, s string) (map[string]string, error) { return r, nil } -// FindSubmatch returns a list of lists holding the text of the leftmost -// match of the regular expression in b and the matches, if any, of its +// FindSubmatch returns a list holding the text of the leftmost +// match of the regular expression in s and the matches, if any, of its // subexpressions, as defined by the 'Submatch' descriptions in the package // comment. // A return value of bottom indicates no match. @@ -197,7 +197,7 @@ func FindSubmatch(pattern, s string) ([]string, error) { // corresponding index; other names refer to capturing parentheses named with // the (?P...) syntax. A reference to an out of range or unmatched index // or a name that is not present in the regular expression is replaced with an -// empty slice. +// empty string. // // In the $name form, name is taken to be as long as possible: $1x is // equivalent to ${1x}, not ${1}x, and, $10 is equivalent to ${10}, not ${1}0. diff --git a/vendor/cuelang.org/go/pkg/strings/manual.go b/vendor/cuelang.org/go/pkg/strings/manual.go index 1e475b476c..bb9c1c4e78 100644 --- a/vendor/cuelang.org/go/pkg/strings/manual.go +++ b/vendor/cuelang.org/go/pkg/strings/manual.go @@ -13,7 +13,7 @@ // limitations under the License. // Package strings implements simple functions to manipulate UTF-8 encoded -// strings.package strings. +// strings. // // Some of the functions in this package are specifically intended as field // constraints. For instance, MaxRunes as used in this CUE program @@ -32,7 +32,7 @@ import ( "unicode/utf8" ) -// ByteAt reports the ith byte of the underlying strings or byte. +// ByteAt reports the ith byte of the underlying byte slice. func ByteAt(b []byte, i int) (byte, error) { if i < 0 || i >= len(b) { return 0, fmt.Errorf("index out of range") @@ -40,7 +40,7 @@ func ByteAt(b []byte, i int) (byte, error) { return b[i], nil } -// ByteSlice reports the bytes of the underlying string data from the start +// ByteSlice reports the bytes of the underlying byte slice from the start // index up to but not including the end index. func ByteSlice(b []byte, start, end int) ([]byte, error) { if start < 0 || start > end || end > len(b) { @@ -55,8 +55,8 @@ func Runes(s string) []rune { } // MinRunes reports whether the number of runes (Unicode codepoints) in a string -// is at least a certain minimum. MinRunes can be used a field constraint to -// except all strings for which this property holds. +// is at least a certain minimum. MinRunes can be used as a field constraint to +// accept all strings for which this property holds. func MinRunes(s string, min int) bool { // TODO: CUE strings cannot be invalid UTF-8. In case this changes, we need // to use the following conversion to count properly: @@ -65,8 +65,8 @@ func MinRunes(s string, min int) bool { } // MaxRunes reports whether the number of runes (Unicode codepoints) in a string -// exceeds a certain maximum. MaxRunes can be used a field constraint to -// except all strings for which this property holds +// exceeds a certain maximum. MaxRunes can be used as a field constraint to +// accept all strings for which this property holds. func MaxRunes(s string, max int) bool { // See comment in MinRunes implementation. return utf8.RuneCountInString(s) <= max diff --git a/vendor/cyphar.com/go-pathrs/handle_linux.go b/vendor/cyphar.com/go-pathrs/handle_linux.go index 6ed0b7af7a..78225e006a 100644 --- a/vendor/cyphar.com/go-pathrs/handle_linux.go +++ b/vendor/cyphar.com/go-pathrs/handle_linux.go @@ -17,6 +17,8 @@ import ( "fmt" "os" + "golang.org/x/sys/unix" + "cyphar.com/go-pathrs/internal/fdutils" "cyphar.com/go-pathrs/internal/libpathrs" ) @@ -56,11 +58,11 @@ func HandleFromFile(file *os.File) (*Handle, error) { // and can be opened multiple times. // // The handle returned is only usable for reading, and this is method is -// shorthand for [Handle.OpenFile] with os.O_RDONLY. +// shorthand for [Handle.OpenFile] with [unix.O_RDONLY]. // // TODO: Rename these to "Reopen" or something. func (h *Handle) Open() (*os.File, error) { - return h.OpenFile(os.O_RDONLY) + return h.OpenFile(unix.O_RDONLY) } // OpenFile creates an "upgraded" file handle to the file referenced by the @@ -71,7 +73,7 @@ func (h *Handle) Open() (*os.File, error) { // handle. // // TODO: Rename these to "Reopen" or something. -func (h *Handle) OpenFile(flags int) (*os.File, error) { +func (h *Handle) OpenFile(flags uint64) (*os.File, error) { return fdutils.WithFileFd(h.inner, func(fd uintptr) (*os.File, error) { newFd, err := libpathrs.Reopen(fd, flags) if err != nil { diff --git a/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go b/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go index d54497a5b7..d610a3be43 100644 --- a/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go +++ b/vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go @@ -60,8 +60,8 @@ func OpenRoot(path string) (uintptr, error) { } // Reopen wraps pathrs_reopen. -func Reopen(fd uintptr, flags int) (uintptr, error) { - newFd := C.pathrs_reopen(C.int(fd), C.int(flags)) +func Reopen(fd uintptr, flags uint64) (uintptr, error) { + newFd := C.pathrs_reopen(C.int(fd), C.uint64_t(flags)) return uintptr(newFd), fetchError(newFd) } @@ -84,11 +84,11 @@ func InRootResolveNoFollow(rootFd uintptr, path string) (uintptr, error) { } // InRootOpen wraps pathrs_inroot_open. -func InRootOpen(rootFd uintptr, path string, flags int) (uintptr, error) { +func InRootOpen(rootFd uintptr, path string, flags uint64) (uintptr, error) { cPath := C.CString(path) defer C.free(unsafe.Pointer(cPath)) - fd := C.pathrs_inroot_open(C.int(rootFd), cPath, C.int(flags)) + fd := C.pathrs_inroot_open(C.int(rootFd), cPath, C.uint64_t(flags)) return uintptr(fd), fetchError(fd) } @@ -145,23 +145,23 @@ func InRootRemoveAll(rootFd uintptr, path string) error { } // InRootCreat wraps pathrs_inroot_creat. -func InRootCreat(rootFd uintptr, path string, flags int, mode uint32) (uintptr, error) { +func InRootCreat(rootFd uintptr, path string, flags uint64, mode uint32) (uintptr, error) { cPath := C.CString(path) defer C.free(unsafe.Pointer(cPath)) - fd := C.pathrs_inroot_creat(C.int(rootFd), cPath, C.int(flags), C.uint(mode)) + fd := C.pathrs_inroot_creat(C.int(rootFd), cPath, C.uint64_t(flags), C.uint(mode)) return uintptr(fd), fetchError(fd) } // InRootRename wraps pathrs_inroot_rename. -func InRootRename(rootFd uintptr, src, dst string, flags uint) error { - cSrc := C.CString(src) - defer C.free(unsafe.Pointer(cSrc)) +func InRootRename(oldRootFd uintptr, oldPath string, newRootFd uintptr, newPath string, flags uint64) error { + cOldPath := C.CString(oldPath) + defer C.free(unsafe.Pointer(cOldPath)) - cDst := C.CString(dst) - defer C.free(unsafe.Pointer(cDst)) + cNewPath := C.CString(newPath) + defer C.free(unsafe.Pointer(cNewPath)) - err := C.pathrs_inroot_rename(C.int(rootFd), cSrc, cDst, C.uint(flags)) + err := C.pathrs_inroot_rename(C.int(oldRootFd), cOldPath, C.int(newRootFd), cNewPath, C.uint64_t(flags)) return fetchError(err) } @@ -193,26 +193,26 @@ func InRootMknod(rootFd uintptr, path string, mode uint32, dev uint64) error { } // InRootSymlink wraps pathrs_inroot_symlink. -func InRootSymlink(rootFd uintptr, path, target string) error { - cPath := C.CString(path) - defer C.free(unsafe.Pointer(cPath)) +func InRootSymlink(target string, rootFd uintptr, linkpath string) error { + cLinkpath := C.CString(linkpath) + defer C.free(unsafe.Pointer(cLinkpath)) cTarget := C.CString(target) defer C.free(unsafe.Pointer(cTarget)) - err := C.pathrs_inroot_symlink(C.int(rootFd), cPath, cTarget) + err := C.pathrs_inroot_symlink(cTarget, C.int(rootFd), cLinkpath) return fetchError(err) } // InRootHardlink wraps pathrs_inroot_hardlink. -func InRootHardlink(rootFd uintptr, path, target string) error { - cPath := C.CString(path) - defer C.free(unsafe.Pointer(cPath)) +func InRootHardlink(oldRootFd uintptr, oldPath string, newRootFd uintptr, newPath string, flags uint64) error { + cNewPath := C.CString(newPath) + defer C.free(unsafe.Pointer(cNewPath)) - cTarget := C.CString(target) - defer C.free(unsafe.Pointer(cTarget)) + cOldPath := C.CString(oldPath) + defer C.free(unsafe.Pointer(cOldPath)) - err := C.pathrs_inroot_hardlink(C.int(rootFd), cPath, cTarget) + err := C.pathrs_inroot_hardlink(C.int(oldRootFd), cOldPath, C.int(newRootFd), cNewPath, C.uint64_t(flags)) return fetchError(err) } @@ -277,13 +277,13 @@ func init() { func ProcPid(pid uint32) ProcBase { return ProcBaseTypePid | ProcBase(pid) } // ProcOpenat wraps pathrs_proc_openat. -func ProcOpenat(procRootFd int, base ProcBase, path string, flags int) (uintptr, error) { +func ProcOpenat(procRootFd int, base ProcBase, path string, flags uint64) (uintptr, error) { cBase := C.pathrs_proc_base_t(base) cPath := C.CString(path) defer C.free(unsafe.Pointer(cPath)) - fd := C.pathrs_proc_openat(C.int(procRootFd), cBase, cPath, C.int(flags)) + fd := C.pathrs_proc_openat(C.int(procRootFd), cBase, cPath, C.uint64_t(flags)) return uintptr(fd), fetchError(fd) } @@ -335,3 +335,31 @@ func ProcfsOpen(how *ProcfsOpenHow) (uintptr, error) { fd := C.pathrs_procfs_open((*C.pathrs_procfs_open_how)(how), C.size_t(unsafe.Sizeof(*how))) return uintptr(fd), fetchError(fd) } + +// VersionInfo is a Go-friendly form of pathrs_version_info_t (struct). +type VersionInfo struct { + VersionString string +} + +// versionInfo is pathrs_version_info_t (struct). +type versionInfo C.pathrs_version_info_t + +// Version is pathrs_version_info_t (sizeof(version) is passed automatically). +func Version() (*VersionInfo, error) { + var rawVersion versionInfo + size := C.pathrs_version((*C.pathrs_version_info_t)(&rawVersion), C.size_t(unsafe.Sizeof(rawVersion))) + switch { + case size < 0: + return nil, fetchError(size) + case size > 0: + // TODO(log): Logging? + fallthrough + default: + // TODO(log): Add a log statement if sizeof(rawVersion) is bigger than + // the number of fields we store in VersionInfo. Otherwise a rebuild + // will mask that Go callers cannot see any new fields. + return &VersionInfo{ + VersionString: C.GoString(rawVersion.version_string), + }, nil + } +} diff --git a/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go b/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go index 915e9ccdb5..6a3142646f 100644 --- a/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go +++ b/vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go @@ -127,7 +127,7 @@ func (proc *Handle) fd() int { } // TODO: Should we expose open? -func (proc *Handle) open(base ProcBase, path string, flags int) (_ *os.File, Closer ThreadCloser, Err error) { +func (proc *Handle) open(base ProcBase, path string, flags uint64) (_ *os.File, Closer ThreadCloser, Err error) { var closer ThreadCloser if base == ProcThreadSelf { runtime.LockOSThread() @@ -154,7 +154,7 @@ func (proc *Handle) open(base ProcBase, path string, flags int) (_ *os.File, Clo // (such as /proc/cpuinfo) or information about other processes (such as // /proc/1). Accessing your own process information should be done using // [Handle.OpenSelf] or [Handle.OpenThreadSelf]. -func (proc *Handle) OpenRoot(path string, flags int) (*os.File, error) { +func (proc *Handle) OpenRoot(path string, flags uint64) (*os.File, error) { file, closer, err := proc.open(ProcRoot, path, flags) if closer != nil { // should not happen @@ -180,7 +180,7 @@ func (proc *Handle) OpenRoot(path string, flags int) (*os.File, error) { // Unlike [Handle.OpenThreadSelf], this method does not involve locking // the goroutine to the current OS thread and so is simpler to use and // theoretically has slightly less overhead. -func (proc *Handle) OpenSelf(path string, flags int) (*os.File, error) { +func (proc *Handle) OpenSelf(path string, flags uint64) (*os.File, error) { file, closer, err := proc.open(ProcSelf, path, flags) if closer != nil { // should not happen @@ -198,7 +198,7 @@ func (proc *Handle) OpenSelf(path string, flags int) (*os.File, error) { // Be aware that due to PID recycling, using this is generally not safe except // in certain circumstances. See the documentation of [ProcPid] for more // details. -func (proc *Handle) OpenPid(pid int, path string, flags int) (*os.File, error) { +func (proc *Handle) OpenPid(pid int, path string, flags uint64) (*os.File, error) { file, closer, err := proc.open(ProcPid(pid), path, flags) if closer != nil { // should not happen @@ -225,7 +225,7 @@ func (proc *Handle) OpenPid(pid int, path string, flags int) (*os.File, error) { // callback MUST be called AFTER you have finished using the returned // [os.File]. This callback is completely separate to [os.File.Close], so it // must be called regardless of how you close the handle. -func (proc *Handle) OpenThreadSelf(path string, flags int) (*os.File, ThreadCloser, error) { +func (proc *Handle) OpenThreadSelf(path string, flags uint64) (*os.File, ThreadCloser, error) { return proc.open(ProcThreadSelf, path, flags) } diff --git a/vendor/cyphar.com/go-pathrs/root_linux.go b/vendor/cyphar.com/go-pathrs/root_linux.go index 5bc2e90717..4741a24a46 100644 --- a/vendor/cyphar.com/go-pathrs/root_linux.go +++ b/vendor/cyphar.com/go-pathrs/root_linux.go @@ -19,6 +19,8 @@ import ( "os" "syscall" + "golang.org/x/sys/unix" + "cyphar.com/go-pathrs/internal/fdutils" "cyphar.com/go-pathrs/internal/libpathrs" ) @@ -27,7 +29,7 @@ import ( // purpose of this "root handle" is to perform operations within the directory // tree, or to get a [Handle] to inodes within the directory tree. // -// At time of writing, it is considered a *VERY BAD IDEA* to open a [Root] +// At time of writing, it is considered a *VERY BAD IDEA* to open a Root // inside a possibly-attacker-controlled directory tree. While we do have // protections that should defend against it, it's far more dangerous than just // opening a directory tree which is not inside a potentially-untrusted @@ -68,7 +70,7 @@ func RootFromFile(file *os.File) (*Root, error) { // // All symlinks (including trailing symlinks) are followed, but they are // resolved within the rootfs. If you wish to open a handle to the symlink -// itself, use [ResolveNoFollow]. +// itself, use [Root.ResolveNoFollow]. func (r *Root) Resolve(path string) (*Handle, error) { return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*Handle, error) { handleFd, err := libpathrs.InRootResolve(rootFd, path) @@ -83,10 +85,10 @@ func (r *Root) Resolve(path string) (*Handle, error) { }) } -// ResolveNoFollow is effectively an O_NOFOLLOW version of [Resolve]. Their -// behaviour is identical, except that *trailing* symlinks will not be -// followed. If the final component is a trailing symlink, an O_PATH|O_NOFOLLOW -// handle to the symlink itself is returned. +// ResolveNoFollow is effectively an [unix.O_NOFOLLOW] version of +// [Root.Resolve]. Their behaviour is identical, except that *trailing* +// symlinks will not be followed. If the final component is a trailing symlink, +// an [unix.O_PATH]|[unix.O_NOFOLLOW] handle to the symlink itself is returned. func (r *Root) ResolveNoFollow(path string) (*Handle, error) { return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*Handle, error) { handleFd, err := libpathrs.InRootResolveNoFollow(rootFd, path) @@ -101,29 +103,29 @@ func (r *Root) ResolveNoFollow(path string) (*Handle, error) { }) } -// Open is effectively shorthand for [Resolve] followed by [Handle.Open], but -// can be slightly more efficient (it reduces CGo overhead and the number of -// syscalls used when using the openat2-based resolver) and is arguably more +// Open is effectively shorthand for [Root.Resolve] followed by [Handle.Open], +// but can be slightly more efficient (it reduces CGo overhead and the number +// of syscalls used when using the openat2-based resolver) and is arguably more // ergonomic to use. // // This is effectively equivalent to [os.Open]. func (r *Root) Open(path string) (*os.File, error) { - return r.OpenFile(path, os.O_RDONLY) + return r.OpenFile(path, unix.O_RDONLY) } -// OpenFile is effectively shorthand for [Resolve] followed by +// OpenFile is effectively shorthand for [Root.Resolve] followed by // [Handle.OpenFile], but can be slightly more efficient (it reduces CGo // overhead and the number of syscalls used when using the openat2-based // resolver) and is arguably more ergonomic to use. // -// However, if flags contains os.O_NOFOLLOW and the path is a symlink, then +// However, if flags contains [unix.O_NOFOLLOW] and the path is a symlink, then // OpenFile's behaviour will match that of openat2. In most cases an error will -// be returned, but if os.O_PATH is provided along with os.O_NOFOLLOW then a -// file equivalent to [ResolveNoFollow] will be returned instead. +// be returned, but if [unix.O_PATH] is provided along with [unix.O_NOFOLLOW] +// then a file equivalent to [Root.ResolveNoFollow] will be returned instead. // -// This is effectively equivalent to [os.OpenFile], except that os.O_CREAT is -// not supported. -func (r *Root) OpenFile(path string, flags int) (*os.File, error) { +// This is effectively equivalent to [os.OpenFile], except that [unix.O_CREAT] +// is not supported. +func (r *Root) OpenFile(path string, flags uint64) (*os.File, error) { return fdutils.WithFileFd(r.inner, func(rootFd uintptr) (*os.File, error) { fd, err := libpathrs.InRootOpen(rootFd, path, flags) if err != nil { @@ -139,7 +141,7 @@ func (r *Root) OpenFile(path string, flags int) (*os.File, error) { // // Unlike [os.Create], if the file already exists an error is created rather // than the file being opened and truncated. -func (r *Root) Create(path string, flags int, mode os.FileMode) (*os.File, error) { +func (r *Root) Create(path string, flags uint64, mode os.FileMode) (*os.File, error) { unixMode, err := toUnixMode(mode, false) if err != nil { return nil, err @@ -155,9 +157,9 @@ func (r *Root) Create(path string, flags int, mode os.FileMode) (*os.File, error // Rename two paths within a [Root]'s directory tree. The flags argument is // identical to the RENAME_* flags to the renameat2(2) system call. -func (r *Root) Rename(src, dst string, flags uint) error { +func (r *Root) Rename(src, dst string, flags uint64) error { _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { - err := libpathrs.InRootRename(rootFd, src, dst, flags) + err := libpathrs.InRootRename(rootFd, src, rootFd, dst, flags) return struct{}{}, err }) return err @@ -277,26 +279,26 @@ func (r *Root) Mknod(path string, mode os.FileMode, dev uint64) error { } // Symlink creates a symlink within a [Root]'s directory tree. The symlink is -// created at path and is a link to target. +// created at newname and is a link to oldname. // // This is effectively equivalent to [os.Symlink]. -func (r *Root) Symlink(path, target string) error { +func (r *Root) Symlink(oldname, newname string) error { _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { - err := libpathrs.InRootSymlink(rootFd, path, target) + err := libpathrs.InRootSymlink(oldname, rootFd, newname) return struct{}{}, err }) return err } // Hardlink creates a hardlink within a [Root]'s directory tree. The hardlink -// is created at path and is a link to target. Both paths are within the +// is created at newname and is a link to oldname. Both paths are within the // [Root]'s directory tree (you cannot hardlink to a different [Root] or the // host). // // This is effectively equivalent to [os.Link]. -func (r *Root) Hardlink(path, target string) error { +func (r *Root) Hardlink(oldname, newname string) error { _, err := fdutils.WithFileFd(r.inner, func(rootFd uintptr) (struct{}, error) { - err := libpathrs.InRootHardlink(rootFd, path, target) + err := libpathrs.InRootHardlink(rootFd, oldname, rootFd, newname, 0) return struct{}{}, err }) return err diff --git a/vendor/cyphar.com/go-pathrs/version_linux.go b/vendor/cyphar.com/go-pathrs/version_linux.go new file mode 100644 index 0000000000..9ed2d74eca --- /dev/null +++ b/vendor/cyphar.com/go-pathrs/version_linux.go @@ -0,0 +1,27 @@ +//go:build linux + +// SPDX-License-Identifier: MPL-2.0 +/* + * libpathrs: safe path resolution on Linux + * Copyright (C) 2026 Aleksa Sarai + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + */ + +package pathrs + +import ( + "cyphar.com/go-pathrs/internal/libpathrs" +) + +// LibraryVersionInfo contains information about the version and features +// supported by the underlying libpathrs.so library at runtime. +type LibraryVersionInfo = libpathrs.VersionInfo + +// LibraryVersion returns information about the version and features supported +// by the underlying libpathrs.so library at runtime. +func LibraryVersion() (*LibraryVersionInfo, error) { + return libpathrs.Version() +} diff --git a/vendor/github.com/aquasecurity/libbpfgo/Makefile b/vendor/github.com/aquasecurity/libbpfgo/Makefile index 7e4d2a102d..11d1a8138c 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/Makefile +++ b/vendor/github.com/aquasecurity/libbpfgo/Makefile @@ -6,7 +6,6 @@ BASEDIR = $(abspath ./) OUTPUT = ./output SELFTEST = ./selftest -HELPERS = ./helpers CLANG := clang CC := $(CLANG) @@ -124,17 +123,32 @@ endif # selftests +# To set a minimum Go version requirement for a specific selftest: +# 1. Create a .go-version file in the selftest directory (e.g., selftest/my-test/.go-version) +# 2. Add the minimum version in major.minor format (e.g., "1.21" for Go 1.21.0 or higher) +# 3. The selftest will be automatically skipped if the current Go version is lower +# Example: echo "1.21" > selftest/my-advanced-test/.go-version + +# current Go version (major.minor format) +GO_VERSION := $(shell $(GO) version | sed -n 's/.*go\([0-9]*\.[0-9]*\).*/\1/p') SELFTESTS = $(shell find $(SELFTEST) -mindepth 1 -maxdepth 1 -type d ! -name 'common' ! -name 'build') define FOREACH - SELFTESTERR=0; \ - for DIR in $(SELFTESTS); do \ - echo "INFO: entering $$DIR..."; \ - $(MAKE) -j1 -C $$DIR $(1) || SELFTESTERR=1; \ - done; \ - if [ $$SELFTESTERR -eq 1 ]; then \ - exit 1; \ - fi + SELFTESTERR=0; \ + for DIR in $(SELFTESTS); do \ + echo "INFO: entering $$DIR..."; \ + if [ -f "$$DIR/.go-version" ]; then \ + REQUIRED_VERSION=$$(cat "$$DIR/.go-version"); \ + if ! printf '%s\n%s\n' "$$REQUIRED_VERSION" "$(GO_VERSION)" | sort -V -C; then \ + echo "INFO: skipping $$DIR (requires Go $$REQUIRED_VERSION, current: $(GO_VERSION))"; \ + continue; \ + fi; \ + fi; \ + $(MAKE) -j1 -C $$DIR $(1) || SELFTESTERR=1; \ + done; \ + if [ $$SELFTESTERR -eq 1 ]; then \ + exit 1; \ + fi endef .PHONY: selftest @@ -162,25 +176,6 @@ selftest-dynamic-run: selftest-clean: $(call FOREACH, clean) -# helpers test - -.PHONY: helpers-test-run -.PHONY: helpers-test-static-run -.PHONY: helpers-test-dynamic-run - -helpers-test-run: helpers-test-static-run - -helpers-test-static-run: libbpfgo-static - cd $(HELPERS) && \ - CC=$(CLANG) \ - CGO_CFLAGS=$(CGO_CFLAGS_STATIC) \ - CGO_LDFLAGS=$(CGO_LDFLAGS_STATIC) \ - sudo -E env PATH=$(PATH) $(GO) test -v ./... - -helpers-test-dynamic-run: libbpfgo-dynamic - cd $(HELPERS) && \ - sudo $(GO) test -v ./... - # vagrant VAGRANT_DIR = $(abspath ./builder) diff --git a/vendor/github.com/aquasecurity/libbpfgo/Readme.md b/vendor/github.com/aquasecurity/libbpfgo/Readme.md index ec9306e00d..a1f027a50c 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/Readme.md +++ b/vendor/github.com/aquasecurity/libbpfgo/Readme.md @@ -37,7 +37,6 @@ Currently you will find the following GNU Makefile rules: | clean | cleans entire tree | | selftest | builds all selftests (static) | | selftest-run | runs all selftests (static) | -| helpers-test-run | runs all helpers tests (static) | * libbpf dynamically linked (libbpf from OS) @@ -47,7 +46,6 @@ Currently you will find the following GNU Makefile rules: | libbpfgo-dynamic-test | 'go test' with dynamic libbpfgo | | selftest-dynamic | build tests with dynamic libbpfgo | | selftest-dynamic-run | run tests using dynamic libbpfgo | -| helpers-test-dynamic-run | run helpers package unit tests using dynamic libbpfgo | * statically compiled (libbpf submodule) @@ -57,7 +55,6 @@ Currently you will find the following GNU Makefile rules: | libbpfgo-static-test | 'go test' with static libbpfgo | | selftest-static | build tests with static libbpfgo | | selftest-static-run | run tests using static libbpfgo | -| helpers-test-static-run | run helpers package unit tests using static libbpfgo | * examples diff --git a/vendor/github.com/aquasecurity/libbpfgo/libbpfgo.go b/vendor/github.com/aquasecurity/libbpfgo/libbpfgo.go index f6dabf2d69..98fa576803 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/libbpfgo.go +++ b/vendor/github.com/aquasecurity/libbpfgo/libbpfgo.go @@ -80,7 +80,7 @@ func SetStrictMode(mode LibbpfStrictMode) { func BPFProgramTypeIsSupported(progType BPFProgType) (bool, error) { supportedC := C.libbpf_probe_bpf_prog_type(C.enum_bpf_prog_type(int(progType)), nil) - if supportedC < 1 { + if supportedC < 0 { return false, syscall.Errno(-supportedC) } @@ -89,7 +89,7 @@ func BPFProgramTypeIsSupported(progType BPFProgType) (bool, error) { func BPFMapTypeIsSupported(mapType MapType) (bool, error) { supportedC := C.libbpf_probe_bpf_map_type(C.enum_bpf_map_type(int(mapType)), nil) - if supportedC < 1 { + if supportedC < 0 { return false, syscall.Errno(-supportedC) } diff --git a/vendor/github.com/aquasecurity/libbpfgo/map.go b/vendor/github.com/aquasecurity/libbpfgo/map.go index a9aeee87f4..10db3aa104 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/map.go +++ b/vendor/github.com/aquasecurity/libbpfgo/map.go @@ -7,6 +7,7 @@ package libbpfgo import "C" import ( + "errors" "fmt" "syscall" "unsafe" @@ -310,6 +311,8 @@ func (m *BPFMap) Unpin(pinPath string) error { return nil } +var ErrNoInnerMap = errors.New("map has no inner map") + // // BPFMap Map of Maps // @@ -324,7 +327,12 @@ func (m *BPFMap) Unpin(pinPath string) error { // https://lore.kernel.org/bpf/20200429002739.48006-4-andriin@fb.com/ func (m *BPFMap) InnerMapInfo() (*BPFMapInfo, error) { innerMapC, errno := C.bpf_map__inner_map(m.bpfMap) + if innerMapC == nil { + // EINVAL is returned if the map is not a map of maps + if errno == syscall.EINVAL { + return nil, ErrNoInnerMap + } return nil, fmt.Errorf("failed to get inner map for %s: %w", m.Name(), errno) } diff --git a/vendor/github.com/aquasecurity/libbpfgo/module.go b/vendor/github.com/aquasecurity/libbpfgo/module.go index 6967acd9cf..60b397a9d9 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/module.go +++ b/vendor/github.com/aquasecurity/libbpfgo/module.go @@ -115,9 +115,12 @@ func NewModuleFromBufferArgs(args NewModuleArgs) (*Module, error) { } C.cgo_libbpf_set_print_fn() - // TODO: remove this once libbpf memory limit bump issue is solved - if err := bumpMemlockRlimit(); err != nil { - return nil, err + // If skipped, we rely on libbpf to do the bumping if deemed necessary + if !args.SkipMemlockBump { + // TODO: remove this once libbpf memory limit bump issue is solved + if err := bumpMemlockRlimit(); err != nil { + return nil, err + } } var btfFilePathC *C.char diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go index 3219517dab..372b151248 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/config.go @@ -204,6 +204,10 @@ type Config struct { // when constructing clients for specific services. Each callback function receives the service ID // and the service's Options struct, allowing for dynamic configuration based on the service. ServiceOptions []func(string, any) + + // Controls whether the SDK restricts file permissions on credential + // cache files it creates. + RestrictFilePermissions RestrictFilePermissions } // NewConfig returns a new Config pointer that can be chained with builder diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go index 57bfbfb694..46cb77c209 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go @@ -3,4 +3,4 @@ package aws // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.41.5" +const goModuleVersion = "1.42.0" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/restrict_file_permissions.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/restrict_file_permissions.go new file mode 100644 index 0000000000..6360b657b8 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/restrict_file_permissions.go @@ -0,0 +1,21 @@ +package aws + +// RestrictFilePermissions controls whether the SDK restricts file permissions +// on credential cache files it creates. +type RestrictFilePermissions string + +const ( + // RestrictFilePermissionsUnset indicates the setting has not been + // configured. + RestrictFilePermissionsUnset RestrictFilePermissions = "" + + // RestrictFilePermissionsUserReadWrite sets file permissions to owner + // read/write only (0600) and directory permissions to owner only (0700) + // when creating new cache files and directories on Unix. This is the + // default behavior. + RestrictFilePermissionsUserReadWrite RestrictFilePermissions = "user_read_write" + + // RestrictFilePermissionsUnrestricted does not set any file or directory + // permissions, relying on the system's default umask. + RestrictFilePermissionsUnrestricted RestrictFilePermissions = "unrestricted" +) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/jitter_backoff.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/jitter_backoff.go index c266996dea..14225a53a4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/jitter_backoff.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/jitter_backoff.go @@ -4,6 +4,7 @@ import ( "math" "time" + "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/internal/rand" "github.com/aws/aws-sdk-go-v2/internal/timeconv" ) @@ -12,9 +13,20 @@ import ( // number of attempts. type ExponentialJitterBackoff struct { maxBackoff time.Duration - // precomputed number of attempts needed to reach max backoff. + // precomputed number of attempts needed to reach max backoff (legacy mode). maxBackoffAttempts float64 + // Base delay for non-throttle errors (x in the formula t_i = b * min(x * r^i, MAX_BACKOFF)). + baseDelay time.Duration + + // Throttle error checker. When set and the error is a throttle, the base + // delay is 1s regardless of the configured baseDelay. + throttle IsErrorThrottle + + // When true, applies MAX_BACKOFF before jitter and uses throttle-aware + // base delay. + retries2026 bool + randFloat64 func() (float64, error) } @@ -25,13 +37,53 @@ func NewExponentialJitterBackoff(maxBackoff time.Duration) *ExponentialJitterBac maxBackoff: maxBackoff, maxBackoffAttempts: math.Log2( float64(maxBackoff) / float64(time.Second)), + baseDelay: time.Second, randFloat64: rand.CryptoRandFloat64, } } +// exponentialJitterBackoffOption is a functional option for ExponentialJitterBackoff. +type exponentialJitterBackoffOption func(*ExponentialJitterBackoff) + +// withBaseDelay sets the base delay for non-throttle errors. +func withBaseDelay(d time.Duration) exponentialJitterBackoffOption { + return func(j *ExponentialJitterBackoff) { + j.baseDelay = d + } +} + +// withThrottleCheck sets the throttle error checker used to determine if the +// backoff should use the throttle base delay (1s) instead of the configured +// base delay. +func withThrottleCheck(t IsErrorThrottle) exponentialJitterBackoffOption { + return func(j *ExponentialJitterBackoff) { + j.throttle = t + } +} + +// newExponentialJitterBackoffWithOptions returns an ExponentialJitterBackoff +// with the given options applied. +func newExponentialJitterBackoffWithOptions(maxBackoff time.Duration, optFns ...exponentialJitterBackoffOption) *ExponentialJitterBackoff { + j := NewExponentialJitterBackoff(maxBackoff) + j.retries2026 = true + for _, fn := range optFns { + fn(j) + } + return j +} + // BackoffDelay returns the duration to wait before the next attempt should be // made. Returns an error if unable get a duration. func (j *ExponentialJitterBackoff) BackoffDelay(attempt int, err error) (time.Duration, error) { + if j.retries2026 { + return j.backoffDelay2026(attempt, err) + } + return j.backoffDelayLegacy(attempt, err) +} + +// backoffDelayLegacy preserves the original backoff formula: b * 2^i, capped +// at maxBackoff. +func (j *ExponentialJitterBackoff) backoffDelayLegacy(attempt int, err error) (time.Duration, error) { if attempt > int(j.maxBackoffAttempts) { return j.maxBackoff, nil } @@ -47,3 +99,26 @@ func (j *ExponentialJitterBackoff) BackoffDelay(attempt int, err error) (time.Du return timeconv.FloatSecondsDur(delaySeconds), nil } + +// backoffDelay2026 uses throttle-aware base delay and applies MAX_BACKOFF +// before jitter: t_i = b * min(x * 2^i, MAX_BACKOFF). +func (j *ExponentialJitterBackoff) backoffDelay2026(attempt int, err error) (time.Duration, error) { + x := j.baseDelay + if j.throttle != nil && j.throttle.IsErrorThrottle(err) == aws.TrueTernary { + x = time.Second + } + + b, randErr := j.randFloat64() + if randErr != nil { + return 0, randErr + } + + ri := math.Pow(2, float64(attempt)) + delaySeconds := float64(x) / float64(time.Second) * ri + maxBackoffSeconds := float64(j.maxBackoff) / float64(time.Second) + if delaySeconds > maxBackoffSeconds { + delaySeconds = maxBackoffSeconds + } + + return timeconv.FloatSecondsDur(b * delaySeconds), nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go index 52acb62f91..ab024de047 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go @@ -233,9 +233,11 @@ func (r *Attempt) handleAttempt( "failed to release retry token after request error, %w", err) } // Release the attempt token based on the state of the attempt's error (if any). - if releaseError := releaseAttemptToken(err); releaseError != nil && err != nil { - return out, attemptResult, nopRelease, fmt.Errorf( - "failed to release initial token after request error, %w", err) + if !newRetries2026() || attemptNum == 1 { + if releaseError := releaseAttemptToken(err); releaseError != nil && err != nil { + return out, attemptResult, nopRelease, fmt.Errorf( + "failed to release initial token after request error, %w", err) + } } // If there was no error making the attempt, nothing further to do. There // will be nothing to retry. @@ -276,6 +278,13 @@ func (r *Attempt) handleAttempt( // Get a retry token that will be released after the releaseRetryToken, retryTokenErr := r.retryer.GetRetryToken(ctx, err) if retryTokenErr != nil { + // Long-polling operations must still back off when quota is exceeded. + if newRetries2026() && internalcontext.GetIsLongPolling(ctx) { + if retryDelay, delayErr := r.retryer.RetryDelay(attemptNum-1, err); delayErr == nil { + retryDelay = adjustForRetryAfterHeader(retryDelay, err, logger, r.LogAttempts) + _ = sdk.SleepWithContext(ctx, retryDelay) + } + } return out, attemptResult, nopRelease, errors.Join(err, retryTokenErr) } @@ -285,10 +294,17 @@ func (r *Attempt) handleAttempt( // Get the retry delay before another attempt can be made, and sleep for // that time. Potentially early exist if the sleep is canceled via the // context. - retryDelay, reqErr := r.retryer.RetryDelay(attemptNum, err) + attempt := attemptNum + if newRetries2026() { + attempt = attemptNum - 1 + } + retryDelay, reqErr := r.retryer.RetryDelay(attempt, err) if reqErr != nil { return out, attemptResult, releaseRetryToken, reqErr } + if newRetries2026() { + retryDelay = adjustForRetryAfterHeader(retryDelay, err, logger, r.LogAttempts) + } if reqErr = sdk.SleepWithContext(ctx, retryDelay); reqErr != nil { err = &aws.RequestCanceledError{Err: reqErr} return out, attemptResult, releaseRetryToken, err @@ -423,6 +439,43 @@ func AddRetryMiddlewares(stack *smithymiddle.Stack, options AddRetryMiddlewaresO return nil } +// adjustForRetryAfterHeader checks for the x-amz-retry-after response header +// and clamps the backoff duration accordingly. The header value is an integer +// representing milliseconds. The result is clamped to [t_i, 5s + t_i] where +// t_i is the jittered exponential backoff duration. Invalid header values are +// ignored. +func adjustForRetryAfterHeader(backoff time.Duration, err error, logger logging.Logger, logAttempts bool) time.Duration { + var re *http.ResponseError + if !errors.As(err, &re) || re.Response == nil || re.Response.Response == nil { + return backoff + } + + headerVal := re.Response.Header.Get("X-Amz-Retry-After") + if headerVal == "" { + return backoff + } + + ms, parseErr := strconv.ParseInt(headerVal, 10, 64) + if parseErr != nil || ms < 0 { + if logAttempts { + logger.Logf(logging.Debug, "ignoring invalid x-amz-retry-after header value %q", headerVal) + } + return backoff + } + + retryAfter := time.Duration(ms) * time.Millisecond + minDuration := backoff + maxDuration := 5*time.Second + backoff + + if retryAfter < minDuration { + return minDuration + } + if retryAfter > maxDuration { + return maxDuration + } + return retryAfter +} + // Determines the value of exception.type for metrics purposes. We prefer an // API-specific error code, otherwise it's just the Go type for the value. func errorType(err error) string { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retry.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retry.go index af81635b3f..c240fb09b6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retry.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retry.go @@ -72,6 +72,19 @@ func (r *withMaxBackoffDelay) RetryDelay(attempt int, err error) (time.Duration, return r.backoff.BackoffDelay(attempt, err) } +// AddWithLongPolling returns a retryer that is marked as long-polling. +// Long-polling operations will back off even when the retry quota is +// exhausted. +func AddWithLongPolling(r aws.Retryer) aws.Retryer { + return &withLongPolling{RetryerV2: wrapAsRetryerV2(r)} +} + +type withLongPolling struct { + aws.RetryerV2 +} + +func (w *withLongPolling) IsLongPolling() bool { return true } + type wrappedAsRetryerV2 struct { aws.Retryer } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go index d5ea93222e..f2f9660da0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go @@ -3,6 +3,7 @@ package retry import ( "context" "fmt" + "os" "time" "github.com/aws/aws-sdk-go-v2/aws/ratelimit" @@ -35,8 +36,16 @@ const ( const ( DefaultRetryRateTokens uint = 500 DefaultRetryCost uint = 5 - DefaultRetryTimeoutCost uint = 10 DefaultNoRetryIncrement uint = 1 + + // DefaultRetryTimeoutCost is the cost to deduct from the RateLimiter's + // token bucket per retry caused by timeout error. + // + // When AWS_NEW_RETRIES_2026 is set to "true", timeouts are no longer + // treated differently than other transient errors. The discounted cost + // is instead applied to throttling errors via DefaultThrottlingRetryCost. + DefaultRetryTimeoutCost uint = 10 + DefaultThrottlingRetryCost uint = 5 ) // DefaultRetryableHTTPStatusCodes is the default set of HTTP status codes the SDK @@ -121,6 +130,12 @@ type StandardOptions struct { // It is safe to append to this list in NewStandard's functional options. Timeouts []IsErrorTimeout + // Set of strategies to determine if the attempt failed due to a throttle + // error. Used to determine the retry token cost. + // + // It is safe to append to this list in NewStandard's functional options. + Throttles []IsErrorThrottle + // Provides the rate limiting strategy for rate limiting attempt retries // across all attempts the retryer is being used with. // @@ -129,10 +144,14 @@ type StandardOptions struct { // consume more tokens than what's available results in operation failure. // The default implementation is parameterized as follows: // - a capacity of 500 (DefaultRetryRateTokens) - // - a retry caused by a timeout costs 10 tokens (DefaultRetryCost) - // - a retry caused by other errors costs 5 tokens (DefaultRetryTimeoutCost) + // - a retry caused by a timeout costs 10 tokens (DefaultRetryTimeoutCost) + // - a retry caused by other errors costs 5 tokens (DefaultRetryCost) // - an operation that succeeds on the 1st attempt adds 1 token (DefaultNoRetryIncrement) // + // When AWS_NEW_RETRIES_2026 is set to "true", the costs change: + // - a retry costs 14 tokens + // - a retry caused by a throttling error costs 5 tokens (DefaultThrottlingRetryCost) + // // You can disable rate limiting by setting this field to ratelimit.None. RateLimiter RateLimiter @@ -141,11 +160,23 @@ type StandardOptions struct { // The cost to deduct from the RateLimiter's token bucket per retry caused // by timeout error. + // + // When AWS_NEW_RETRIES_2026 is set to "true", this field is unused. + // Throttling errors use ThrottlingRetryCost instead. RetryTimeoutCost uint + // The cost to deduct from the RateLimiter's token bucket per retry caused + // by a throttling error. Only used when AWS_NEW_RETRIES_2026 is "true". + ThrottlingRetryCost uint + // The cost to payback to the RateLimiter's token bucket for successful // attempts. NoRetryIncrement uint + + // BaseDelay is the base backoff delay for non-throttle retryable errors. + // Throttling errors always use 1s. Defaults to 50ms if zero. + // Only used when AWS_NEW_RETRIES_2026 is "true"; ignored in legacy mode. + BaseDelay time.Duration } // RateLimiter provides the interface for limiting the rate of attempt retries @@ -161,6 +192,7 @@ type RateLimiter interface { type Standard struct { options StandardOptions + throttle IsErrorThrottle timeout IsErrorTimeout retryable IsErrorRetryable backoff BackoffDelayer @@ -169,17 +201,7 @@ type Standard struct { // NewStandard initializes a standard retry behavior with defaults that can be // overridden via functional options. func NewStandard(fnOpts ...func(*StandardOptions)) *Standard { - o := StandardOptions{ - MaxAttempts: DefaultMaxAttempts, - MaxBackoff: DefaultMaxBackoff, - Retryables: append([]IsErrorRetryable{}, DefaultRetryables...), - Timeouts: append([]IsErrorTimeout{}, DefaultTimeouts...), - - RateLimiter: ratelimit.NewTokenRateLimit(DefaultRetryRateTokens), - RetryCost: DefaultRetryCost, - RetryTimeoutCost: DefaultRetryTimeoutCost, - NoRetryIncrement: DefaultNoRetryIncrement, - } + o := standardDefaults() for _, fn := range fnOpts { fn(&o) } @@ -189,13 +211,25 @@ func NewStandard(fnOpts ...func(*StandardOptions)) *Standard { backoff := o.Backoff if backoff == nil { - backoff = NewExponentialJitterBackoff(o.MaxBackoff) + if newRetries2026() { + baseDelay := o.BaseDelay + if baseDelay == 0 { + baseDelay = 50 * time.Millisecond + } + backoff = newExponentialJitterBackoffWithOptions(o.MaxBackoff, + withBaseDelay(baseDelay), + withThrottleCheck(IsErrorThrottles(o.Throttles)), + ) + } else { + backoff = NewExponentialJitterBackoff(o.MaxBackoff) + } } return &Standard{ options: o, backoff: backoff, retryable: IsErrorRetryables(o.Retryables), + throttle: IsErrorThrottles(o.Throttles), timeout: IsErrorTimeouts(o.Timeouts), } } @@ -244,8 +278,14 @@ func (s *Standard) noRetryIncrement() error { func (s *Standard) GetRetryToken(ctx context.Context, opErr error) (func(error) error, error) { cost := s.options.RetryCost - if s.timeout.IsErrorTimeout(opErr).Bool() { - cost = s.options.RetryTimeoutCost + if newRetries2026() { + if s.throttle.IsErrorThrottle(opErr).Bool() { + cost = s.options.ThrottlingRetryCost + } + } else { + if s.timeout.IsErrorTimeout(opErr).Bool() { + cost = s.options.RetryTimeoutCost + } } fn, err := s.options.RateLimiter.GetToken(ctx, cost) @@ -267,3 +307,37 @@ func (f releaseToken) release(err error) error { return f() } + +func newRetries2026() bool { + return os.Getenv("AWS_NEW_RETRIES_2026") == "true" +} + +func standardDefaults() StandardOptions { + if newRetries2026() { + return StandardOptions{ + MaxAttempts: DefaultMaxAttempts, + MaxBackoff: DefaultMaxBackoff, + Retryables: append([]IsErrorRetryable{}, DefaultRetryables...), + Timeouts: append([]IsErrorTimeout{}, DefaultTimeouts...), + Throttles: append([]IsErrorThrottle{}, DefaultThrottles...), + + RateLimiter: ratelimit.NewTokenRateLimit(DefaultRetryRateTokens), + RetryCost: 14, + RetryTimeoutCost: DefaultRetryTimeoutCost, + ThrottlingRetryCost: DefaultThrottlingRetryCost, + NoRetryIncrement: DefaultNoRetryIncrement, + } + } + return StandardOptions{ + MaxAttempts: DefaultMaxAttempts, + MaxBackoff: DefaultMaxBackoff, + Retryables: append([]IsErrorRetryable{}, DefaultRetryables...), + Timeouts: append([]IsErrorTimeout{}, DefaultTimeouts...), + Throttles: append([]IsErrorThrottle{}, DefaultThrottles...), + + RateLimiter: ratelimit.NewTokenRateLimit(DefaultRetryRateTokens), + RetryCost: DefaultRetryCost, + RetryTimeoutCost: DefaultRetryTimeoutCost, + NoRetryIncrement: DefaultNoRetryIncrement, + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md index 404561eede..520b2379b9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md @@ -1,3 +1,60 @@ +# v1.32.26 (2026-06-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.25 (2026-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.24 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.23 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.22 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.21 (2026-06-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.20 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.19 (2026-05-28) + +* **Bug Fix**: Adds support for AWS_RESTRICT_FILE_PERMISSIONS for env and in-code config. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.18 (2026-05-22) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.17 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.16 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.32.15 (2026-04-16) + +* No change notes available for this release. + +# v1.32.14 (2026-04-02) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.32.13 (2026-03-26) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go index 498a668a30..c6a6365a39 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go @@ -96,6 +96,8 @@ var defaultAWSConfigResolvers = []awsConfigResolver{ // Sets the ServiceOptions if present in LoadOptions resolveServiceOptions, + + resolveRestrictFilePermissions, } // A Config represents a generic configuration value or set of values. This type diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go index e932c63dfb..f0619ce854 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go @@ -87,6 +87,8 @@ const ( awsResponseChecksumValidation = "AWS_RESPONSE_CHECKSUM_VALIDATION" awsAuthSchemePreferenceEnv = "AWS_AUTH_SCHEME_PREFERENCE" + + awsRestrictFilePermissionsEnv = "AWS_RESTRICT_FILE_PERMISSIONS" ) var ( @@ -309,6 +311,10 @@ type EnvConfig struct { // Priority list of preferred auth scheme names (e.g. sigv4a). AuthSchemePreference []string + + // Controls whether the SDK restricts file permissions on credential + // cache files it creates. + RestrictFilePermissions aws.RestrictFilePermissions } // loadEnvConfig reads configuration values from the OS's environment variables. @@ -422,6 +428,10 @@ func NewEnvConfig() (EnvConfig, error) { cfg.AuthSchemePreference = toAuthSchemePreferenceList(os.Getenv(awsAuthSchemePreferenceEnv)) + if err := setRestrictFilePermissionsFromEnvVal(&cfg.RestrictFilePermissions, []string{awsRestrictFilePermissionsEnv}); err != nil { + return cfg, err + } + return cfg, nil } @@ -930,3 +940,27 @@ func (c EnvConfig) getAuthSchemePreference() ([]string, bool) { } return nil, false } + +func (c EnvConfig) getRestrictFilePermissions(context.Context) (aws.RestrictFilePermissions, bool, error) { + return c.RestrictFilePermissions, len(c.RestrictFilePermissions) > 0, nil +} + +func setRestrictFilePermissionsFromEnvVal(m *aws.RestrictFilePermissions, keys []string) error { + for _, k := range keys { + value := os.Getenv(k) + if len(value) == 0 { + continue + } + + switch strings.ToLower(value) { + case "user_read_write": + *m = aws.RestrictFilePermissionsUserReadWrite + case "unrestricted": + *m = aws.RestrictFilePermissionsUnrestricted + default: + return fmt.Errorf("invalid value for environment variable, %s=%s, must be user_read_write/unrestricted", k, value) + } + break + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go index 80aee928f6..c92c427c55 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go @@ -3,4 +3,4 @@ package config // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.32.13" +const goModuleVersion = "1.32.26" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/errors.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/errors.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/errors.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/ini.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/ini.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/ini.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/ini.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/parse.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/parse.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/parse.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/sections.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/sections.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/sections.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/sections.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/strings.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/strings.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/strings.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/token.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/token.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/token.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/token.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/tokenize.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/tokenize.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/tokenize.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go b/vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/value.go similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value.go rename to vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/value.go diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go index 7cb5a13658..843ea6b7d7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go @@ -240,6 +240,10 @@ type LoadOptions struct { // when constructing clients for specific services. Each callback function receives the service ID // and the service's Options struct, allowing for dynamic configuration based on the service. ServiceOptions []func(string, any) + + // Controls whether the SDK restricts file permissions on credential + // cache files it creates. + RestrictFilePermissions aws.RestrictFilePermissions } func (o LoadOptions) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool, error) { @@ -1353,3 +1357,15 @@ func (o LoadOptions) getAuthSchemePreference() ([]string, bool) { } return nil, false } + +func (o LoadOptions) getRestrictFilePermissions(context.Context) (aws.RestrictFilePermissions, bool, error) { + return o.RestrictFilePermissions, len(o.RestrictFilePermissions) > 0, nil +} + +// WithRestrictFilePermissions sets the RestrictFilePermissions mode on config. +func WithRestrictFilePermissions(m aws.RestrictFilePermissions) LoadOptionsFunc { + return func(o *LoadOptions) error { + o.RestrictFilePermissions = m + return nil + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go index 5531249710..deabd29c82 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go @@ -784,3 +784,19 @@ func getServiceOptions(ctx context.Context, configs configs) (v []func(string, a } return v, found, err } + +type restrictFilePermissionsProvider interface { + getRestrictFilePermissions(context.Context) (aws.RestrictFilePermissions, bool, error) +} + +func getRestrictFilePermissions(ctx context.Context, configs configs) (value aws.RestrictFilePermissions, found bool, err error) { + for _, cfg := range configs { + if p, ok := cfg.(restrictFilePermissionsProvider); ok { + value, found, err = p.getRestrictFilePermissions(ctx) + if err != nil || found { + break + } + } + } + return +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go index a71c105d96..b6796fc87e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go @@ -442,3 +442,17 @@ func resolveServiceOptions(ctx context.Context, cfg *aws.Config, configs configs cfg.ServiceOptions = serviceOptions return nil } + +func resolveRestrictFilePermissions(ctx context.Context, cfg *aws.Config, configs configs) error { + m, found, err := getRestrictFilePermissions(ctx, configs) + if err != nil { + return err + } + + if !found { + m = aws.RestrictFilePermissionsUserReadWrite + } + + cfg.RestrictFilePermissions = m + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go index 4f8c324e0d..fc9d47b8ae 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go @@ -640,6 +640,7 @@ func resolveLoginCredentials(ctx context.Context, cfg *aws.Config, sharedCfg *Sh svc := signin.NewFromConfig(*cfg) provider := logincreds.New(svc, tokenPath, func(o *logincreds.Options) { o.CredentialSources = getCredentialSources(ctx) + o.RestrictPermissions = cfg.RestrictFilePermissions != aws.RestrictFilePermissionsUnrestricted }) cfg.Credentials, err = wrapWithCredentialsCache(ctx, configs, provider) if err != nil { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go index 44c616fd57..5b251f54f5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go @@ -12,8 +12,8 @@ import ( "time" "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config/internal/ini" "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" - "github.com/aws/aws-sdk-go-v2/internal/ini" "github.com/aws/aws-sdk-go-v2/internal/shareddefaults" "github.com/aws/smithy-go/logging" smithyrequestcompression "github.com/aws/smithy-go/private/requestcompression" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md index e0af6364ae..c348b8e13f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md @@ -1,3 +1,56 @@ +# v1.19.25 (2026-06-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.24 (2026-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.23 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.22 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.21 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.20 (2026-06-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.19 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.18 (2026-05-28) + +* **Bug Fix**: Create new login cache files with 0600 on Unix platforms. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.17 (2026-05-22) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.16 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.15 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.19.14 (2026-04-02) + +* **Dependency Update**: Updated to the latest SDK module versions + # v1.19.13 (2026-03-26) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go index 450279760e..084ac978f9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go @@ -3,4 +3,4 @@ package credentials // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.19.13" +const goModuleVersion = "1.19.25" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go index 6cd5281d49..a9dbe540ea 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go @@ -9,6 +9,6 @@ var openFile func(string) (io.ReadCloser, error) = func(name string) (io.ReadClo return os.Open(name) } -var createFile func(string) (io.WriteCloser, error) = func(name string) (io.WriteCloser, error) { - return os.Create(name) +var createFile func(string, os.FileMode) (io.WriteCloser, error) = func(name string, mode os.FileMode) (io.WriteCloser, error) { + return os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_TRUNC, mode) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go index 3e6357b87c..1ca2a586b0 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go @@ -42,6 +42,10 @@ type Options struct { // The path to the cached login token. CachedTokenFilepath string + // Whether to restrict file permissions on newly-written cache files. + // When true, files are created with 0600 on Unix. + RestrictPermissions bool + // The chain of providers that was used to create this provider. // // These values are for reporting purposes and are not meant to be set up @@ -145,7 +149,15 @@ func (p *Provider) saveToken(token *loginToken) error { return err } - f, err := createFile(p.options.CachedTokenFilepath) + mode := os.FileMode(0666) // matches that used by os.Create + if p.options.RestrictPermissions { + mode = 0600 + } + + // createFile DOES NOT re-create the file with new permissions if it + // already exists, so in that scenario any existing permissions are + // preserved + f, err := createFile(p.options.CachedTokenFilepath, mode) if err != nil { return err } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md index 829592ace2..a2f7103a97 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md @@ -1,3 +1,39 @@ +# v1.18.29 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.28 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.27 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.26 (2026-06-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.25 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.24 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.18.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + # v1.18.21 (2026-03-26) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go index 52c3d3923d..64d469b041 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go @@ -3,4 +3,4 @@ package imds // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.18.21" +const goModuleVersion = "1.18.29" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter_eventstream.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter_eventstream.go new file mode 100644 index 0000000000..320e888587 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter_eventstream.go @@ -0,0 +1,51 @@ +package smithy + +import ( + "context" + "fmt" + "time" + + v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + smithygo "github.com/aws/smithy-go" + "github.com/aws/smithy-go/auth" + "github.com/aws/smithy-go/eventstream" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +var _ smithyhttp.EventStreamSigner = (*V4SignerAdapter)(nil) + +// NewMessageSigner implements [smithyhttp.EventStreamSigner]. +func (v *V4SignerAdapter) NewMessageSigner(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, props smithygo.Properties) (eventstream.MessageSigner, error) { + ca, ok := identity.(*CredentialsAdapter) + if !ok { + return nil, fmt.Errorf("unexpected identity type: %T", identity) + } + + name, ok := smithyhttp.GetSigV4SigningName(&props) + if !ok { + return nil, fmt.Errorf("sigv4 signing name is required") + } + + region, ok := smithyhttp.GetSigV4SigningRegion(&props) + if !ok { + return nil, fmt.Errorf("sigv4 signing region is required") + } + + seed, err := v4.GetSignedRequestSignature(r.Request) + if err != nil { + return nil, fmt.Errorf("get seed signature: %w", err) + } + + return &streamSignerAdapter{ + signer: v4.NewStreamSigner(ca.Credentials, name, region, seed), + }, nil +} + +// streamSignerAdapter adapts v4.StreamSigner to eventstream.MessageSigner. +type streamSignerAdapter struct { + signer *v4.StreamSigner +} + +func (s *streamSignerAdapter) SignMessage(headers, payload []byte, signingTime time.Time) ([]byte, error) { + return s.signer.GetSignature(context.Background(), headers, payload, signingTime) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md index 1def5e2d9f..26f507f8b1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md @@ -1,3 +1,39 @@ +# v1.4.29 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.28 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.27 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.26 (2026-06-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.25 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.24 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + # v1.4.21 (2026-03-26) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go index 548da96016..851fed2b3e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go @@ -3,4 +3,4 @@ package configsources // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.4.21" +const goModuleVersion = "1.4.29" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go index f0c283d394..52f4ebc25c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go @@ -50,3 +50,16 @@ func GetAttemptSkewContext(ctx context.Context) time.Duration { x, _ := middleware.GetStackValue(ctx, clockSkew{}).(time.Duration) return x } + +type longPollingKey struct{} + +// SetIsLongPolling marks the operation as long-polling on the context. +func SetIsLongPolling(ctx context.Context, v bool) context.Context { + return middleware.WithStackValue(ctx, longPollingKey{}, v) +} + +// GetIsLongPolling returns whether the operation is long-polling. +func GetIsLongPolling(ctx context.Context) bool { + v, _ := middleware.GetStackValue(ctx, longPollingKey{}).(bool) + return v +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md index a2a1c183ff..508593b45a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md @@ -1,3 +1,39 @@ +# v2.7.29 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.28 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.27 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.26 (2026-06-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.25 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.24 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v2.7.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + # v2.7.21 (2026-03-26) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go index 03a0b8c038..1c161a0a73 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go @@ -3,4 +3,4 @@ package endpoints // goModuleVersion is the tagged release for this module -const goModuleVersion = "2.7.21" +const goModuleVersion = "2.7.29" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md deleted file mode 100644 index fdf434a5eb..0000000000 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md +++ /dev/null @@ -1,296 +0,0 @@ -# v1.8.6 (2026-03-13) - -* **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. - -# v1.8.5 (2026-03-03) - -* **Bug Fix**: Modernize non codegen files with go fix -* **Dependency Update**: Bump minimum Go version to 1.24 - -# v1.8.4 (2025-10-16) - -* **Dependency Update**: Bump minimum Go version to 1.23. - -# v1.8.3 (2025-02-18) - -* **Bug Fix**: Bump go version to 1.22 - -# v1.8.2 (2025-01-24) - -* **Bug Fix**: Refactor filepath.Walk to filepath.WalkDir - -# v1.8.1 (2024-08-15) - -* **Dependency Update**: Bump minimum Go version to 1.21. - -# v1.8.0 (2024-02-13) - -* **Feature**: Bump minimum Go version to 1.20 per our language support policy. - -# v1.7.3 (2024-01-22) - -* **Bug Fix**: Remove invalid escaping of shared config values. All values in the shared config file will now be interpreted literally, save for fully-quoted strings which are unwrapped for legacy reasons. - -# v1.7.2 (2023-12-08) - -* **Bug Fix**: Correct loading of [services *] sections into shared config. - -# v1.7.1 (2023-11-16) - -* **Bug Fix**: Fix recognition of trailing comments in shared config properties. # or ; separators that aren't preceded by whitespace at the end of a property value should be considered part of it. - -# v1.7.0 (2023-11-13) - -* **Feature**: Replace the legacy config parser with a modern, less-strict implementation. Parsing failures within a section will now simply ignore the invalid line rather than silently drop the entire section. - -# v1.6.0 (2023-11-09.2) - -* **Feature**: BREAKFIX: In order to support subproperty parsing, invalid property definitions must not be ignored - -# v1.5.2 (2023-11-09) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.5.1 (2023-11-07) - -* **Bug Fix**: Fix subproperty performance regression - -# v1.5.0 (2023-11-01) - -* **Feature**: Adds support for configured endpoints via environment variables and the AWS shared configuration file. -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.4.0 (2023-10-31) - -* **Feature**: **BREAKING CHANGE**: Bump minimum go version to 1.19 per the revised [go version support policy](https://aws.amazon.com/blogs/developer/aws-sdk-for-go-aligns-with-go-release-policy-on-supported-runtimes/). -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.45 (2023-10-12) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.44 (2023-10-06) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.43 (2023-09-22) - -* **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0. -* **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats. - -# v1.3.42 (2023-08-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.41 (2023-08-18) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.40 (2023-08-17) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.39 (2023-08-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.38 (2023-07-31) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.37 (2023-07-28) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.36 (2023-07-13) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.35 (2023-06-13) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.34 (2023-04-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.33 (2023-04-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.32 (2023-03-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.31 (2023-03-10) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.30 (2023-02-20) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.29 (2023-02-03) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.28 (2022-12-15) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.27 (2022-12-02) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.26 (2022-10-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.25 (2022-10-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.24 (2022-09-20) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.23 (2022-09-14) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.22 (2022-09-02) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.21 (2022-08-31) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.20 (2022-08-29) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.19 (2022-08-11) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.18 (2022-08-09) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.17 (2022-08-08) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.16 (2022-08-01) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.15 (2022-07-05) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.14 (2022-06-29) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.13 (2022-06-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.12 (2022-05-17) - -* **Bug Fix**: Removes the fuzz testing files from the module, as they are invalid and not used. -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.11 (2022-04-25) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.10 (2022-03-30) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.9 (2022-03-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.8 (2022-03-23) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.7 (2022-03-08) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.6 (2022-02-24) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.5 (2022-01-28) - -* **Bug Fix**: Fixes the SDK's handling of `duration_sections` in the shared credentials file or specified in multiple shared config and shared credentials files under the same profile. [#1568](https://github.com/aws/aws-sdk-go-v2/pull/1568). Thanks to [Amir Szekely](https://github.com/kichik) for help reproduce this bug. - -# v1.3.4 (2022-01-14) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.3 (2022-01-07) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.2 (2021-12-02) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.1 (2021-11-19) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.3.0 (2021-11-06) - -* **Feature**: The SDK now supports configuration of FIPS and DualStack endpoints using environment variables, shared configuration, or programmatically. -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.5 (2021-10-21) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.4 (2021-10-11) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.3 (2021-09-17) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.2 (2021-08-27) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.1 (2021-08-19) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.2.0 (2021-08-04) - -* **Feature**: adds error handling for defered close calls -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.1.1 (2021-07-15) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.1.0 (2021-07-01) - -* **Feature**: Support for `:`, `=`, `[`, `]` being present in expression values. - -# v1.0.1 (2021-06-25) - -* **Dependency Update**: Updated to the latest SDK module versions - -# v1.0.0 (2021-05-20) - -* **Release**: The `github.com/aws/aws-sdk-go-v2/internal/ini` package is now a Go Module. -* **Dependency Update**: Updated to the latest SDK module versions - diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md new file mode 100644 index 0000000000..554f43b5e6 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md @@ -0,0 +1,486 @@ +# v1.4.30 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.29 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.28 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.27 (2026-06-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.26 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.25 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.24 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.23 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.22 (2026-03-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.21 (2026-03-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.20 (2026-03-05) + +* **Bug Fix**: Read the correct auth property for SigV4A signing names. + +# v1.4.19 (2026-03-03) + +* **Bug Fix**: Modernize non codegen files with go fix +* **Dependency Update**: Bump minimum Go version to 1.24 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.18 (2026-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.17 (2026-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.16 (2025-12-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.15 (2025-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.24.0. Notably this version of the library reduces the allocation footprint of the middleware system. We observe a ~10% reduction in allocations per SDK call with this change. + +# v1.4.14 (2025-11-19.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.13 (2025-11-04) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.23.2 which should convey some passive reduction of overall allocations, especially when not using the metrics system. + +# v1.4.12 (2025-10-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.11 (2025-10-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.10 (2025-10-16) + +* **Dependency Update**: Bump minimum Go version to 1.23. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.9 (2025-09-26) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.8 (2025-09-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.7 (2025-09-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.6 (2025-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.5 (2025-08-27) + +* **Dependency Update**: Update to smithy-go v1.23.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.4 (2025-08-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.3 (2025-08-11) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.2 (2025-08-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.1 (2025-07-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.4.0 (2025-07-28) + +* **Feature**: Add support for HTTP interceptors. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.37 (2025-07-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.36 (2025-06-17) + +* **Dependency Update**: Update to smithy-go v1.22.4. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.35 (2025-06-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.34 (2025-02-27) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.33 (2025-02-18) + +* **Bug Fix**: Bump go version to 1.22 +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.32 (2025-02-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.31 (2025-01-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.30 (2025-01-30) + +* **Bug Fix**: Do not sign Transfer-Encoding header in Sigv4[a]. Fixes a signer mismatch issue with S3 Accelerate. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.29 (2025-01-24) + +* **Dependency Update**: Updated to the latest SDK module versions +* **Dependency Update**: Upgrade to smithy-go v1.22.2. + +# v1.3.28 (2025-01-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.27 (2025-01-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.26 (2024-12-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.25 (2024-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.24 (2024-11-18) + +* **Dependency Update**: Update to smithy-go v1.22.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.23 (2024-11-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.22 (2024-10-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.21 (2024-10-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.20 (2024-10-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.19 (2024-10-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.18 (2024-09-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.17 (2024-09-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.16 (2024-08-15) + +* **Dependency Update**: Bump minimum Go version to 1.21. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.15 (2024-07-10.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.14 (2024-07-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.13 (2024-06-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.12 (2024-06-19) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.11 (2024-06-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.10 (2024-06-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.9 (2024-06-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.8 (2024-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.7 (2024-05-16) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.6 (2024-05-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.5 (2024-03-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.4 (2024-03-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.3 (2024-03-07) + +* **Bug Fix**: Remove dependency on go-cmp. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.2 (2024-02-23) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.1 (2024-02-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.3.0 (2024-02-13) + +* **Feature**: Bump minimum Go version to 1.20 per our language support policy. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.10 (2024-01-04) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.9 (2023-12-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.8 (2023-12-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.7 (2023-11-30) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.6 (2023-11-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.5 (2023-11-28.2) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.4 (2023-11-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.3 (2023-11-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.2 (2023-11-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.1 (2023-11-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.2.0 (2023-10-31) + +* **Feature**: **BREAKING CHANGE**: Bump minimum go version to 1.19 per the revised [go version support policy](https://aws.amazon.com/blogs/developer/aws-sdk-for-go-aligns-with-go-release-policy-on-supported-runtimes/). +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.6 (2023-10-12) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.5 (2023-10-06) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.4 (2023-08-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.3 (2023-08-18) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.2 (2023-08-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.1 (2023-08-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.0 (2023-07-31) + +* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.28 (2023-07-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.27 (2023-07-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.26 (2023-06-13) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.25 (2023-04-24) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.24 (2023-04-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.23 (2023-03-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.22 (2023-03-10) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.21 (2023-02-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.20 (2023-02-14) + +* No change notes available for this release. + +# v1.0.19 (2023-02-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.18 (2022-12-15) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.17 (2022-12-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.16 (2022-10-24) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.15 (2022-10-21) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.14 (2022-09-20) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.13 (2022-09-14) + +* **Bug Fix**: Fixes an issues where an error from an underlying SigV4 credential provider would not be surfaced from the SigV4a credential provider. Contribution by [sakthipriyan-aqfer](https://github.com/sakthipriyan-aqfer). +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.12 (2022-09-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.11 (2022-08-31) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.10 (2022-08-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.9 (2022-08-11) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.8 (2022-08-09) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.7 (2022-08-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.6 (2022-08-01) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.5 (2022-07-05) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.4 (2022-06-29) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.3 (2022-06-07) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.2 (2022-05-17) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.1 (2022-04-25) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.0 (2022-04-07) + +* **Release**: New internal v4a signing module location. + diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/LICENSE.txt b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/LICENSE.txt similarity index 100% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/LICENSE.txt rename to vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/LICENSE.txt diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/credentials.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/credentials.go new file mode 100644 index 0000000000..3ae3a019e6 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/credentials.go @@ -0,0 +1,141 @@ +package v4a + +import ( + "context" + "crypto/ecdsa" + "fmt" + "sync" + "sync/atomic" + "time" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/internal/sdk" +) + +// Credentials is Context, ECDSA, and Optional Session Token that can be used +// to sign requests using SigV4a +type Credentials struct { + Context string + PrivateKey *ecdsa.PrivateKey + SessionToken string + + // Time the credentials will expire. + CanExpire bool + Expires time.Time +} + +// Expired returns if the credentials have expired. +func (v Credentials) Expired() bool { + if v.CanExpire { + return !v.Expires.After(sdk.NowTime()) + } + + return false +} + +// HasKeys returns if the credentials keys are set. +func (v Credentials) HasKeys() bool { + return len(v.Context) > 0 && v.PrivateKey != nil +} + +// SymmetricCredentialAdaptor wraps a SigV4 AccessKey/SecretKey provider and adapts the credentials +// to a ECDSA PrivateKey for signing with SiV4a +type SymmetricCredentialAdaptor struct { + SymmetricProvider aws.CredentialsProvider + + asymmetric atomic.Value + m sync.Mutex +} + +// Retrieve retrieves symmetric credentials from the underlying provider. +func (s *SymmetricCredentialAdaptor) Retrieve(ctx context.Context) (aws.Credentials, error) { + symCreds, err := s.retrieveFromSymmetricProvider(ctx) + if err != nil { + return aws.Credentials{}, err + } + + if asymCreds := s.getCreds(); asymCreds == nil { + return symCreds, nil + } + + s.m.Lock() + defer s.m.Unlock() + + asymCreds := s.getCreds() + if asymCreds == nil { + return symCreds, nil + } + + // if the context does not match the access key id clear it + if asymCreds.Context != symCreds.AccessKeyID { + s.asymmetric.Store((*Credentials)(nil)) + } + + return symCreds, nil +} + +// RetrievePrivateKey returns credentials suitable for SigV4a signing +func (s *SymmetricCredentialAdaptor) RetrievePrivateKey(ctx context.Context) (Credentials, error) { + if asymCreds := s.getCreds(); asymCreds != nil { + return *asymCreds, nil + } + + s.m.Lock() + defer s.m.Unlock() + + if asymCreds := s.getCreds(); asymCreds != nil { + return *asymCreds, nil + } + + symmetricCreds, err := s.retrieveFromSymmetricProvider(ctx) + if err != nil { + return Credentials{}, fmt.Errorf("failed to retrieve symmetric credentials: %v", err) + } + + privateKey, err := deriveKeyFromAccessKeyPair(symmetricCreds.AccessKeyID, symmetricCreds.SecretAccessKey) + if err != nil { + return Credentials{}, fmt.Errorf("failed to derive assymetric key from credentials") + } + + creds := Credentials{ + Context: symmetricCreds.AccessKeyID, + PrivateKey: privateKey, + SessionToken: symmetricCreds.SessionToken, + CanExpire: symmetricCreds.CanExpire, + Expires: symmetricCreds.Expires, + } + + s.asymmetric.Store(&creds) + + return creds, nil +} + +func (s *SymmetricCredentialAdaptor) getCreds() *Credentials { + v := s.asymmetric.Load() + + if v == nil { + return nil + } + + c := v.(*Credentials) + if c != nil && c.HasKeys() && !c.Expired() { + return c + } + + return nil +} + +func (s *SymmetricCredentialAdaptor) retrieveFromSymmetricProvider(ctx context.Context) (aws.Credentials, error) { + credentials, err := s.SymmetricProvider.Retrieve(ctx) + if err != nil { + return aws.Credentials{}, err + } + + return credentials, nil +} + +// CredentialsProvider is the interface for a provider to retrieve credentials +// to sign requests with. +type CredentialsProvider interface { + RetrievePrivateKey(context.Context) (Credentials, error) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/error.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/error.go new file mode 100644 index 0000000000..380d174271 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/error.go @@ -0,0 +1,17 @@ +package v4a + +import "fmt" + +// SigningError indicates an error condition occurred while performing SigV4a signing +type SigningError struct { + Err error +} + +func (e *SigningError) Error() string { + return fmt.Sprintf("failed to sign request: %v", e.Err) +} + +// Unwrap returns the underlying error cause +func (e *SigningError) Unwrap() error { + return e.Err +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go similarity index 74% rename from vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go rename to vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go index 1dc2e12aa8..2703ec797e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go @@ -1,6 +1,6 @@ // Code generated by internal/repotools/cmd/updatemodulemeta DO NOT EDIT. -package ini +package v4a // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.8.6" +const goModuleVersion = "1.4.30" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/compare.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/compare.go new file mode 100644 index 0000000000..1d0f25f8c2 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/compare.go @@ -0,0 +1,30 @@ +package crypto + +import "fmt" + +// ConstantTimeByteCompare is a constant-time byte comparison of x and y. This function performs an absolute comparison +// if the two byte slices assuming they represent a big-endian number. +// +// error if len(x) != len(y) +// -1 if x < y +// 0 if x == y +// +1 if x > y +func ConstantTimeByteCompare(x, y []byte) (int, error) { + if len(x) != len(y) { + return 0, fmt.Errorf("slice lengths do not match") + } + + xLarger, yLarger := 0, 0 + + for i := 0; i < len(x); i++ { + xByte, yByte := int(x[i]), int(y[i]) + + x := ((yByte - xByte) >> 8) & 1 + y := ((xByte - yByte) >> 8) & 1 + + xLarger |= x &^ yLarger + yLarger |= y &^ xLarger + } + + return xLarger - yLarger, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/ecc.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/ecc.go new file mode 100644 index 0000000000..758c73fcb3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/ecc.go @@ -0,0 +1,113 @@ +package crypto + +import ( + "bytes" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/hmac" + "encoding/asn1" + "encoding/binary" + "fmt" + "hash" + "math" + "math/big" +) + +type ecdsaSignature struct { + R, S *big.Int +} + +// ECDSAKey takes the given elliptic curve, and private key (d) byte slice +// and returns the private ECDSA key. +func ECDSAKey(curve elliptic.Curve, d []byte) *ecdsa.PrivateKey { + return ECDSAKeyFromPoint(curve, (&big.Int{}).SetBytes(d)) +} + +// ECDSAKeyFromPoint takes the given elliptic curve and point and returns the +// private and public keypair +func ECDSAKeyFromPoint(curve elliptic.Curve, d *big.Int) *ecdsa.PrivateKey { + pX, pY := curve.ScalarBaseMult(d.Bytes()) + + privKey := &ecdsa.PrivateKey{ + PublicKey: ecdsa.PublicKey{ + Curve: curve, + X: pX, + Y: pY, + }, + D: d, + } + + return privKey +} + +// ECDSAPublicKey takes the provide curve and (x, y) coordinates and returns +// *ecdsa.PublicKey. Returns an error if the given points are not on the curve. +func ECDSAPublicKey(curve elliptic.Curve, x, y []byte) (*ecdsa.PublicKey, error) { + xPoint := (&big.Int{}).SetBytes(x) + yPoint := (&big.Int{}).SetBytes(y) + + if !curve.IsOnCurve(xPoint, yPoint) { + return nil, fmt.Errorf("point(%v, %v) is not on the given curve", xPoint.String(), yPoint.String()) + } + + return &ecdsa.PublicKey{ + Curve: curve, + X: xPoint, + Y: yPoint, + }, nil +} + +// VerifySignature takes the provided public key, hash, and asn1 encoded signature and returns +// whether the given signature is valid. +func VerifySignature(key *ecdsa.PublicKey, hash []byte, signature []byte) (bool, error) { + var ecdsaSignature ecdsaSignature + + _, err := asn1.Unmarshal(signature, &ecdsaSignature) + if err != nil { + return false, err + } + + return ecdsa.Verify(key, hash, ecdsaSignature.R, ecdsaSignature.S), nil +} + +// HMACKeyDerivation provides an implementation of a NIST-800-108 of a KDF (Key Derivation Function) in Counter Mode. +// For the purposes of this implantation HMAC is used as the PRF (Pseudorandom function), where the value of +// `r` is defined as a 4 byte counter. +func HMACKeyDerivation(hash func() hash.Hash, bitLen int, key []byte, label, context []byte) ([]byte, error) { + // verify that we won't overflow the counter + n := int64(math.Ceil((float64(bitLen) / 8) / float64(hash().Size()))) + if n > 0x7FFFFFFF { + return nil, fmt.Errorf("unable to derive key of size %d using 32-bit counter", bitLen) + } + + // verify the requested bit length is not larger then the length encoding size + if int64(bitLen) > 0x7FFFFFFF { + return nil, fmt.Errorf("bitLen is greater than 32-bits") + } + + fixedInput := bytes.NewBuffer(nil) + fixedInput.Write(label) + fixedInput.WriteByte(0x00) + fixedInput.Write(context) + if err := binary.Write(fixedInput, binary.BigEndian, int32(bitLen)); err != nil { + return nil, fmt.Errorf("failed to write bit length to fixed input string: %v", err) + } + + var output []byte + + h := hmac.New(hash, key) + + for i := int64(1); i <= n; i++ { + h.Reset() + if err := binary.Write(h, binary.BigEndian, int32(i)); err != nil { + return nil, err + } + _, err := h.Write(fixedInput.Bytes()) + if err != nil { + return nil, err + } + output = append(output, h.Sum(nil)...) + } + + return output[:bitLen/8], nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/const.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/const.go new file mode 100644 index 0000000000..89a76e2eaa --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/const.go @@ -0,0 +1,36 @@ +package v4 + +const ( + // EmptyStringSHA256 is the hex encoded sha256 value of an empty string + EmptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` + + // UnsignedPayload indicates that the request payload body is unsigned + UnsignedPayload = "UNSIGNED-PAYLOAD" + + // AmzAlgorithmKey indicates the signing algorithm + AmzAlgorithmKey = "X-Amz-Algorithm" + + // AmzSecurityTokenKey indicates the security token to be used with temporary credentials + AmzSecurityTokenKey = "X-Amz-Security-Token" + + // AmzDateKey is the UTC timestamp for the request in the format YYYYMMDD'T'HHMMSS'Z' + AmzDateKey = "X-Amz-Date" + + // AmzCredentialKey is the access key ID and credential scope + AmzCredentialKey = "X-Amz-Credential" + + // AmzSignedHeadersKey is the set of headers signed for the request + AmzSignedHeadersKey = "X-Amz-SignedHeaders" + + // AmzSignatureKey is the query parameter to store the SigV4 signature + AmzSignatureKey = "X-Amz-Signature" + + // TimeFormat is the time format to be used in the X-Amz-Date header or query parameter + TimeFormat = "20060102T150405Z" + + // ShortTimeFormat is the shorten time format used in the credential scope + ShortTimeFormat = "20060102" + + // ContentSHAKey is the SHA256 of request body + ContentSHAKey = "X-Amz-Content-Sha256" +) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/header_rules.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/header_rules.go new file mode 100644 index 0000000000..a15177e8f3 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/header_rules.go @@ -0,0 +1,82 @@ +package v4 + +import ( + sdkstrings "github.com/aws/aws-sdk-go-v2/internal/strings" +) + +// Rules houses a set of Rule needed for validation of a +// string value +type Rules []Rule + +// Rule interface allows for more flexible rules and just simply +// checks whether or not a value adheres to that Rule +type Rule interface { + IsValid(value string) bool +} + +// IsValid will iterate through all rules and see if any rules +// apply to the value and supports nested rules +func (r Rules) IsValid(value string) bool { + for _, rule := range r { + if rule.IsValid(value) { + return true + } + } + return false +} + +// MapRule generic Rule for maps +type MapRule map[string]struct{} + +// IsValid for the map Rule satisfies whether it exists in the map +func (m MapRule) IsValid(value string) bool { + _, ok := m[value] + return ok +} + +// AllowList is a generic Rule for whitelisting +type AllowList struct { + Rule +} + +// IsValid for AllowList checks if the value is within the AllowList +func (w AllowList) IsValid(value string) bool { + return w.Rule.IsValid(value) +} + +// DenyList is a generic Rule for blacklisting +type DenyList struct { + Rule +} + +// IsValid for AllowList checks if the value is within the AllowList +func (b DenyList) IsValid(value string) bool { + return !b.Rule.IsValid(value) +} + +// Patterns is a list of strings to match against +type Patterns []string + +// IsValid for Patterns checks each pattern and returns if a match has +// been found +func (p Patterns) IsValid(value string) bool { + for _, pattern := range p { + if sdkstrings.HasPrefixFold(value, pattern) { + return true + } + } + return false +} + +// InclusiveRules rules allow for rules to depend on one another +type InclusiveRules []Rule + +// IsValid will return true if all rules are true +func (r InclusiveRules) IsValid(value string) bool { + for _, rule := range r { + if !rule.IsValid(value) { + return false + } + } + return true +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/headers.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/headers.go new file mode 100644 index 0000000000..688f834742 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/headers.go @@ -0,0 +1,68 @@ +package v4 + +// IgnoredHeaders is a list of headers that are ignored during signing +var IgnoredHeaders = Rules{ + DenyList{ + MapRule{ + "Authorization": struct{}{}, + "User-Agent": struct{}{}, + "X-Amzn-Trace-Id": struct{}{}, + "Transfer-Encoding": struct{}{}, + }, + }, +} + +// RequiredSignedHeaders is a whitelist for Build canonical headers. +var RequiredSignedHeaders = Rules{ + AllowList{ + MapRule{ + "Cache-Control": struct{}{}, + "Content-Disposition": struct{}{}, + "Content-Encoding": struct{}{}, + "Content-Language": struct{}{}, + "Content-Md5": struct{}{}, + "Content-Type": struct{}{}, + "Expires": struct{}{}, + "If-Match": struct{}{}, + "If-Modified-Since": struct{}{}, + "If-None-Match": struct{}{}, + "If-Unmodified-Since": struct{}{}, + "Range": struct{}{}, + "X-Amz-Acl": struct{}{}, + "X-Amz-Copy-Source": struct{}{}, + "X-Amz-Copy-Source-If-Match": struct{}{}, + "X-Amz-Copy-Source-If-Modified-Since": struct{}{}, + "X-Amz-Copy-Source-If-None-Match": struct{}{}, + "X-Amz-Copy-Source-If-Unmodified-Since": struct{}{}, + "X-Amz-Copy-Source-Range": struct{}{}, + "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{}, + "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{}, + "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, + "X-Amz-Grant-Full-control": struct{}{}, + "X-Amz-Grant-Read": struct{}{}, + "X-Amz-Grant-Read-Acp": struct{}{}, + "X-Amz-Grant-Write": struct{}{}, + "X-Amz-Grant-Write-Acp": struct{}{}, + "X-Amz-Metadata-Directive": struct{}{}, + "X-Amz-Mfa": struct{}{}, + "X-Amz-Request-Payer": struct{}{}, + "X-Amz-Server-Side-Encryption": struct{}{}, + "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{}, + "X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{}, + "X-Amz-Server-Side-Encryption-Customer-Key": struct{}{}, + "X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, + "X-Amz-Storage-Class": struct{}{}, + "X-Amz-Website-Redirect-Location": struct{}{}, + "X-Amz-Content-Sha256": struct{}{}, + "X-Amz-Tagging": struct{}{}, + }, + }, + Patterns{"X-Amz-Meta-"}, +} + +// AllowedQueryHoisting is a whitelist for Build query headers. The boolean value +// represents whether or not it is a pattern. +var AllowedQueryHoisting = InclusiveRules{ + DenyList{RequiredSignedHeaders}, + Patterns{"X-Amz-"}, +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/hmac.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/hmac.go new file mode 100644 index 0000000000..e7fa7a1b1e --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/hmac.go @@ -0,0 +1,13 @@ +package v4 + +import ( + "crypto/hmac" + "crypto/sha256" +) + +// HMACSHA256 computes a HMAC-SHA256 of data given the provided key. +func HMACSHA256(key []byte, data []byte) []byte { + hash := hmac.New(sha256.New, key) + hash.Write(data) + return hash.Sum(nil) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/host.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/host.go new file mode 100644 index 0000000000..bf93659a43 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/host.go @@ -0,0 +1,75 @@ +package v4 + +import ( + "net/http" + "strings" +) + +// SanitizeHostForHeader removes default port from host and updates request.Host +func SanitizeHostForHeader(r *http.Request) { + host := getHost(r) + port := portOnly(host) + if port != "" && isDefaultPort(r.URL.Scheme, port) { + r.Host = stripPort(host) + } +} + +// Returns host from request +func getHost(r *http.Request) string { + if r.Host != "" { + return r.Host + } + + return r.URL.Host +} + +// Hostname returns u.Host, without any port number. +// +// If Host is an IPv6 literal with a port number, Hostname returns the +// IPv6 literal without the square brackets. IPv6 literals may include +// a zone identifier. +// +// Copied from the Go 1.8 standard library (net/url) +func stripPort(hostport string) string { + colon := strings.IndexByte(hostport, ':') + if colon == -1 { + return hostport + } + if i := strings.IndexByte(hostport, ']'); i != -1 { + return strings.TrimPrefix(hostport[:i], "[") + } + return hostport[:colon] +} + +// Port returns the port part of u.Host, without the leading colon. +// If u.Host doesn't contain a port, Port returns an empty string. +// +// Copied from the Go 1.8 standard library (net/url) +func portOnly(hostport string) string { + colon := strings.IndexByte(hostport, ':') + if colon == -1 { + return "" + } + if i := strings.Index(hostport, "]:"); i != -1 { + return hostport[i+len("]:"):] + } + if strings.Contains(hostport, "]") { + return "" + } + return hostport[colon+len(":"):] +} + +// Returns true if the specified URI is using the standard port +// (i.e. port 80 for HTTP URIs or 443 for HTTPS URIs) +func isDefaultPort(scheme, port string) bool { + if port == "" { + return true + } + + lowerCaseScheme := strings.ToLower(scheme) + if (lowerCaseScheme == "http" && port == "80") || (lowerCaseScheme == "https" && port == "443") { + return true + } + + return false +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/time.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/time.go new file mode 100644 index 0000000000..1de06a765d --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/time.go @@ -0,0 +1,36 @@ +package v4 + +import "time" + +// SigningTime provides a wrapper around a time.Time which provides cached values for SigV4 signing. +type SigningTime struct { + time.Time + timeFormat string + shortTimeFormat string +} + +// NewSigningTime creates a new SigningTime given a time.Time +func NewSigningTime(t time.Time) SigningTime { + return SigningTime{ + Time: t, + } +} + +// TimeFormat provides a time formatted in the X-Amz-Date format. +func (m *SigningTime) TimeFormat() string { + return m.format(&m.timeFormat, TimeFormat) +} + +// ShortTimeFormat provides a time formatted of 20060102. +func (m *SigningTime) ShortTimeFormat() string { + return m.format(&m.shortTimeFormat, ShortTimeFormat) +} + +func (m *SigningTime) format(target *string, format string) string { + if len(*target) > 0 { + return *target + } + v := m.Time.Format(format) + *target = v + return v +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/util.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/util.go new file mode 100644 index 0000000000..741019b5f9 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/util.go @@ -0,0 +1,64 @@ +package v4 + +import ( + "net/url" + "strings" +) + +const doubleSpace = " " + +// StripExcessSpaces will rewrite the passed in slice's string values to not +// contain muliple side-by-side spaces. +func StripExcessSpaces(str string) string { + var j, k, l, m, spaces int + // Trim trailing spaces + for j = len(str) - 1; j >= 0 && str[j] == ' '; j-- { + } + + // Trim leading spaces + for k = 0; k < j && str[k] == ' '; k++ { + } + str = str[k : j+1] + + // Strip multiple spaces. + j = strings.Index(str, doubleSpace) + if j < 0 { + return str + } + + buf := []byte(str) + for k, m, l = j, j, len(buf); k < l; k++ { + if buf[k] == ' ' { + if spaces == 0 { + // First space. + buf[m] = buf[k] + m++ + } + spaces++ + } else { + // End of multiple spaces. + spaces = 0 + buf[m] = buf[k] + m++ + } + } + + return string(buf[:m]) +} + +// GetURIPath returns the escaped URI component from the provided URL +func GetURIPath(u *url.URL) string { + var uri string + + if len(u.Opaque) > 0 { + uri = "/" + strings.Join(strings.Split(u.Opaque, "/")[3:], "/") + } else { + uri = u.EscapedPath() + } + + if len(uri) == 0 { + uri = "/" + } + + return uri +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go new file mode 100644 index 0000000000..64b8b4e330 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go @@ -0,0 +1,118 @@ +package v4a + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" + "net/http" + "time" +) + +// HTTPSigner is SigV4a HTTP signer implementation +type HTTPSigner interface { + SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optfns ...func(*SignerOptions)) error +} + +// SignHTTPRequestMiddlewareOptions is the middleware options for constructing a SignHTTPRequestMiddleware. +type SignHTTPRequestMiddlewareOptions struct { + Credentials CredentialsProvider + Signer HTTPSigner + LogSigning bool +} + +// SignHTTPRequestMiddleware is a middleware for signing an HTTP request using SigV4a. +type SignHTTPRequestMiddleware struct { + credentials CredentialsProvider + signer HTTPSigner + logSigning bool +} + +// NewSignHTTPRequestMiddleware constructs a SignHTTPRequestMiddleware using the given SignHTTPRequestMiddlewareOptions. +func NewSignHTTPRequestMiddleware(options SignHTTPRequestMiddlewareOptions) *SignHTTPRequestMiddleware { + return &SignHTTPRequestMiddleware{ + credentials: options.Credentials, + signer: options.Signer, + logSigning: options.LogSigning, + } +} + +// ID the middleware identifier. +func (s *SignHTTPRequestMiddleware) ID() string { + return "Signing" +} + +// HandleFinalize signs an HTTP request using SigV4a. +func (s *SignHTTPRequestMiddleware) HandleFinalize( + ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, +) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + if !hasCredentialProvider(s.credentials) { + return next.HandleFinalize(ctx, in) + } + + req, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, fmt.Errorf("unexpected request middleware type %T", in.Request) + } + + signingName, signingRegion := awsmiddleware.GetSigningName(ctx), awsmiddleware.GetSigningRegion(ctx) + payloadHash := v4.GetPayloadHash(ctx) + if len(payloadHash) == 0 { + return out, metadata, &SigningError{Err: fmt.Errorf("computed payload hash missing from context")} + } + + credentials, err := s.credentials.RetrievePrivateKey(ctx) + if err != nil { + return out, metadata, &SigningError{Err: fmt.Errorf("failed to retrieve credentials: %w", err)} + } + + signerOptions := []func(o *SignerOptions){ + func(o *SignerOptions) { + o.Logger = middleware.GetLogger(ctx) + o.LogSigning = s.logSigning + }, + } + + // existing DisableURIPathEscaping is equivalent in purpose + // to authentication scheme property DisableDoubleEncoding + disableDoubleEncoding, overridden := internalauth.GetDisableDoubleEncoding(ctx) + if overridden { + signerOptions = append(signerOptions, func(o *SignerOptions) { + o.DisableURIPathEscaping = disableDoubleEncoding + }) + } + + err = s.signer.SignHTTP(ctx, credentials, req.Request, payloadHash, signingName, []string{signingRegion}, time.Now().UTC(), signerOptions...) + if err != nil { + return out, metadata, &SigningError{Err: fmt.Errorf("failed to sign http request, %w", err)} + } + + return next.HandleFinalize(ctx, in) +} + +func hasCredentialProvider(p CredentialsProvider) bool { + if p == nil { + return false + } + + return true +} + +// RegisterSigningMiddleware registers the SigV4a signing middleware to the stack. If a signing middleware is already +// present, this provided middleware will be swapped. Otherwise the middleware will be added at the tail of the +// finalize step. +func RegisterSigningMiddleware(stack *middleware.Stack, signingMiddleware *SignHTTPRequestMiddleware) (err error) { + const signedID = "Signing" + _, present := stack.Finalize.Get(signedID) + if present { + _, err = stack.Finalize.Swap(signedID, signingMiddleware) + } else { + err = stack.Finalize.Add(signingMiddleware, middleware.After) + } + return err +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/presign_middleware.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/presign_middleware.go new file mode 100644 index 0000000000..951fc415d5 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/presign_middleware.go @@ -0,0 +1,117 @@ +package v4a + +import ( + "context" + "fmt" + "net/http" + "time" + + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/aws-sdk-go-v2/internal/sdk" + "github.com/aws/smithy-go/middleware" + smithyHTTP "github.com/aws/smithy-go/transport/http" +) + +// HTTPPresigner is an interface to a SigV4a signer that can sign create a +// presigned URL for a HTTP requests. +type HTTPPresigner interface { + PresignHTTP( + ctx context.Context, credentials Credentials, r *http.Request, + payloadHash string, service string, regionSet []string, signingTime time.Time, + optFns ...func(*SignerOptions), + ) (url string, signedHeader http.Header, err error) +} + +// PresignHTTPRequestMiddlewareOptions is the options for the PresignHTTPRequestMiddleware middleware. +type PresignHTTPRequestMiddlewareOptions struct { + CredentialsProvider CredentialsProvider + Presigner HTTPPresigner + LogSigning bool +} + +// PresignHTTPRequestMiddleware provides the Finalize middleware for creating a +// presigned URL for an HTTP request. +// +// Will short circuit the middleware stack and not forward onto the next +// Finalize handler. +type PresignHTTPRequestMiddleware struct { + credentialsProvider CredentialsProvider + presigner HTTPPresigner + logSigning bool +} + +// NewPresignHTTPRequestMiddleware returns a new PresignHTTPRequestMiddleware +// initialized with the presigner. +func NewPresignHTTPRequestMiddleware(options PresignHTTPRequestMiddlewareOptions) *PresignHTTPRequestMiddleware { + return &PresignHTTPRequestMiddleware{ + credentialsProvider: options.CredentialsProvider, + presigner: options.Presigner, + logSigning: options.LogSigning, + } +} + +// ID provides the middleware ID. +func (*PresignHTTPRequestMiddleware) ID() string { return "PresignHTTPRequest" } + +// HandleFinalize will take the provided input and create a presigned url for +// the http request using the SigV4 presign authentication scheme. +func (s *PresignHTTPRequestMiddleware) HandleFinalize( + ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, +) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + req, ok := in.Request.(*smithyHTTP.Request) + if !ok { + return out, metadata, &SigningError{ + Err: fmt.Errorf("unexpected request middleware type %T", in.Request), + } + } + + httpReq := req.Build(ctx) + if !hasCredentialProvider(s.credentialsProvider) { + out.Result = &v4.PresignedHTTPRequest{ + URL: httpReq.URL.String(), + Method: httpReq.Method, + SignedHeader: http.Header{}, + } + + return out, metadata, nil + } + + signingName := awsmiddleware.GetSigningName(ctx) + signingRegion := awsmiddleware.GetSigningRegion(ctx) + payloadHash := v4.GetPayloadHash(ctx) + if len(payloadHash) == 0 { + return out, metadata, &SigningError{ + Err: fmt.Errorf("computed payload hash missing from context"), + } + } + + credentials, err := s.credentialsProvider.RetrievePrivateKey(ctx) + if err != nil { + return out, metadata, &SigningError{ + Err: fmt.Errorf("failed to retrieve credentials: %w", err), + } + } + + u, h, err := s.presigner.PresignHTTP(ctx, credentials, + httpReq, payloadHash, signingName, []string{signingRegion}, sdk.NowTime(), + func(o *SignerOptions) { + o.Logger = middleware.GetLogger(ctx) + o.LogSigning = s.logSigning + }) + if err != nil { + return out, metadata, &SigningError{ + Err: fmt.Errorf("failed to sign http request, %w", err), + } + } + + out.Result = &v4.PresignedHTTPRequest{ + URL: u, + Method: httpReq.Method, + SignedHeader: h, + } + + return out, metadata, nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go new file mode 100644 index 0000000000..c3b689bace --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go @@ -0,0 +1,92 @@ +package v4a + +import ( + "context" + "fmt" + "time" + + internalcontext "github.com/aws/aws-sdk-go-v2/internal/context" + + v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/aws-sdk-go-v2/internal/sdk" + "github.com/aws/smithy-go" + "github.com/aws/smithy-go/auth" + "github.com/aws/smithy-go/logging" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// CredentialsAdapter adapts v4a.Credentials to smithy auth.Identity. +type CredentialsAdapter struct { + Credentials Credentials +} + +var _ auth.Identity = (*CredentialsAdapter)(nil) + +// Expiration returns the time of expiration for the credentials. +func (v *CredentialsAdapter) Expiration() time.Time { + return v.Credentials.Expires +} + +// CredentialsProviderAdapter adapts v4a.CredentialsProvider to +// auth.IdentityResolver. +type CredentialsProviderAdapter struct { + Provider CredentialsProvider +} + +var _ (auth.IdentityResolver) = (*CredentialsProviderAdapter)(nil) + +// GetIdentity retrieves v4a credentials using the underlying provider. +func (v *CredentialsProviderAdapter) GetIdentity(ctx context.Context, _ smithy.Properties) ( + auth.Identity, error, +) { + creds, err := v.Provider.RetrievePrivateKey(ctx) + if err != nil { + return nil, fmt.Errorf("get credentials: %w", err) + } + + return &CredentialsAdapter{Credentials: creds}, nil +} + +// SignerAdapter adapts v4a.HTTPSigner to smithy http.Signer. +type SignerAdapter struct { + Signer HTTPSigner + Logger logging.Logger + LogSigning bool +} + +var _ (smithyhttp.Signer) = (*SignerAdapter)(nil) + +// SignRequest signs the request with the provided identity. +func (v *SignerAdapter) SignRequest(ctx context.Context, r *smithyhttp.Request, identity auth.Identity, props smithy.Properties) error { + ca, ok := identity.(*CredentialsAdapter) + if !ok { + return fmt.Errorf("unexpected identity type: %T", identity) + } + + name, ok := smithyhttp.GetSigV4ASigningName(&props) + if !ok { + return fmt.Errorf("sigv4a signing name is required") + } + + regions, ok := smithyhttp.GetSigV4ASigningRegions(&props) + if !ok { + return fmt.Errorf("sigv4a signing region is required") + } + + hash := v4.GetPayloadHash(ctx) + signingTime := sdk.NowTime() + if skew := internalcontext.GetAttemptSkewContext(ctx); skew != 0 { + signingTime.Add(skew) + } + err := v.Signer.SignHTTP(ctx, ca.Credentials, r.Request, hash, name, regions, signingTime, func(o *SignerOptions) { + o.DisableURIPathEscaping, _ = smithyhttp.GetDisableDoubleEncoding(&props) + + o.Logger = v.Logger + o.LogSigning = v.LogSigning + }) + if err != nil { + return fmt.Errorf("sign http: %w", err) + } + + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go new file mode 100644 index 0000000000..f226bcdced --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go @@ -0,0 +1,520 @@ +package v4a + +import ( + "bytes" + "context" + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "encoding/hex" + "fmt" + "hash" + "math/big" + "net/http" + "net/textproto" + "net/url" + "sort" + "strconv" + "strings" + "time" + + signerCrypto "github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto" + v4Internal "github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4" + "github.com/aws/smithy-go/encoding/httpbinding" + "github.com/aws/smithy-go/logging" +) + +const ( + // AmzRegionSetKey represents the region set header used for sigv4a + AmzRegionSetKey = "X-Amz-Region-Set" + amzAlgorithmKey = v4Internal.AmzAlgorithmKey + amzSecurityTokenKey = v4Internal.AmzSecurityTokenKey + amzDateKey = v4Internal.AmzDateKey + amzCredentialKey = v4Internal.AmzCredentialKey + amzSignedHeadersKey = v4Internal.AmzSignedHeadersKey + authorizationHeader = "Authorization" + + signingAlgorithm = "AWS4-ECDSA-P256-SHA256" + + timeFormat = "20060102T150405Z" + shortTimeFormat = "20060102" + + // EmptyStringSHA256 is a hex encoded SHA-256 hash of an empty string + EmptyStringSHA256 = v4Internal.EmptyStringSHA256 + + // Version of signing v4a + Version = "SigV4A" +) + +var ( + p256 elliptic.Curve + nMinusTwoP256 *big.Int + + one = new(big.Int).SetInt64(1) +) + +func init() { + // Ensure the elliptic curve parameters are initialized on package import rather then on first usage + p256 = elliptic.P256() + + nMinusTwoP256 = new(big.Int).SetBytes(p256.Params().N.Bytes()) + nMinusTwoP256 = nMinusTwoP256.Sub(nMinusTwoP256, new(big.Int).SetInt64(2)) +} + +// SignerOptions is the SigV4a signing options for constructing a Signer. +type SignerOptions struct { + Logger logging.Logger + LogSigning bool + + // Disables the Signer's moving HTTP header key/value pairs from the HTTP + // request header to the request's query string. This is most commonly used + // with pre-signed requests preventing headers from being added to the + // request's query string. + DisableHeaderHoisting bool + + // Disables the automatic escaping of the URI path of the request for the + // siganture's canonical string's path. For services that do not need additional + // escaping then use this to disable the signer escaping the path. + // + // S3 is an example of a service that does not need additional escaping. + // + // http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html + DisableURIPathEscaping bool +} + +// Signer is a SigV4a HTTP signing implementation +type Signer struct { + options SignerOptions +} + +// NewSigner constructs a SigV4a Signer. +func NewSigner(optFns ...func(*SignerOptions)) *Signer { + options := SignerOptions{} + + for _, fn := range optFns { + fn(&options) + } + + return &Signer{options: options} +} + +// deriveKeyFromAccessKeyPair derives a NIST P-256 PrivateKey from the given +// IAM AccessKey and SecretKey pair. +// +// Based on FIPS.186-4 Appendix B.4.2 +func deriveKeyFromAccessKeyPair(accessKey, secretKey string) (*ecdsa.PrivateKey, error) { + params := p256.Params() + bitLen := params.BitSize // Testing random candidates does not require an additional 64 bits + counter := 0x01 + + buffer := make([]byte, 1+len(accessKey)) // 1 byte counter + len(accessKey) + kdfContext := bytes.NewBuffer(buffer) + + inputKey := append([]byte("AWS4A"), []byte(secretKey)...) + + d := new(big.Int) + for { + kdfContext.Reset() + kdfContext.WriteString(accessKey) + kdfContext.WriteByte(byte(counter)) + + key, err := signerCrypto.HMACKeyDerivation(sha256.New, bitLen, inputKey, []byte(signingAlgorithm), kdfContext.Bytes()) + if err != nil { + return nil, err + } + + // Check key first before calling SetBytes if key key is in fact a valid candidate. + // This ensures the byte slice is the correct length (32-bytes) to compare in constant-time + cmp, err := signerCrypto.ConstantTimeByteCompare(key, nMinusTwoP256.Bytes()) + if err != nil { + return nil, err + } + if cmp == -1 { + d.SetBytes(key) + break + } + + counter++ + if counter > 0xFF { + return nil, fmt.Errorf("exhausted single byte external counter") + } + } + d = d.Add(d, one) + + priv := new(ecdsa.PrivateKey) + priv.PublicKey.Curve = p256 + priv.D = d + priv.PublicKey.X, priv.PublicKey.Y = p256.ScalarBaseMult(d.Bytes()) + + return priv, nil +} + +type httpSigner struct { + Request *http.Request + ServiceName string + RegionSet []string + Time time.Time + Credentials Credentials + IsPreSign bool + + Logger logging.Logger + Debug bool + + // PayloadHash is the hex encoded SHA-256 hash of the request payload + // If len(PayloadHash) == 0 the signer will attempt to send the request + // as an unsigned payload. Note: Unsigned payloads only work for a subset of services. + PayloadHash string + + DisableHeaderHoisting bool + DisableURIPathEscaping bool +} + +// SignHTTP takes the provided http.Request, payload hash, service, regionSet, and time and signs using SigV4a. +// The passed in request will be modified in place. +func (s *Signer) SignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) error { + options := s.options + for _, fn := range optFns { + fn(&options) + } + + signer := &httpSigner{ + Request: r, + PayloadHash: payloadHash, + ServiceName: service, + RegionSet: regionSet, + Credentials: credentials, + Time: signingTime.UTC(), + DisableHeaderHoisting: options.DisableHeaderHoisting, + DisableURIPathEscaping: options.DisableURIPathEscaping, + } + + signedRequest, err := signer.Build() + if err != nil { + return err + } + + logHTTPSigningInfo(ctx, options, signedRequest) + + return nil +} + +// PresignHTTP takes the provided http.Request, payload hash, service, regionSet, and time and presigns using SigV4a +// Returns the presigned URL along with the headers that were signed with the request. +// +// PresignHTTP will not set the expires time of the presigned request +// automatically. To specify the expire duration for a request add the +// "X-Amz-Expires" query parameter on the request with the value as the +// duration in seconds the presigned URL should be considered valid for. This +// parameter is not used by all AWS services, and is most notable used by +// Amazon S3 APIs. +func (s *Signer) PresignHTTP(ctx context.Context, credentials Credentials, r *http.Request, payloadHash string, service string, regionSet []string, signingTime time.Time, optFns ...func(*SignerOptions)) (signedURI string, signedHeaders http.Header, err error) { + options := s.options + for _, fn := range optFns { + fn(&options) + } + + signer := &httpSigner{ + Request: r, + PayloadHash: payloadHash, + ServiceName: service, + RegionSet: regionSet, + Credentials: credentials, + Time: signingTime.UTC(), + IsPreSign: true, + DisableHeaderHoisting: options.DisableHeaderHoisting, + DisableURIPathEscaping: options.DisableURIPathEscaping, + } + + signedRequest, err := signer.Build() + if err != nil { + return "", nil, err + } + + logHTTPSigningInfo(ctx, options, signedRequest) + + signedHeaders = make(http.Header) + + // For the signed headers we canonicalize the header keys in the returned map. + // This avoids situations where can standard library double headers like host header. For example the standard + // library will set the Host header, even if it is present in lower-case form. + for k, v := range signedRequest.SignedHeaders { + key := textproto.CanonicalMIMEHeaderKey(k) + signedHeaders[key] = append(signedHeaders[key], v...) + } + + return signedRequest.Request.URL.String(), signedHeaders, nil +} + +func (s *httpSigner) setRequiredSigningFields(headers http.Header, query url.Values) { + amzDate := s.Time.Format(timeFormat) + + if s.IsPreSign { + query.Set(AmzRegionSetKey, strings.Join(s.RegionSet, ",")) + query.Set(amzDateKey, amzDate) + query.Set(amzAlgorithmKey, signingAlgorithm) + if len(s.Credentials.SessionToken) > 0 { + query.Set(amzSecurityTokenKey, s.Credentials.SessionToken) + } + return + } + + headers.Set(AmzRegionSetKey, strings.Join(s.RegionSet, ",")) + headers.Set(amzDateKey, amzDate) + if len(s.Credentials.SessionToken) > 0 { + headers.Set(amzSecurityTokenKey, s.Credentials.SessionToken) + } +} + +func (s *httpSigner) Build() (signedRequest, error) { + req := s.Request + + query := req.URL.Query() + headers := req.Header + + s.setRequiredSigningFields(headers, query) + + // Sort Each Query Key's Values + for key := range query { + sort.Strings(query[key]) + } + + v4Internal.SanitizeHostForHeader(req) + + credentialScope := s.buildCredentialScope() + credentialStr := s.Credentials.Context + "/" + credentialScope + if s.IsPreSign { + query.Set(amzCredentialKey, credentialStr) + } + + unsignedHeaders := headers + if s.IsPreSign && !s.DisableHeaderHoisting { + urlValues := url.Values{} + urlValues, unsignedHeaders = buildQuery(v4Internal.AllowedQueryHoisting, unsignedHeaders) + for k := range urlValues { + query[k] = urlValues[k] + } + } + + host := req.URL.Host + if len(req.Host) > 0 { + host = req.Host + } + + signedHeaders, signedHeadersStr, canonicalHeaderStr := s.buildCanonicalHeaders(host, v4Internal.IgnoredHeaders, unsignedHeaders, s.Request.ContentLength) + + if s.IsPreSign { + query.Set(amzSignedHeadersKey, signedHeadersStr) + } + + rawQuery := strings.Replace(query.Encode(), "+", "%20", -1) + + canonicalURI := v4Internal.GetURIPath(req.URL) + if !s.DisableURIPathEscaping { + canonicalURI = httpbinding.EscapePath(canonicalURI, false) + } + + canonicalString := s.buildCanonicalString( + req.Method, + canonicalURI, + rawQuery, + signedHeadersStr, + canonicalHeaderStr, + ) + + strToSign := s.buildStringToSign(credentialScope, canonicalString) + signingSignature, err := s.buildSignature(strToSign) + if err != nil { + return signedRequest{}, err + } + + if s.IsPreSign { + rawQuery += "&X-Amz-Signature=" + signingSignature + } else { + headers[authorizationHeader] = append(headers[authorizationHeader][:0], buildAuthorizationHeader(credentialStr, signedHeadersStr, signingSignature)) + } + + req.URL.RawQuery = rawQuery + + return signedRequest{ + Request: req, + SignedHeaders: signedHeaders, + CanonicalString: canonicalString, + StringToSign: strToSign, + PreSigned: s.IsPreSign, + }, nil +} + +func buildAuthorizationHeader(credentialStr, signedHeadersStr, signingSignature string) string { + const credential = "Credential=" + const signedHeaders = "SignedHeaders=" + const signature = "Signature=" + const commaSpace = ", " + + var parts strings.Builder + parts.Grow(len(signingAlgorithm) + 1 + + len(credential) + len(credentialStr) + len(commaSpace) + + len(signedHeaders) + len(signedHeadersStr) + len(commaSpace) + + len(signature) + len(signingSignature), + ) + parts.WriteString(signingAlgorithm) + parts.WriteRune(' ') + parts.WriteString(credential) + parts.WriteString(credentialStr) + parts.WriteString(commaSpace) + parts.WriteString(signedHeaders) + parts.WriteString(signedHeadersStr) + parts.WriteString(commaSpace) + parts.WriteString(signature) + parts.WriteString(signingSignature) + return parts.String() +} + +func (s *httpSigner) buildCredentialScope() string { + return strings.Join([]string{ + s.Time.Format(shortTimeFormat), + s.ServiceName, + "aws4_request", + }, "/") + +} + +func buildQuery(r v4Internal.Rule, header http.Header) (url.Values, http.Header) { + query := url.Values{} + unsignedHeaders := http.Header{} + for k, h := range header { + if r.IsValid(k) { + query[k] = h + } else { + unsignedHeaders[k] = h + } + } + + return query, unsignedHeaders +} + +func (s *httpSigner) buildCanonicalHeaders(host string, rule v4Internal.Rule, header http.Header, length int64) (signed http.Header, signedHeaders, canonicalHeadersStr string) { + signed = make(http.Header) + + var headers []string + const hostHeader = "host" + headers = append(headers, hostHeader) + signed[hostHeader] = append(signed[hostHeader], host) + + if length > 0 { + const contentLengthHeader = "content-length" + headers = append(headers, contentLengthHeader) + signed[contentLengthHeader] = append(signed[contentLengthHeader], strconv.FormatInt(length, 10)) + } + + for k, v := range header { + if !rule.IsValid(k) { + continue // ignored header + } + + lowerCaseKey := strings.ToLower(k) + if _, ok := signed[lowerCaseKey]; ok { + // include additional values + signed[lowerCaseKey] = append(signed[lowerCaseKey], v...) + continue + } + + headers = append(headers, lowerCaseKey) + signed[lowerCaseKey] = v + } + sort.Strings(headers) + + signedHeaders = strings.Join(headers, ";") + + var canonicalHeaders strings.Builder + n := len(headers) + const colon = ':' + for i := range n { + if headers[i] == hostHeader { + canonicalHeaders.WriteString(hostHeader) + canonicalHeaders.WriteRune(colon) + canonicalHeaders.WriteString(v4Internal.StripExcessSpaces(host)) + } else { + canonicalHeaders.WriteString(headers[i]) + canonicalHeaders.WriteRune(colon) + // Trim out leading, trailing, and dedup inner spaces from signed header values. + values := signed[headers[i]] + for j, v := range values { + cleanedValue := strings.TrimSpace(v4Internal.StripExcessSpaces(v)) + canonicalHeaders.WriteString(cleanedValue) + if j < len(values)-1 { + canonicalHeaders.WriteRune(',') + } + } + } + canonicalHeaders.WriteRune('\n') + } + canonicalHeadersStr = canonicalHeaders.String() + + return signed, signedHeaders, canonicalHeadersStr +} + +func (s *httpSigner) buildCanonicalString(method, uri, query, signedHeaders, canonicalHeaders string) string { + return strings.Join([]string{ + method, + uri, + query, + canonicalHeaders, + signedHeaders, + s.PayloadHash, + }, "\n") +} + +func (s *httpSigner) buildStringToSign(credentialScope, canonicalRequestString string) string { + return strings.Join([]string{ + signingAlgorithm, + s.Time.Format(timeFormat), + credentialScope, + hex.EncodeToString(makeHash(sha256.New(), []byte(canonicalRequestString))), + }, "\n") +} + +func makeHash(hash hash.Hash, b []byte) []byte { + hash.Reset() + hash.Write(b) + return hash.Sum(nil) +} + +func (s *httpSigner) buildSignature(strToSign string) (string, error) { + sig, err := s.Credentials.PrivateKey.Sign(rand.Reader, makeHash(sha256.New(), []byte(strToSign)), crypto.SHA256) + if err != nil { + return "", err + } + return hex.EncodeToString(sig), nil +} + +const logSignInfoMsg = `Request Signature: +---[ CANONICAL STRING ]----------------------------- +%s +---[ STRING TO SIGN ]-------------------------------- +%s%s +-----------------------------------------------------` +const logSignedURLMsg = ` +---[ SIGNED URL ]------------------------------------ +%s` + +func logHTTPSigningInfo(ctx context.Context, options SignerOptions, r signedRequest) { + if !options.LogSigning { + return + } + signedURLMsg := "" + if r.PreSigned { + signedURLMsg = fmt.Sprintf(logSignedURLMsg, r.Request.URL.String()) + } + logger := logging.WithContext(ctx, options.Logger) + logger.Logf(logging.Debug, logSignInfoMsg, r.CanonicalString, r.StringToSign, signedURLMsg) +} + +type signedRequest struct { + Request *http.Request + SignedHeaders http.Header + CanonicalString string + StringToSign string + PreSigned bool +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md index 28ad26d262..5e7219e2c9 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md @@ -1,3 +1,13 @@ +# v1.38.15 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.38.14 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + # v1.38.13 (2026-03-26) * **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go index 28a81908a3..0c4ed76924 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go @@ -3,4 +3,4 @@ package ecrpublic // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.38.13" +const goModuleVersion = "1.38.15" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md index 497d372304..2fb0269e71 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md @@ -1,3 +1,23 @@ +# v1.13.12 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. + +# v1.13.11 (2026-06-03) + +* No change notes available for this release. + +# v1.13.10 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. + +# v1.13.9 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. + +# v1.13.8 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait + # v1.13.7 (2026-03-13) * **Bug Fix**: Replace usages of the old ioutil/ package throughout the SDK. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go index 5679a2b2b1..b769e84273 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go @@ -3,4 +3,4 @@ package acceptencoding // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.7" +const goModuleVersion = "1.13.12" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md index 7c5e13816e..2a082b44f7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md @@ -1,3 +1,39 @@ +# v1.13.29 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.28 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.27 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.26 (2026-06-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.25 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.24 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.13.22 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + # v1.13.21 (2026-03-26) * **Dependency Update**: Updated to the latest SDK module versions diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go index 456855e885..84b406a784 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go @@ -3,4 +3,4 @@ package presignedurl // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.21" +const goModuleVersion = "1.13.29" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md index d93bf5e7cc..cf926f5bc5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/CHANGELOG.md @@ -1,3 +1,48 @@ +# v1.2.1 (2026-06-29) + +* No change notes available for this release. + +# v1.2.0 (2026-06-10) + +* **Feature**: AWS Sign-In now allows customers to control access to the AWS Management Console using resource-based policies. With this release customers can restrict console access based on network perimeters such as VPC IDs, VPC endpoints, and IP addresses. + +# v1.1.5 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.4 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.3 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.2 (2026-06-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.1 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.1.0 (2026-05-28) + +* **Feature**: Adding new BDD representation of endpoint ruleset +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.11 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.0.10 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + # v1.0.9 (2026-03-26) * **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go index 2c0413c16e..545b8f1066 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_client.go @@ -4,6 +4,7 @@ package signin import ( "context" + cryptorand "crypto/rand" "errors" "fmt" "github.com/aws/aws-sdk-go-v2/aws" @@ -20,6 +21,7 @@ import ( "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" "github.com/aws/smithy-go/middleware" + smithyrand "github.com/aws/smithy-go/rand" "github.com/aws/smithy-go/tracing" smithyhttp "github.com/aws/smithy-go/transport/http" "net" @@ -201,6 +203,8 @@ func New(options Options, optFns ...func(*Options)) *Client { resolveHTTPSignerV4(&options) + resolveIdempotencyTokenProvider(&options) + resolveEndpointResolverV2(&options) resolveTracerProvider(&options) @@ -259,6 +263,10 @@ func (c *Client) invokeOperation( finalizeClientEndpointResolverOptions(&options) + if err := c.addCommonMiddlewares(stack, options, opID); err != nil { + return nil, metadata, err + } + for _, fn := range stackFns { if err := fn(stack, options); err != nil { return nil, metadata, err @@ -363,6 +371,49 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o } return nil } + +func (c *Client) addCommonMiddlewares(stack *middleware.Stack, options Options, operation string) error { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, operation); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + if err := addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err := addClientRequestID(stack); err != nil { + return err + } + if err := addRetry(stack, options, c); err != nil { + return err + } + if err := addRawResponseToMetadata(stack); err != nil { + return err + } + if err := addSpanRetryLoop(stack, options); err != nil { + return err + } + if err := addClientUserAgent(stack, options); err != nil { + return err + } + if err := addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err := addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err := addRecursionDetection(stack); err != nil { + return err + } + if err := addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err := addInterceptAttempt(stack, options); err != nil { + return err + } + return nil +} func resolveAuthSchemeResolver(options *Options) { if options.AuthSchemeResolver == nil { options.AuthSchemeResolver = &defaultAuthSchemeResolver{} @@ -635,7 +686,7 @@ func addClientRequestID(stack *middleware.Stack) error { } func addComputeContentLength(stack *middleware.Stack) error { - return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After) + return stack.Build.Insert(&smithyhttp.ComputeContentLength{}, "ClientRequestID", middleware.After) } func addRawResponseToMetadata(stack *middleware.Stack) error { @@ -709,6 +760,13 @@ func addIsPaginatorUserAgent(o *Options) { }) } +func resolveIdempotencyTokenProvider(o *Options) { + if o.IdempotencyTokenProvider != nil { + return + } + o.IdempotencyTokenProvider = smithyrand.NewUUIDIdempotencyToken(cryptorand.Reader) +} + func addRetry(stack *middleware.Stack, o Options, c *Client) error { attempt := retry.NewAttemptMiddleware(o.Retryer, smithyhttp.RequestCloner, func(m *retry.Attempt) { m.LogAttempts = o.ClientLogMode.IsRetries() @@ -816,6 +874,19 @@ func resolveMeterProvider(options *Options) { } } +// IdempotencyTokenProvider interface for providing idempotency token +type IdempotencyTokenProvider interface { + GetIdempotencyToken() (string, error) +} + +func newServiceMetadataMiddleware(region, operation string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: operation, + } +} + func addRecursionDetection(stack *middleware.Stack) error { return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go index dec8656f86..415f9a2b4d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_CreateOAuth2Token.go @@ -4,10 +4,9 @@ package signin import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/signin/types" "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" smithyhttp "github.com/aws/smithy-go/transport/http" ) @@ -84,6 +83,11 @@ type CreateOAuth2TokenInput struct { noSmithyDocumentSerde } +func (in *CreateOAuth2TokenInput) bindEndpointParams(p *EndpointParameters) { + + p.IsControlPlane = ptr.Bool(false) +} + // Output structure for CreateOAuth2Token operation // // Contains flattened token operation outputs for both authorization code and @@ -104,9 +108,6 @@ type CreateOAuth2TokenOutput struct { } func (c *Client) addOperationCreateOAuth2TokenMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateOAuth2Token{}, middleware.After) if err != nil { return err @@ -115,62 +116,32 @@ func (c *Client) addOperationCreateOAuth2TokenMiddlewares(stack *middleware.Stac if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "CreateOAuth2Token"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpCreateOAuth2TokenValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateOAuth2Token(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "CreateOAuth2Token"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -185,22 +156,8 @@ func (c *Client) addOperationCreateOAuth2TokenMiddlewares(stack *middleware.Stac if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opCreateOAuth2Token(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "CreateOAuth2Token", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_DeleteConsoleAuthorizationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_DeleteConsoleAuthorizationConfiguration.go new file mode 100644 index 0000000000..a9c42942ac --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_DeleteConsoleAuthorizationConfiguration.go @@ -0,0 +1,119 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Delete console authorization configuration with automatic scope detection +func (c *Client) DeleteConsoleAuthorizationConfiguration(ctx context.Context, params *DeleteConsoleAuthorizationConfigurationInput, optFns ...func(*Options)) (*DeleteConsoleAuthorizationConfigurationOutput, error) { + if params == nil { + params = &DeleteConsoleAuthorizationConfigurationInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "DeleteConsoleAuthorizationConfiguration", params, optFns, c.addOperationDeleteConsoleAuthorizationConfigurationMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*DeleteConsoleAuthorizationConfigurationOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input for DeleteConsoleAuthorizationConfiguration operation +type DeleteConsoleAuthorizationConfigurationInput struct { + + // Target account identifier + TargetId *string + + noSmithyDocumentSerde +} + +func (in *DeleteConsoleAuthorizationConfigurationInput) bindEndpointParams(p *EndpointParameters) { + + p.IsControlPlane = ptr.Bool(true) +} + +// Output for DeleteConsoleAuthorizationConfiguration operation +type DeleteConsoleAuthorizationConfigurationOutput struct { + + // Whether console authorization is enabled + // + // This member is required. + ConsoleAuthorizationEnabled *bool + + // Authorization scope + // + // This member is required. + Scope *string + + // Target account identifier + // + // This member is required. + TargetId *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationDeleteConsoleAuthorizationConfigurationMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpDeleteConsoleAuthorizationConfiguration{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpDeleteConsoleAuthorizationConfiguration{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "DeleteConsoleAuthorizationConfiguration"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_DeleteResourcePermissionStatement.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_DeleteResourcePermissionStatement.go new file mode 100644 index 0000000000..add06008db --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_DeleteResourcePermissionStatement.go @@ -0,0 +1,148 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "fmt" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Remove a permission statement from the account's SignIn resource-based policy +func (c *Client) DeleteResourcePermissionStatement(ctx context.Context, params *DeleteResourcePermissionStatementInput, optFns ...func(*Options)) (*DeleteResourcePermissionStatementOutput, error) { + if params == nil { + params = &DeleteResourcePermissionStatementInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "DeleteResourcePermissionStatement", params, optFns, c.addOperationDeleteResourcePermissionStatementMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*DeleteResourcePermissionStatementOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input for DeleteResourcePermissionStatement operation +type DeleteResourcePermissionStatementInput struct { + + // Unique identifier of the permission statement to delete + // + // This member is required. + StatementId *string + + // Idempotency token for the request + ClientToken *string + + noSmithyDocumentSerde +} + +func (in *DeleteResourcePermissionStatementInput) bindEndpointParams(p *EndpointParameters) { + + p.IsControlPlane = ptr.Bool(true) +} + +// Output for DeleteResourcePermissionStatement operation +type DeleteResourcePermissionStatementOutput struct { + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationDeleteResourcePermissionStatementMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpDeleteResourcePermissionStatement{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpDeleteResourcePermissionStatement{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addIdempotencyToken_opDeleteResourcePermissionStatementMiddleware(stack, options); err != nil { + return err + } + if err = addOpDeleteResourcePermissionStatementValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "DeleteResourcePermissionStatement"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +type idempotencyToken_initializeOpDeleteResourcePermissionStatement struct { + tokenProvider IdempotencyTokenProvider +} + +func (*idempotencyToken_initializeOpDeleteResourcePermissionStatement) ID() string { + return "OperationIdempotencyTokenAutoFill" +} + +func (m *idempotencyToken_initializeOpDeleteResourcePermissionStatement) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + if m.tokenProvider == nil { + return next.HandleInitialize(ctx, in) + } + + input, ok := in.Parameters.(*DeleteResourcePermissionStatementInput) + if !ok { + return out, metadata, fmt.Errorf("expected middleware input to be of type *DeleteResourcePermissionStatementInput ") + } + + if input.ClientToken == nil { + t, err := m.tokenProvider.GetIdempotencyToken() + if err != nil { + return out, metadata, err + } + input.ClientToken = &t + } + return next.HandleInitialize(ctx, in) +} +func addIdempotencyToken_opDeleteResourcePermissionStatementMiddleware(stack *middleware.Stack, cfg Options) error { + return stack.Initialize.Add(&idempotencyToken_initializeOpDeleteResourcePermissionStatement{tokenProvider: cfg.IdempotencyTokenProvider}, middleware.Before) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_GetConsoleAuthorizationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_GetConsoleAuthorizationConfiguration.go new file mode 100644 index 0000000000..2def43d98e --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_GetConsoleAuthorizationConfiguration.go @@ -0,0 +1,119 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Get console authorization configuration with automatic scope detection +func (c *Client) GetConsoleAuthorizationConfiguration(ctx context.Context, params *GetConsoleAuthorizationConfigurationInput, optFns ...func(*Options)) (*GetConsoleAuthorizationConfigurationOutput, error) { + if params == nil { + params = &GetConsoleAuthorizationConfigurationInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "GetConsoleAuthorizationConfiguration", params, optFns, c.addOperationGetConsoleAuthorizationConfigurationMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*GetConsoleAuthorizationConfigurationOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input for GetConsoleAuthorizationConfiguration operation +type GetConsoleAuthorizationConfigurationInput struct { + + // Target account identifier + TargetId *string + + noSmithyDocumentSerde +} + +func (in *GetConsoleAuthorizationConfigurationInput) bindEndpointParams(p *EndpointParameters) { + + p.IsControlPlane = ptr.Bool(true) +} + +// Output for GetConsoleAuthorizationConfiguration operation +type GetConsoleAuthorizationConfigurationOutput struct { + + // Whether console authorization is enabled + // + // This member is required. + ConsoleAuthorizationEnabled *bool + + // Authorization scope + // + // This member is required. + Scope *string + + // Target account identifier + // + // This member is required. + TargetId *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationGetConsoleAuthorizationConfigurationMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpGetConsoleAuthorizationConfiguration{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpGetConsoleAuthorizationConfiguration{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "GetConsoleAuthorizationConfiguration"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_GetResourcePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_GetResourcePolicy.go new file mode 100644 index 0000000000..9b571203c5 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_GetResourcePolicy.go @@ -0,0 +1,106 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "github.com/aws/aws-sdk-go-v2/service/signin/types" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Retrieve the account's consolidated SignIn resource-based policy +func (c *Client) GetResourcePolicy(ctx context.Context, params *GetResourcePolicyInput, optFns ...func(*Options)) (*GetResourcePolicyOutput, error) { + if params == nil { + params = &GetResourcePolicyInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "GetResourcePolicy", params, optFns, c.addOperationGetResourcePolicyMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*GetResourcePolicyOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input for GetResourcePolicy operation +type GetResourcePolicyInput struct { + noSmithyDocumentSerde +} + +func (in *GetResourcePolicyInput) bindEndpointParams(p *EndpointParameters) { + + p.IsControlPlane = ptr.Bool(true) +} + +// Output for GetResourcePolicy operation +type GetResourcePolicyOutput struct { + + // The account's SignIn resource-based policy + // + // This member is required. + SigninResourceBasedPolicy *types.SigninResourceBasedPolicy + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationGetResourcePolicyMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpGetResourcePolicy{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpGetResourcePolicy{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "GetResourcePolicy"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_ListResourcePermissionStatements.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_ListResourcePermissionStatements.go new file mode 100644 index 0000000000..46a4c6c89f --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_ListResourcePermissionStatements.go @@ -0,0 +1,213 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "fmt" + "github.com/aws/aws-sdk-go-v2/service/signin/types" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Retrieve all permission statements in the account's SignIn resource-based policy +func (c *Client) ListResourcePermissionStatements(ctx context.Context, params *ListResourcePermissionStatementsInput, optFns ...func(*Options)) (*ListResourcePermissionStatementsOutput, error) { + if params == nil { + params = &ListResourcePermissionStatementsInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "ListResourcePermissionStatements", params, optFns, c.addOperationListResourcePermissionStatementsMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*ListResourcePermissionStatementsOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input for ListResourcePermissionStatements operation +type ListResourcePermissionStatementsInput struct { + + // Maximum number of results to return + MaxResults *int32 + + // Token for pagination + NextToken *string + + noSmithyDocumentSerde +} + +func (in *ListResourcePermissionStatementsInput) bindEndpointParams(p *EndpointParameters) { + + p.IsControlPlane = ptr.Bool(true) +} + +// Output for ListResourcePermissionStatements operation +type ListResourcePermissionStatementsOutput struct { + + // List of permission statement summaries + // + // This member is required. + PermissionStatements []types.PermissionStatementSummary + + // Token for next page of results + NextToken *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationListResourcePermissionStatementsMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpListResourcePermissionStatements{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpListResourcePermissionStatements{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "ListResourcePermissionStatements"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +// ListResourcePermissionStatementsPaginatorOptions is the paginator options for +// ListResourcePermissionStatements +type ListResourcePermissionStatementsPaginatorOptions struct { + // Maximum number of results to return + Limit int32 + + // Set to true if pagination should stop if the service returns a pagination token + // that matches the most recent token provided to the service. + StopOnDuplicateToken bool +} + +// ListResourcePermissionStatementsPaginator is a paginator for +// ListResourcePermissionStatements +type ListResourcePermissionStatementsPaginator struct { + options ListResourcePermissionStatementsPaginatorOptions + client ListResourcePermissionStatementsAPIClient + params *ListResourcePermissionStatementsInput + nextToken *string + firstPage bool +} + +// NewListResourcePermissionStatementsPaginator returns a new +// ListResourcePermissionStatementsPaginator +func NewListResourcePermissionStatementsPaginator(client ListResourcePermissionStatementsAPIClient, params *ListResourcePermissionStatementsInput, optFns ...func(*ListResourcePermissionStatementsPaginatorOptions)) *ListResourcePermissionStatementsPaginator { + if params == nil { + params = &ListResourcePermissionStatementsInput{} + } + + options := ListResourcePermissionStatementsPaginatorOptions{} + if params.MaxResults != nil { + options.Limit = *params.MaxResults + } + + for _, fn := range optFns { + fn(&options) + } + + return &ListResourcePermissionStatementsPaginator{ + options: options, + client: client, + params: params, + firstPage: true, + nextToken: params.NextToken, + } +} + +// HasMorePages returns a boolean indicating whether more pages are available +func (p *ListResourcePermissionStatementsPaginator) HasMorePages() bool { + return p.firstPage || (p.nextToken != nil && len(*p.nextToken) != 0) +} + +// NextPage retrieves the next ListResourcePermissionStatements page. +func (p *ListResourcePermissionStatementsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListResourcePermissionStatementsOutput, error) { + if !p.HasMorePages() { + return nil, fmt.Errorf("no more pages available") + } + + params := *p.params + params.NextToken = p.nextToken + + var limit *int32 + if p.options.Limit > 0 { + limit = &p.options.Limit + } + params.MaxResults = limit + + optFns = append([]func(*Options){ + addIsPaginatorUserAgent, + }, optFns...) + result, err := p.client.ListResourcePermissionStatements(ctx, ¶ms, optFns...) + if err != nil { + return nil, err + } + p.firstPage = false + + prevToken := p.nextToken + p.nextToken = result.NextToken + + if p.options.StopOnDuplicateToken && + prevToken != nil && + p.nextToken != nil && + *prevToken == *p.nextToken { + p.nextToken = nil + } + + return result, nil +} + +// ListResourcePermissionStatementsAPIClient is a client that implements the +// ListResourcePermissionStatements operation. +type ListResourcePermissionStatementsAPIClient interface { + ListResourcePermissionStatements(context.Context, *ListResourcePermissionStatementsInput, ...func(*Options)) (*ListResourcePermissionStatementsOutput, error) +} + +var _ ListResourcePermissionStatementsAPIClient = (*Client)(nil) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_PutConsoleAuthorizationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_PutConsoleAuthorizationConfiguration.go new file mode 100644 index 0000000000..d54b0d4219 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_PutConsoleAuthorizationConfiguration.go @@ -0,0 +1,119 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Enable console authorization configuration with automatic scope detection +func (c *Client) PutConsoleAuthorizationConfiguration(ctx context.Context, params *PutConsoleAuthorizationConfigurationInput, optFns ...func(*Options)) (*PutConsoleAuthorizationConfigurationOutput, error) { + if params == nil { + params = &PutConsoleAuthorizationConfigurationInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "PutConsoleAuthorizationConfiguration", params, optFns, c.addOperationPutConsoleAuthorizationConfigurationMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*PutConsoleAuthorizationConfigurationOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input for PutConsoleAuthorizationConfiguration operation +type PutConsoleAuthorizationConfigurationInput struct { + + // Target account identifier + TargetId *string + + noSmithyDocumentSerde +} + +func (in *PutConsoleAuthorizationConfigurationInput) bindEndpointParams(p *EndpointParameters) { + + p.IsControlPlane = ptr.Bool(true) +} + +// Output for PutConsoleAuthorizationConfiguration operation +type PutConsoleAuthorizationConfigurationOutput struct { + + // Whether console authorization is enabled + // + // This member is required. + ConsoleAuthorizationEnabled *bool + + // Authorization scope + // + // This member is required. + Scope *string + + // Target account identifier + // + // This member is required. + TargetId *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationPutConsoleAuthorizationConfigurationMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpPutConsoleAuthorizationConfiguration{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpPutConsoleAuthorizationConfiguration{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "PutConsoleAuthorizationConfiguration"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_PutResourcePermissionStatement.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_PutResourcePermissionStatement.go new file mode 100644 index 0000000000..e04aaba5c2 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/api_op_PutResourcePermissionStatement.go @@ -0,0 +1,168 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package signin + +import ( + "context" + "fmt" + "github.com/aws/smithy-go/middleware" + "github.com/aws/smithy-go/ptr" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Create a permission statement in the account's SignIn resource-based policy +func (c *Client) PutResourcePermissionStatement(ctx context.Context, params *PutResourcePermissionStatementInput, optFns ...func(*Options)) (*PutResourcePermissionStatementOutput, error) { + if params == nil { + params = &PutResourcePermissionStatementInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "PutResourcePermissionStatement", params, optFns, c.addOperationPutResourcePermissionStatementMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*PutResourcePermissionStatementOutput) + out.ResultMetadata = metadata + return out, nil +} + +// Input for PutResourcePermissionStatement operation +type PutResourcePermissionStatementInput struct { + + // Idempotency token for the request + ClientToken *string + + // Console VPC endpoint identifier + ConsoleSourceVpce *string + + // Principal to exclude from the permission statement + ExcludedPrincipal *string + + // AWS region where the VPC and VPC endpoint reside Required when sourceVpc or + // signinSourceVpce/consoleSourceVpce is provided + RequestedRegion *string + + // SignIn VPC endpoint identifier + SigninSourceVpce *string + + // Source IP address + SourceIp *string + + // VPC identifier to restrict console access + SourceVpc *string + + // Source IP address within VPC + VpcSourceIp *string + + noSmithyDocumentSerde +} + +func (in *PutResourcePermissionStatementInput) bindEndpointParams(p *EndpointParameters) { + + p.IsControlPlane = ptr.Bool(true) +} + +// Output for PutResourcePermissionStatement operation +type PutResourcePermissionStatementOutput struct { + + // Unique identifier for the created permission statement + // + // This member is required. + StatementId *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationPutResourcePermissionStatementMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsRestjson1_serializeOpPutResourcePermissionStatement{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsRestjson1_deserializeOpPutResourcePermissionStatement{}, middleware.After) + if err != nil { + return err + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addIdempotencyToken_opPutResourcePermissionStatementMiddleware(stack, options); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "PutResourcePermissionStatement"), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +type idempotencyToken_initializeOpPutResourcePermissionStatement struct { + tokenProvider IdempotencyTokenProvider +} + +func (*idempotencyToken_initializeOpPutResourcePermissionStatement) ID() string { + return "OperationIdempotencyTokenAutoFill" +} + +func (m *idempotencyToken_initializeOpPutResourcePermissionStatement) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + if m.tokenProvider == nil { + return next.HandleInitialize(ctx, in) + } + + input, ok := in.Parameters.(*PutResourcePermissionStatementInput) + if !ok { + return out, metadata, fmt.Errorf("expected middleware input to be of type *PutResourcePermissionStatementInput ") + } + + if input.ClientToken == nil { + t, err := m.tokenProvider.GetIdempotencyToken() + if err != nil { + return out, metadata, err + } + input.ClientToken = &t + } + return next.HandleInitialize(ctx, in) +} +func addIdempotencyToken_opPutResourcePermissionStatementMiddleware(stack *middleware.Stack, cfg Options) error { + return stack.Initialize.Add(&idempotencyToken_initializeOpPutResourcePermissionStatement{tokenProvider: cfg.IdempotencyTokenProvider}, middleware.Before) +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go index cf6b365041..c98762629c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/auth.go @@ -190,7 +190,7 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) } for _, scheme := range m.options.AuthSchemes { - if scheme.SchemeID() != option.SchemeID { + if !matchSchemeID(scheme.SchemeID(), option.SchemeID) { continue } @@ -203,6 +203,16 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func matchSchemeID(registered, option string) bool { + if registered == option { + return true + } + if i := strings.LastIndex(registered, "#"); i != -1 { + return registered[i+1:] == option + } + return false +} + func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { byPriority := make([]*smithyauth.Option, 0, len(options)) for _, prefName := range preferred { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go index b74b612e6b..12208eaafa 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/deserializers.go @@ -180,12 +180,41 @@ func awsRestjson1_deserializeOpDocumentCreateOAuth2TokenOutput(v **CreateOAuth2T return nil } -func awsRestjson1_deserializeErrorAccessDeniedException(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.AccessDeniedException{} +type awsRestjson1_deserializeOpDeleteConsoleAuthorizationConfiguration struct { +} + +func (*awsRestjson1_deserializeOpDeleteConsoleAuthorizationConfiguration) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpDeleteConsoleAuthorizationConfiguration) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorDeleteConsoleAuthorizationConfiguration(response, &metadata) + } + output := &DeleteConsoleAuthorizationConfigurationOutput{} + out.Result = output + var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) - body := io.TeeReader(errorBody, ringBuffer) + body := io.TeeReader(response.Body, ringBuffer) + decoder := json.NewDecoder(body) decoder.UseNumber() var shape interface{} @@ -196,36 +225,46 @@ func awsRestjson1_deserializeErrorAccessDeniedException(response *smithyhttp.Res Err: fmt.Errorf("failed to decode response body, %w", err), Snapshot: snapshot.Bytes(), } - return err + return out, metadata, err } - err := awsRestjson1_deserializeDocumentAccessDeniedException(&output, shape) - + err = awsRestjson1_deserializeOpDocumentDeleteConsoleAuthorizationConfigurationOutput(&output, shape) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) - err = &smithy.DeserializationError{ - Err: fmt.Errorf("failed to decode response body, %w", err), + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), Snapshot: snapshot.Bytes(), } - return err } - errorBody.Seek(0, io.SeekStart) - - return output + span.End() + return out, metadata, err } -func awsRestjson1_deserializeErrorInternalServerException(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.InternalServerException{} +func awsRestjson1_deserializeOpErrorDeleteConsoleAuthorizationConfiguration(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) body := io.TeeReader(errorBody, ringBuffer) decoder := json.NewDecoder(body) decoder.UseNumber() - var shape interface{} - if err := decoder.Decode(&shape); err != nil && err != io.EOF { + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) err = &smithy.DeserializationError{ @@ -235,8 +274,154 @@ func awsRestjson1_deserializeErrorInternalServerException(response *smithyhttp.R return err } - err := awsRestjson1_deserializeDocumentInternalServerException(&output, shape) + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ResourceNotFoundException", errorCode): + return awsRestjson1_deserializeErrorResourceNotFoundException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestjson1_deserializeOpDocumentDeleteConsoleAuthorizationConfigurationOutput(v **DeleteConsoleAuthorizationConfigurationOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *DeleteConsoleAuthorizationConfigurationOutput + if *v == nil { + sv = &DeleteConsoleAuthorizationConfigurationOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "consoleAuthorizationEnabled": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.ConsoleAuthorizationEnabled = ptr.Bool(jtv) + } + + case "scope": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Scope = ptr.String(jtv) + } + + case "targetId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected TargetId to be of type string, got %T instead", value) + } + sv.TargetId = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +type awsRestjson1_deserializeOpDeleteResourcePermissionStatement struct { +} + +func (*awsRestjson1_deserializeOpDeleteResourcePermissionStatement) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpDeleteResourcePermissionStatement) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorDeleteResourcePermissionStatement(response, &metadata) + } + output := &DeleteResourcePermissionStatementOutput{} + out.Result = output + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorDeleteResourcePermissionStatement(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) @@ -248,16 +433,74 @@ func awsRestjson1_deserializeErrorInternalServerException(response *smithyhttp.R } errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } - return output + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ResourceNotFoundException", errorCode): + return awsRestjson1_deserializeErrorResourceNotFoundException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } } -func awsRestjson1_deserializeErrorTooManyRequestsError(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.TooManyRequestsError{} +type awsRestjson1_deserializeOpGetConsoleAuthorizationConfiguration struct { +} + +func (*awsRestjson1_deserializeOpGetConsoleAuthorizationConfiguration) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpGetConsoleAuthorizationConfiguration) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorGetConsoleAuthorizationConfiguration(response, &metadata) + } + output := &GetConsoleAuthorizationConfigurationOutput{} + out.Result = output + var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) - body := io.TeeReader(errorBody, ringBuffer) + body := io.TeeReader(response.Body, ringBuffer) + decoder := json.NewDecoder(body) decoder.UseNumber() var shape interface{} @@ -268,15 +511,49 @@ func awsRestjson1_deserializeErrorTooManyRequestsError(response *smithyhttp.Resp Err: fmt.Errorf("failed to decode response body, %w", err), Snapshot: snapshot.Bytes(), } - return err + return out, metadata, err } - err := awsRestjson1_deserializeDocumentTooManyRequestsError(&output, shape) - + err = awsRestjson1_deserializeOpDocumentGetConsoleAuthorizationConfigurationOutput(&output, shape) if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) - err = &smithy.DeserializationError{ + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorGetConsoleAuthorizationConfiguration(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ Err: fmt.Errorf("failed to decode response body, %w", err), Snapshot: snapshot.Bytes(), } @@ -284,20 +561,182 @@ func awsRestjson1_deserializeErrorTooManyRequestsError(response *smithyhttp.Resp } errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } - return output + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ResourceNotFoundException", errorCode): + return awsRestjson1_deserializeErrorResourceNotFoundException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } } -func awsRestjson1_deserializeErrorValidationException(response *smithyhttp.Response, errorBody *bytes.Reader) error { - output := &types.ValidationException{} +func awsRestjson1_deserializeOpDocumentGetConsoleAuthorizationConfigurationOutput(v **GetConsoleAuthorizationConfigurationOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *GetConsoleAuthorizationConfigurationOutput + if *v == nil { + sv = &GetConsoleAuthorizationConfigurationOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "consoleAuthorizationEnabled": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.ConsoleAuthorizationEnabled = ptr.Bool(jtv) + } + + case "scope": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Scope = ptr.String(jtv) + } + + case "targetId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected TargetId to be of type string, got %T instead", value) + } + sv.TargetId = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +type awsRestjson1_deserializeOpGetResourcePolicy struct { +} + +func (*awsRestjson1_deserializeOpGetResourcePolicy) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpGetResourcePolicy) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorGetResourcePolicy(response, &metadata) + } + output := &GetResourcePolicyOutput{} + out.Result = output + var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) - body := io.TeeReader(errorBody, ringBuffer) + body := io.TeeReader(response.Body, ringBuffer) + decoder := json.NewDecoder(body) decoder.UseNumber() var shape interface{} if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsRestjson1_deserializeOpDocumentGetResourcePolicyOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorGetResourcePolicy(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { var snapshot bytes.Buffer io.Copy(&snapshot, ringBuffer) err = &smithy.DeserializationError{ @@ -307,24 +746,1195 @@ func awsRestjson1_deserializeErrorValidationException(response *smithyhttp.Respo return err } - err := awsRestjson1_deserializeDocumentValidationException(&output, shape) + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ResourceNotFoundException", errorCode): + return awsRestjson1_deserializeErrorResourceNotFoundException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestjson1_deserializeOpDocumentGetResourcePolicyOutput(v **GetResourcePolicyOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *GetResourcePolicyOutput + if *v == nil { + sv = &GetResourcePolicyOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "signinResourceBasedPolicy": + if err := awsRestjson1_deserializeDocumentSigninResourceBasedPolicy(&sv.SigninResourceBasedPolicy, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +type awsRestjson1_deserializeOpListResourcePermissionStatements struct { +} + +func (*awsRestjson1_deserializeOpListResourcePermissionStatements) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpListResourcePermissionStatements) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorListResourcePermissionStatements(response, &metadata) + } + output := &ListResourcePermissionStatementsOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsRestjson1_deserializeOpDocumentListResourcePermissionStatementsOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorListResourcePermissionStatements(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ResourceNotFoundException", errorCode): + return awsRestjson1_deserializeErrorResourceNotFoundException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestjson1_deserializeOpDocumentListResourcePermissionStatementsOutput(v **ListResourcePermissionStatementsOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *ListResourcePermissionStatementsOutput + if *v == nil { + sv = &ListResourcePermissionStatementsOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "nextToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected NextToken to be of type string, got %T instead", value) + } + sv.NextToken = ptr.String(jtv) + } + + case "permissionStatements": + if err := awsRestjson1_deserializeDocumentPermissionStatementSummaries(&sv.PermissionStatements, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +type awsRestjson1_deserializeOpPutConsoleAuthorizationConfiguration struct { +} + +func (*awsRestjson1_deserializeOpPutConsoleAuthorizationConfiguration) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpPutConsoleAuthorizationConfiguration) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorPutConsoleAuthorizationConfiguration(response, &metadata) + } + output := &PutConsoleAuthorizationConfigurationOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsRestjson1_deserializeOpDocumentPutConsoleAuthorizationConfigurationOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorPutConsoleAuthorizationConfiguration(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("ConflictException", errorCode): + return awsRestjson1_deserializeErrorConflictException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ResourceNotFoundException", errorCode): + return awsRestjson1_deserializeErrorResourceNotFoundException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestjson1_deserializeOpDocumentPutConsoleAuthorizationConfigurationOutput(v **PutConsoleAuthorizationConfigurationOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *PutConsoleAuthorizationConfigurationOutput + if *v == nil { + sv = &PutConsoleAuthorizationConfigurationOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "consoleAuthorizationEnabled": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.ConsoleAuthorizationEnabled = ptr.Bool(jtv) + } + + case "scope": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Scope = ptr.String(jtv) + } + + case "targetId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected TargetId to be of type string, got %T instead", value) + } + sv.TargetId = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +type awsRestjson1_deserializeOpPutResourcePermissionStatement struct { +} + +func (*awsRestjson1_deserializeOpPutResourcePermissionStatement) ID() string { + return "OperationDeserializer" +} + +func (m *awsRestjson1_deserializeOpPutResourcePermissionStatement) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsRestjson1_deserializeOpErrorPutResourcePermissionStatement(response, &metadata) + } + output := &PutResourcePermissionStatementOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsRestjson1_deserializeOpDocumentPutResourcePermissionStatementOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body with invalid JSON, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + span.End() + return out, metadata, err +} + +func awsRestjson1_deserializeOpErrorPutResourcePermissionStatement(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + headerCode := response.Header.Get("X-Amzn-ErrorType") + if len(headerCode) != 0 { + errorCode = restjson.SanitizeErrorCode(headerCode) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + jsonCode, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(headerCode) == 0 && len(jsonCode) != 0 { + errorCode = restjson.SanitizeErrorCode(jsonCode) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("AccessDeniedException", errorCode): + return awsRestjson1_deserializeErrorAccessDeniedException(response, errorBody) + + case strings.EqualFold("ConflictException", errorCode): + return awsRestjson1_deserializeErrorConflictException(response, errorBody) + + case strings.EqualFold("InternalServerException", errorCode): + return awsRestjson1_deserializeErrorInternalServerException(response, errorBody) + + case strings.EqualFold("ServiceQuotaExceededException", errorCode): + return awsRestjson1_deserializeErrorServiceQuotaExceededException(response, errorBody) + + case strings.EqualFold("TooManyRequestsError", errorCode): + return awsRestjson1_deserializeErrorTooManyRequestsError(response, errorBody) + + case strings.EqualFold("ValidationException", errorCode): + return awsRestjson1_deserializeErrorValidationException(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + +func awsRestjson1_deserializeOpDocumentPutResourcePermissionStatementOutput(v **PutResourcePermissionStatementOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *PutResourcePermissionStatementOutput + if *v == nil { + sv = &PutResourcePermissionStatementOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "statementId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected StatementId to be of type string, got %T instead", value) + } + sv.StatementId = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeErrorAccessDeniedException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.AccessDeniedException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentAccessDeniedException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeErrorConflictException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.ConflictException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentConflictException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeErrorInternalServerException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.InternalServerException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentInternalServerException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeErrorResourceNotFoundException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.ResourceNotFoundException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentResourceNotFoundException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeErrorServiceQuotaExceededException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.ServiceQuotaExceededException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentServiceQuotaExceededException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeErrorTooManyRequestsError(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.TooManyRequestsError{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentTooManyRequestsError(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeErrorValidationException(response *smithyhttp.Response, errorBody *bytes.Reader) error { + output := &types.ValidationException{} + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + err := awsRestjson1_deserializeDocumentValidationException(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + + return output +} + +func awsRestjson1_deserializeDocumentAccessDeniedException(v **types.AccessDeniedException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.AccessDeniedException + if *v == nil { + sv = &types.AccessDeniedException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "error": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected OAuth2ErrorCode to be of type string, got %T instead", value) + } + sv.Error_ = types.OAuth2ErrorCode(jtv) + } + + case "message", "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeDocumentAccessToken(v **types.AccessToken, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.AccessToken + if *v == nil { + sv = &types.AccessToken{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "accessKeyId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.AccessKeyId = ptr.String(jtv) + } + + case "secretAccessKey": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.SecretAccessKey = ptr.String(jtv) + } + + case "sessionToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.SessionToken = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeDocumentCondition(v *map[string][]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var mv map[string][]string + if *v == nil { + mv = map[string][]string{} + } else { + mv = *v + } + + for key, value := range shape { + var parsedVal []string + mapVar := parsedVal + if err := awsRestjson1_deserializeDocumentConditionValues(&mapVar, value); err != nil { + return err + } + parsedVal = mapVar + mv[key] = parsedVal + + } + *v = mv + return nil +} + +func awsRestjson1_deserializeDocumentConditionBlock(v *map[string]map[string][]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var mv map[string]map[string][]string + if *v == nil { + mv = map[string]map[string][]string{} + } else { + mv = *v + } + + for key, value := range shape { + var parsedVal map[string][]string + mapVar := parsedVal + if err := awsRestjson1_deserializeDocumentCondition(&mapVar, value); err != nil { + return err + } + parsedVal = mapVar + mv[key] = parsedVal + + } + *v = mv + return nil +} + +func awsRestjson1_deserializeDocumentConditionValues(v *[]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []string + if *v == nil { + cv = []string{} + } else { + cv = *v + } + + for _, value := range shape { + var col string + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + col = jtv + } + cv = append(cv, col) + + } + *v = cv + return nil +} + +func awsRestjson1_deserializeDocumentConflictException(v **types.ConflictException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.ConflictException + if *v == nil { + sv = &types.ConflictException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "error": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected OAuth2ErrorCode to be of type string, got %T instead", value) + } + sv.Error_ = types.OAuth2ErrorCode(jtv) + } + + case "message", "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeDocumentCreateOAuth2TokenResponseBody(v **types.CreateOAuth2TokenResponseBody, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.CreateOAuth2TokenResponseBody + if *v == nil { + sv = &types.CreateOAuth2TokenResponseBody{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "accessToken": + if err := awsRestjson1_deserializeDocumentAccessToken(&sv.AccessToken, value); err != nil { + return err + } + + case "expiresIn": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected ExpiresIn to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.ExpiresIn = ptr.Int32(int32(i64)) + } + + case "idToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected IdToken to be of type string, got %T instead", value) + } + sv.IdToken = ptr.String(jtv) + } + + case "refreshToken": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected RefreshToken to be of type string, got %T instead", value) + } + sv.RefreshToken = ptr.String(jtv) + } + + case "tokenType": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected TokenType to be of type string, got %T instead", value) + } + sv.TokenType = ptr.String(jtv) + } + + default: + _, _ = key, value - if err != nil { - var snapshot bytes.Buffer - io.Copy(&snapshot, ringBuffer) - err = &smithy.DeserializationError{ - Err: fmt.Errorf("failed to decode response body, %w", err), - Snapshot: snapshot.Bytes(), } - return err } - - errorBody.Seek(0, io.SeekStart) - - return output + *v = sv + return nil } -func awsRestjson1_deserializeDocumentAccessDeniedException(v **types.AccessDeniedException, value interface{}) error { +func awsRestjson1_deserializeDocumentInternalServerException(v **types.InternalServerException, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -337,9 +1947,9 @@ func awsRestjson1_deserializeDocumentAccessDeniedException(v **types.AccessDenie return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.AccessDeniedException + var sv *types.InternalServerException if *v == nil { - sv = &types.AccessDeniedException{} + sv = &types.InternalServerException{} } else { sv = *v } @@ -373,7 +1983,41 @@ func awsRestjson1_deserializeDocumentAccessDeniedException(v **types.AccessDenie return nil } -func awsRestjson1_deserializeDocumentAccessToken(v **types.AccessToken, value interface{}) error { +func awsRestjson1_deserializeDocumentPermissionStatementSummaries(v *[]types.PermissionStatementSummary, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []types.PermissionStatementSummary + if *v == nil { + cv = []types.PermissionStatementSummary{} + } else { + cv = *v + } + + for _, value := range shape { + var col types.PermissionStatementSummary + destAddr := &col + if err := awsRestjson1_deserializeDocumentPermissionStatementSummary(&destAddr, value); err != nil { + return err + } + col = *destAddr + cv = append(cv, col) + + } + *v = cv + return nil +} + +func awsRestjson1_deserializeDocumentPermissionStatementSummary(v **types.PermissionStatementSummary, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -386,40 +2030,27 @@ func awsRestjson1_deserializeDocumentAccessToken(v **types.AccessToken, value in return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.AccessToken + var sv *types.PermissionStatementSummary if *v == nil { - sv = &types.AccessToken{} + sv = &types.PermissionStatementSummary{} } else { sv = *v } for key, value := range shape { switch key { - case "accessKeyId": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected String to be of type string, got %T instead", value) - } - sv.AccessKeyId = ptr.String(jtv) - } - - case "secretAccessKey": - if value != nil { - jtv, ok := value.(string) - if !ok { - return fmt.Errorf("expected String to be of type string, got %T instead", value) - } - sv.SecretAccessKey = ptr.String(jtv) + case "condition": + if err := awsRestjson1_deserializeDocumentConditionBlock(&sv.Condition, value); err != nil { + return err } - case "sessionToken": + case "sid": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected String to be of type string, got %T instead", value) + return fmt.Errorf("expected StatementId to be of type string, got %T instead", value) } - sv.SessionToken = ptr.String(jtv) + sv.Sid = ptr.String(jtv) } default: @@ -431,7 +2062,43 @@ func awsRestjson1_deserializeDocumentAccessToken(v **types.AccessToken, value in return nil } -func awsRestjson1_deserializeDocumentCreateOAuth2TokenResponseBody(v **types.CreateOAuth2TokenResponseBody, value interface{}) error { +func awsRestjson1_deserializeDocumentPolicyActions(v *[]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []string + if *v == nil { + cv = []string{} + } else { + cv = *v + } + + for _, value := range shape { + var col string + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + col = jtv + } + cv = append(cv, col) + + } + *v = cv + return nil +} + +func awsRestjson1_deserializeDocumentPolicyStatement(v **types.PolicyStatement, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -444,58 +2111,165 @@ func awsRestjson1_deserializeDocumentCreateOAuth2TokenResponseBody(v **types.Cre return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.CreateOAuth2TokenResponseBody + var sv *types.PolicyStatement if *v == nil { - sv = &types.CreateOAuth2TokenResponseBody{} + sv = &types.PolicyStatement{} } else { sv = *v } for key, value := range shape { switch key { - case "accessToken": - if err := awsRestjson1_deserializeDocumentAccessToken(&sv.AccessToken, value); err != nil { + case "Action": + if err := awsRestjson1_deserializeDocumentPolicyActions(&sv.Action, value); err != nil { return err } - case "expiresIn": + case "Condition": + if err := awsRestjson1_deserializeDocumentConditionBlock(&sv.Condition, value); err != nil { + return err + } + + case "Effect": if value != nil { - jtv, ok := value.(json.Number) + jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected ExpiresIn to be json.Number, got %T instead", value) - } - i64, err := jtv.Int64() - if err != nil { - return err + return fmt.Errorf("expected String to be of type string, got %T instead", value) } - sv.ExpiresIn = ptr.Int32(int32(i64)) + sv.Effect = ptr.String(jtv) } - case "idToken": + case "Principal": + if err := awsRestjson1_deserializeDocumentPrincipal(&sv.Principal, value); err != nil { + return err + } + + case "Resource": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected IdToken to be of type string, got %T instead", value) + return fmt.Errorf("expected String to be of type string, got %T instead", value) } - sv.IdToken = ptr.String(jtv) + sv.Resource = ptr.String(jtv) } - case "refreshToken": + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsRestjson1_deserializeDocumentPolicyStatements(v *[]types.PolicyStatement, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.([]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var cv []types.PolicyStatement + if *v == nil { + cv = []types.PolicyStatement{} + } else { + cv = *v + } + + for _, value := range shape { + var col types.PolicyStatement + destAddr := &col + if err := awsRestjson1_deserializeDocumentPolicyStatement(&destAddr, value); err != nil { + return err + } + col = *destAddr + cv = append(cv, col) + + } + *v = cv + return nil +} + +func awsRestjson1_deserializeDocumentPrincipal(v *map[string]string, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var mv map[string]string + if *v == nil { + mv = map[string]string{} + } else { + mv = *v + } + + for key, value := range shape { + var parsedVal string + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + parsedVal = jtv + } + mv[key] = parsedVal + + } + *v = mv + return nil +} + +func awsRestjson1_deserializeDocumentResourceNotFoundException(v **types.ResourceNotFoundException, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.ResourceNotFoundException + if *v == nil { + sv = &types.ResourceNotFoundException{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "error": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected RefreshToken to be of type string, got %T instead", value) + return fmt.Errorf("expected OAuth2ErrorCode to be of type string, got %T instead", value) } - sv.RefreshToken = ptr.String(jtv) + sv.Error_ = types.OAuth2ErrorCode(jtv) } - case "tokenType": + case "message", "Message": if value != nil { jtv, ok := value.(string) if !ok { - return fmt.Errorf("expected TokenType to be of type string, got %T instead", value) + return fmt.Errorf("expected String to be of type string, got %T instead", value) } - sv.TokenType = ptr.String(jtv) + sv.Message = ptr.String(jtv) } default: @@ -507,7 +2281,7 @@ func awsRestjson1_deserializeDocumentCreateOAuth2TokenResponseBody(v **types.Cre return nil } -func awsRestjson1_deserializeDocumentInternalServerException(v **types.InternalServerException, value interface{}) error { +func awsRestjson1_deserializeDocumentServiceQuotaExceededException(v **types.ServiceQuotaExceededException, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) } @@ -520,9 +2294,9 @@ func awsRestjson1_deserializeDocumentInternalServerException(v **types.InternalS return fmt.Errorf("unexpected JSON type %v", value) } - var sv *types.InternalServerException + var sv *types.ServiceQuotaExceededException if *v == nil { - sv = &types.InternalServerException{} + sv = &types.ServiceQuotaExceededException{} } else { sv = *v } @@ -556,6 +2330,51 @@ func awsRestjson1_deserializeDocumentInternalServerException(v **types.InternalS return nil } +func awsRestjson1_deserializeDocumentSigninResourceBasedPolicy(v **types.SigninResourceBasedPolicy, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.SigninResourceBasedPolicy + if *v == nil { + sv = &types.SigninResourceBasedPolicy{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Statement": + if err := awsRestjson1_deserializeDocumentPolicyStatements(&sv.Statement, value); err != nil { + return err + } + + case "Version": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Version = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsRestjson1_deserializeDocumentTooManyRequestsError(v **types.TooManyRequestsError, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go index db2e6a62a3..1694463269 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/endpoints.go @@ -12,8 +12,10 @@ import ( "github.com/aws/aws-sdk-go-v2/internal/endpoints" "github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn" internalendpoints "github.com/aws/aws-sdk-go-v2/service/signin/internal/endpoints" + smithy "github.com/aws/smithy-go" smithyauth "github.com/aws/smithy-go/auth" smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/bdd" "github.com/aws/smithy-go/endpoints/private/rulesfn" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" @@ -229,6 +231,8 @@ func bindRegion(region string) (*string, error) { return aws.String(endpoints.MapFIPSRegion(region)), nil } +var _ = rulesfn.StringSlice(nil) + // EndpointParameters provides the parameters that influence how endpoints are // resolved. type EndpointParameters struct { @@ -266,6 +270,12 @@ type EndpointParameters struct { // // AWS::Region Region *string + + // Indicates if the operation targets the control plane endpoint + // + // Parameter is + // required. + IsControlPlane *bool } // ValidateRequired validates required parameters are set. @@ -294,21 +304,435 @@ func (p EndpointParameters) WithDefaults() EndpointParameters { return p } -type stringSlice []string +const bddRoot int32 = 2 -func (s stringSlice) Get(i int) *string { - if i < 0 || i >= len(s) { - return nil - } +var bddNodes = [99]int32{ + -1, 1, -1, 0, 4, 3, 2, 30, 100000025, 1, 24, 5, 2, 30, 6, 3, 7, 26, 4, 18, 8, 5, 17, 9, 6, 100000004, 10, 7, 100000005, 11, 10, 100000006, 12, 12, 100000007, 13, 13, 100000008, 14, 14, 100000009, 15, 15, 100000010, 16, 16, 100000011, 100000014, 8, 100000022, 100000023, 5, 22, 19, 9, 100000012, 20, 10, 100000013, 21, 11, 100000020, 100000021, 8, 23, 100000019, 11, 100000018, 100000019, 2, 29, 25, 3, 32, 26, 4, 27, 100000025, 5, 100000025, 28, 9, 100000012, 100000025, 3, 32, 30, 4, 100000015, 31, 5, 100000016, 100000017, 6, 100000001, 33, 7, 100000002, 100000003} - v := s[i] - return &v +type conditionContext struct { + PartitionResult *awsrulesfn.PartitionConfig +} + +func evalCondition(idx int, params *EndpointParameters, c *conditionContext) bool { + switch idx { + case 0: + return params.Region != nil + case 1: + return func() bool { + if v := params.IsControlPlane; v != nil { + return *v + } + return false + }() == true + case 2: + return params.Endpoint != nil + case 3: + if v := awsrulesfn.GetPartition(*params.Region); v != nil { + c.PartitionResult = v + return true + } + return false + case 4: + return *params.UseFIPS == true + case 5: + return *params.UseDualStack == true + case 6: + return c.PartitionResult.Name == "aws" + case 7: + return c.PartitionResult.Name == "aws-cn" + case 8: + return c.PartitionResult.SupportsDualStack == true + case 9: + return *params.Region == "us-gov-west-1" + case 10: + return c.PartitionResult.Name == "aws-us-gov" + case 11: + return c.PartitionResult.SupportsFIPS == true + case 12: + return c.PartitionResult.Name == "aws-iso" + case 13: + return c.PartitionResult.Name == "aws-iso-b" + case 14: + return c.PartitionResult.Name == "aws-iso-f" + case 15: + return c.PartitionResult.Name == "aws-iso-e" + case 16: + return c.PartitionResult.Name == "aws-eusc" + } + return false +} + +func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) (smithyendpoints.Endpoint, error) { + switch idx { + case 0: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint resolution failed: no matching rule") + case 1: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin.") + out.WriteString(*params.Region) + out.WriteString(".api.aws") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetSigV4SigningName(&sp, "signin") + smithyhttp.SetSigV4ASigningName(&sp, "signin") + + smithyhttp.SetSigV4SigningRegion(&sp, *params.Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + case 2: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin.") + out.WriteString(*params.Region) + out.WriteString(".api.amazonwebservices.com.cn") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetSigV4SigningName(&sp, "signin") + smithyhttp.SetSigV4ASigningName(&sp, "signin") + + smithyhttp.SetSigV4SigningRegion(&sp, *params.Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + case 3: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetSigV4SigningName(&sp, "signin") + smithyhttp.SetSigV4ASigningName(&sp, "signin") + + smithyhttp.SetSigV4SigningRegion(&sp, *params.Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + case 4: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.aws.amazon.com") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 5: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.amazonaws.cn") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 6: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.amazonaws-us-gov.com") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 7: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.c2shome.ic.gov") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 8: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.sc2shome.sgov.gov") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 9: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.csphome.hci.ic.gov") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 10: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.csphome.adc-e.uk") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 11: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.amazonaws-eusc.eu") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 12: + uriString := "https://signin-fips.amazonaws-us-gov.com" + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 13: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin-fips.amazonaws-us-gov.com") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 14: + uriString := func() string { + var out strings.Builder + out.WriteString("https://") + out.WriteString(*params.Region) + out.WriteString(".signin.") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 15: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") + case 16: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") + case 17: + uriString := *params.Endpoint + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 18: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 19: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") + case 20: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 21: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") + case 22: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 23: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") + case 24: + uriString := func() string { + var out strings.Builder + out.WriteString("https://signin.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 25: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + } + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, invalid result index: %d", idx) } // EndpointResolverV2 provides the interface for resolving service endpoints. type EndpointResolverV2 interface { - // ResolveEndpoint attempts to resolve the endpoint with the provided options, - // returning the endpoint if found. Otherwise an error is returned. ResolveEndpoint(ctx context.Context, params EndpointParameters) ( smithyendpoints.Endpoint, error, ) @@ -332,206 +756,12 @@ func (r *resolver) ResolveEndpoint( if err = params.ValidateRequired(); err != nil { return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) } - _UseDualStack := *params.UseDualStack - _ = _UseDualStack - _UseFIPS := *params.UseFIPS - _ = _UseFIPS - - if exprVal := params.Endpoint; exprVal != nil { - _Endpoint := *exprVal - _ = _Endpoint - if _UseFIPS == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") - } - if _UseDualStack == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") - } - uriString := _Endpoint - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - if exprVal := params.Region; exprVal != nil { - _Region := *exprVal - _ = _Region - if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil { - _PartitionResult := *exprVal - _ = _PartitionResult - if _PartitionResult.Name == "aws" { - if _UseFIPS == false { - if _UseDualStack == false { - uriString := func() string { - var out strings.Builder - out.WriteString("https://") - out.WriteString(_Region) - out.WriteString(".signin.aws.amazon.com") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - } - if _PartitionResult.Name == "aws-cn" { - if _UseFIPS == false { - if _UseDualStack == false { - uriString := func() string { - var out strings.Builder - out.WriteString("https://") - out.WriteString(_Region) - out.WriteString(".signin.amazonaws.cn") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - } - if _PartitionResult.Name == "aws-us-gov" { - if _UseFIPS == false { - if _UseDualStack == false { - uriString := func() string { - var out strings.Builder - out.WriteString("https://") - out.WriteString(_Region) - out.WriteString(".signin.amazonaws-us-gov.com") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - } - if _UseFIPS == true { - if _UseDualStack == true { - if true == _PartitionResult.SupportsFIPS { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://signin-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") - } - } - if _UseFIPS == true { - if _UseDualStack == false { - if _PartitionResult.SupportsFIPS == true { - uriString := func() string { - var out strings.Builder - out.WriteString("https://signin-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") - } - } - if _UseFIPS == false { - if _UseDualStack == true { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://signin.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") - } - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://signin.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.") - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + c := &conditionContext{} + ref := bdd.Evaluate(bddNodes[:], bddRoot, func(idx int) bool { + return evalCondition(idx, ¶ms, c) + }) + return resolveResult(ref, ¶ms, c) } type endpointParamsBinder interface { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json index 6043ab63f2..4965af4417 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/generated.json @@ -9,6 +9,13 @@ "api_client.go", "api_client_test.go", "api_op_CreateOAuth2Token.go", + "api_op_DeleteConsoleAuthorizationConfiguration.go", + "api_op_DeleteResourcePermissionStatement.go", + "api_op_GetConsoleAuthorizationConfiguration.go", + "api_op_GetResourcePolicy.go", + "api_op_ListResourcePermissionStatements.go", + "api_op_PutConsoleAuthorizationConfiguration.go", + "api_op_PutResourcePermissionStatement.go", "auth.go", "deserializers.go", "doc.go", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go index c922e7adfb..685df38e36 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/go_module_metadata.go @@ -3,4 +3,4 @@ package signin // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.0.9" +const goModuleVersion = "1.2.1" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go index 88559705f4..551d20c28c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/options.go @@ -64,6 +64,10 @@ type Options struct { // Signature Version 4 (SigV4) Signer HTTPSignerV4 HTTPSignerV4 + // Provides idempotency tokens values that will be automatically populated into + // idempotent API operations. + IdempotencyTokenProvider IdempotencyTokenProvider + // The logger writer interface to write logging messages to. Logger logging.Logger diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go index 958240275e..fe87e71f88 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/serializers.go @@ -97,6 +97,595 @@ func awsRestjson1_serializeOpHttpBindingsCreateOAuth2TokenInput(v *CreateOAuth2T return nil } +type awsRestjson1_serializeOpDeleteConsoleAuthorizationConfiguration struct { +} + +func (*awsRestjson1_serializeOpDeleteConsoleAuthorizationConfiguration) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpDeleteConsoleAuthorizationConfiguration) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*DeleteConsoleAuthorizationConfigurationInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/delete-console-authorization-configuration") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentDeleteConsoleAuthorizationConfigurationInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsDeleteConsoleAuthorizationConfigurationInput(v *DeleteConsoleAuthorizationConfigurationInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentDeleteConsoleAuthorizationConfigurationInput(v *DeleteConsoleAuthorizationConfigurationInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.TargetId != nil { + ok := object.Key("targetId") + ok.String(*v.TargetId) + } + + return nil +} + +type awsRestjson1_serializeOpDeleteResourcePermissionStatement struct { +} + +func (*awsRestjson1_serializeOpDeleteResourcePermissionStatement) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpDeleteResourcePermissionStatement) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*DeleteResourcePermissionStatementInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/delete-resource-permission-statement") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentDeleteResourcePermissionStatementInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsDeleteResourcePermissionStatementInput(v *DeleteResourcePermissionStatementInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentDeleteResourcePermissionStatementInput(v *DeleteResourcePermissionStatementInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.ClientToken != nil { + ok := object.Key("clientToken") + ok.String(*v.ClientToken) + } + + if v.StatementId != nil { + ok := object.Key("statementId") + ok.String(*v.StatementId) + } + + return nil +} + +type awsRestjson1_serializeOpGetConsoleAuthorizationConfiguration struct { +} + +func (*awsRestjson1_serializeOpGetConsoleAuthorizationConfiguration) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpGetConsoleAuthorizationConfiguration) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*GetConsoleAuthorizationConfigurationInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/get-console-authorization-configuration") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentGetConsoleAuthorizationConfigurationInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsGetConsoleAuthorizationConfigurationInput(v *GetConsoleAuthorizationConfigurationInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentGetConsoleAuthorizationConfigurationInput(v *GetConsoleAuthorizationConfigurationInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.TargetId != nil { + ok := object.Key("targetId") + ok.String(*v.TargetId) + } + + return nil +} + +type awsRestjson1_serializeOpGetResourcePolicy struct { +} + +func (*awsRestjson1_serializeOpGetResourcePolicy) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpGetResourcePolicy) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*GetResourcePolicyInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/get-resource-policy") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsGetResourcePolicyInput(v *GetResourcePolicyInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +type awsRestjson1_serializeOpListResourcePermissionStatements struct { +} + +func (*awsRestjson1_serializeOpListResourcePermissionStatements) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpListResourcePermissionStatements) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*ListResourcePermissionStatementsInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/list-resource-permission-statements") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentListResourcePermissionStatementsInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsListResourcePermissionStatementsInput(v *ListResourcePermissionStatementsInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentListResourcePermissionStatementsInput(v *ListResourcePermissionStatementsInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.MaxResults != nil { + ok := object.Key("maxResults") + ok.Integer(*v.MaxResults) + } + + if v.NextToken != nil { + ok := object.Key("nextToken") + ok.String(*v.NextToken) + } + + return nil +} + +type awsRestjson1_serializeOpPutConsoleAuthorizationConfiguration struct { +} + +func (*awsRestjson1_serializeOpPutConsoleAuthorizationConfiguration) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpPutConsoleAuthorizationConfiguration) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*PutConsoleAuthorizationConfigurationInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/put-console-authorization-configuration") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentPutConsoleAuthorizationConfigurationInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsPutConsoleAuthorizationConfigurationInput(v *PutConsoleAuthorizationConfigurationInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentPutConsoleAuthorizationConfigurationInput(v *PutConsoleAuthorizationConfigurationInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.TargetId != nil { + ok := object.Key("targetId") + ok.String(*v.TargetId) + } + + return nil +} + +type awsRestjson1_serializeOpPutResourcePermissionStatement struct { +} + +func (*awsRestjson1_serializeOpPutResourcePermissionStatement) ID() string { + return "OperationSerializer" +} + +func (m *awsRestjson1_serializeOpPutResourcePermissionStatement) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*PutResourcePermissionStatementInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + opPath, opQuery := httpbinding.SplitURI("/put-resource-permission-statement") + request.URL.Path = smithyhttp.JoinPath(request.URL.Path, opPath) + request.URL.RawQuery = smithyhttp.JoinRawQuery(request.URL.RawQuery, opQuery) + request.Method = "POST" + var restEncoder *httpbinding.Encoder + if request.URL.RawPath == "" { + restEncoder, err = httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + } else { + request.URL.RawPath = smithyhttp.JoinPath(request.URL.RawPath, opPath) + restEncoder, err = httpbinding.NewEncoderWithRawPath(request.URL.Path, request.URL.RawPath, request.URL.RawQuery, request.Header) + } + + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + restEncoder.SetHeader("Content-Type").String("application/json") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsRestjson1_serializeOpDocumentPutResourcePermissionStatementInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = restEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} +func awsRestjson1_serializeOpHttpBindingsPutResourcePermissionStatementInput(v *PutResourcePermissionStatementInput, encoder *httpbinding.Encoder) error { + if v == nil { + return fmt.Errorf("unsupported serialization of nil %T", v) + } + + return nil +} + +func awsRestjson1_serializeOpDocumentPutResourcePermissionStatementInput(v *PutResourcePermissionStatementInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.ClientToken != nil { + ok := object.Key("clientToken") + ok.String(*v.ClientToken) + } + + if v.ConsoleSourceVpce != nil { + ok := object.Key("consoleSourceVpce") + ok.String(*v.ConsoleSourceVpce) + } + + if v.ExcludedPrincipal != nil { + ok := object.Key("excludedPrincipal") + ok.String(*v.ExcludedPrincipal) + } + + if v.RequestedRegion != nil { + ok := object.Key("requestedRegion") + ok.String(*v.RequestedRegion) + } + + if v.SigninSourceVpce != nil { + ok := object.Key("signinSourceVpce") + ok.String(*v.SigninSourceVpce) + } + + if v.SourceIp != nil { + ok := object.Key("sourceIp") + ok.String(*v.SourceIp) + } + + if v.SourceVpc != nil { + ok := object.Key("sourceVpc") + ok.String(*v.SourceVpc) + } + + if v.VpcSourceIp != nil { + ok := object.Key("vpcSourceIp") + ok.String(*v.VpcSourceIp) + } + + return nil +} + func awsRestjson1_serializeDocumentCreateOAuth2TokenRequestBody(v *types.CreateOAuth2TokenRequestBody, value smithyjson.Value) error { object := value.Object() defer object.Close() diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/enums.go index ecfabb81f7..2ab46c8f2e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/enums.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/enums.go @@ -19,6 +19,12 @@ const ( // The request is missing a required parameter, includes an invalid parameter // value, or is otherwise malformed OAuth2ErrorCodeInvalidRequest OAuth2ErrorCode = "INVALID_REQUEST" + // Requested resource was not found + OAuth2ErrorCodeResourceNotFound OAuth2ErrorCode = "RESOURCE_NOT_FOUND" + // Request conflicts with current state of the resource + OAuth2ErrorCodeConflict OAuth2ErrorCode = "CONFLICT" + // Request would cause a service quota to be exceeded + OAuth2ErrorCodeServiceQuotaExceeded OAuth2ErrorCode = "SERVICE_QUOTA_EXCEEDED" ) // Values returns all known values for OAuth2ErrorCode. Note that this can be @@ -33,5 +39,8 @@ func (OAuth2ErrorCode) Values() []OAuth2ErrorCode { "AUTHCODE_EXPIRED", "server_error", "INVALID_REQUEST", + "RESOURCE_NOT_FOUND", + "CONFLICT", + "SERVICE_QUOTA_EXCEEDED", } } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/errors.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/errors.go index ca4928a86c..56e1019b07 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/errors.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/errors.go @@ -44,6 +44,38 @@ func (e *AccessDeniedException) ErrorCode() string { } func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// Error thrown when request conflicts with current state +// +// HTTP Status Code: 409 Conflict +// +// Used when the request conflicts with the current state of the resource +type ConflictException struct { + Message *string + + ErrorCodeOverride *string + + Error_ OAuth2ErrorCode + + noSmithyDocumentSerde +} + +func (e *ConflictException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *ConflictException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *ConflictException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "ConflictException" + } + return *e.ErrorCodeOverride +} +func (e *ConflictException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // Error thrown when an internal server error occurs // // HTTP Status Code: 500 Internal Server Error @@ -76,6 +108,70 @@ func (e *InternalServerException) ErrorCode() string { } func (e *InternalServerException) ErrorFault() smithy.ErrorFault { return smithy.FaultServer } +// Error thrown when requested resource is not found +// +// HTTP Status Code: 404 Not Found +// +// Used when the specified resource does not exist +type ResourceNotFoundException struct { + Message *string + + ErrorCodeOverride *string + + Error_ OAuth2ErrorCode + + noSmithyDocumentSerde +} + +func (e *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *ResourceNotFoundException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *ResourceNotFoundException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "ResourceNotFoundException" + } + return *e.ErrorCodeOverride +} +func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + +// Error thrown when service quota is exceeded +// +// HTTP Status Code: 402 Payment Required (used as quota exceeded indicator) +// +// Used when the request would cause a service quota to be exceeded +type ServiceQuotaExceededException struct { + Message *string + + ErrorCodeOverride *string + + Error_ OAuth2ErrorCode + + noSmithyDocumentSerde +} + +func (e *ServiceQuotaExceededException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *ServiceQuotaExceededException) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *ServiceQuotaExceededException) ErrorCode() string { + if e == nil || e.ErrorCodeOverride == nil { + return "ServiceQuotaExceededException" + } + return *e.ErrorCodeOverride +} +func (e *ServiceQuotaExceededException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // Error thrown when rate limit is exceeded // // HTTP Status Code: 429 Too Many Requests diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go index 98afa20bfc..aa4f7ecbe4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/types/types.go @@ -112,4 +112,51 @@ type CreateOAuth2TokenResponseBody struct { noSmithyDocumentSerde } +// Summary of a permission statement +type PermissionStatementSummary struct { + + // Unique identifier for the permission statement + // + // This member is required. + Sid *string + + // Condition block for the permission statement + Condition map[string]map[string][]string + + noSmithyDocumentSerde +} + +// Individual policy statement within a resource-based policy +type PolicyStatement struct { + + // Actions the statement controls + Action []string + + // Condition block for the statement + Condition map[string]map[string][]string + + // Effect of the policy statement (Allow/Deny) + Effect *string + + // Principal the statement applies to + Principal map[string]string + + // Resource the statement applies to + Resource *string + + noSmithyDocumentSerde +} + +// SignIn resource-based policy document +type SigninResourceBasedPolicy struct { + + // Policy statements + Statement []PolicyStatement + + // Policy version + Version *string + + noSmithyDocumentSerde +} + type noSmithyDocumentSerde = smithydocument.NoSerde diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go index f07252341a..8570cc5dbb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/signin/validators.go @@ -30,10 +30,34 @@ func (m *validateOpCreateOAuth2Token) HandleInitialize(ctx context.Context, in m return next.HandleInitialize(ctx, in) } +type validateOpDeleteResourcePermissionStatement struct { +} + +func (*validateOpDeleteResourcePermissionStatement) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpDeleteResourcePermissionStatement) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*DeleteResourcePermissionStatementInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpDeleteResourcePermissionStatementInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + func addOpCreateOAuth2TokenValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpCreateOAuth2Token{}, middleware.After) } +func addOpDeleteResourcePermissionStatementValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpDeleteResourcePermissionStatement{}, middleware.After) +} + func validateCreateOAuth2TokenRequestBody(v *types.CreateOAuth2TokenRequestBody) error { if v == nil { return nil @@ -70,3 +94,18 @@ func validateOpCreateOAuth2TokenInput(v *CreateOAuth2TokenInput) error { return nil } } + +func validateOpDeleteResourcePermissionStatementInput(v *DeleteResourcePermissionStatementInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "DeleteResourcePermissionStatementInput"} + if v.StatementId == nil { + invalidParams.Add(smithy.NewErrParamRequired("StatementId")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md index 697dce1a2e..c15b7e19da 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md @@ -1,3 +1,48 @@ +# v1.31.4 (2026-06-29) + +* No change notes available for this release. + +# v1.31.3 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.2 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.1 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.31.0 (2026-06-02) + +* **Feature**: Adding new BDD representation of endpoint ruleset +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.19 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.18 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.17 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.16 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.30.15 (2026-04-02) + +* No change notes available for this release. + # v1.30.14 (2026-03-26) * **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go index ca5364792a..127944307d 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go @@ -259,6 +259,10 @@ func (c *Client) invokeOperation( finalizeClientEndpointResolverOptions(&options) + if err := c.addCommonMiddlewares(stack, options, opID); err != nil { + return nil, metadata, err + } + for _, fn := range stackFns { if err := fn(stack, options); err != nil { return nil, metadata, err @@ -363,6 +367,49 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o } return nil } + +func (c *Client) addCommonMiddlewares(stack *middleware.Stack, options Options, operation string) error { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, operation); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + if err := addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err := addClientRequestID(stack); err != nil { + return err + } + if err := addRetry(stack, options, c); err != nil { + return err + } + if err := addRawResponseToMetadata(stack); err != nil { + return err + } + if err := addSpanRetryLoop(stack, options); err != nil { + return err + } + if err := addClientUserAgent(stack, options); err != nil { + return err + } + if err := addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err := addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err := addRecursionDetection(stack); err != nil { + return err + } + if err := addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err := addInterceptAttempt(stack, options); err != nil { + return err + } + return nil +} func resolveAuthSchemeResolver(options *Options) { if options.AuthSchemeResolver == nil { options.AuthSchemeResolver = &defaultAuthSchemeResolver{} @@ -635,7 +682,7 @@ func addClientRequestID(stack *middleware.Stack) error { } func addComputeContentLength(stack *middleware.Stack) error { - return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After) + return stack.Build.Insert(&smithyhttp.ComputeContentLength{}, "ClientRequestID", middleware.After) } func addRawResponseToMetadata(stack *middleware.Stack) error { @@ -816,6 +863,14 @@ func resolveMeterProvider(options *Options) { } } +func newServiceMetadataMiddleware(region, operation string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: operation, + } +} + func addRecursionDetection(stack *middleware.Stack) error { return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go index 5482b7a032..a6532c20f1 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go @@ -4,8 +4,6 @@ package sso import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sso/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -63,9 +61,6 @@ type GetRoleCredentialsOutput struct { } func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsRestjson1_serializeOpGetRoleCredentials{}, middleware.After) if err != nil { return err @@ -74,62 +69,32 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "GetRoleCredentials"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpGetRoleCredentialsValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRoleCredentials(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "GetRoleCredentials"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -144,22 +109,8 @@ func (c *Client) addOperationGetRoleCredentialsMiddlewares(stack *middleware.Sta if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opGetRoleCredentials(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "GetRoleCredentials", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go index 8759d52576..b48097259a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go @@ -5,7 +5,6 @@ package sso import ( "context" "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sso/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -68,9 +67,6 @@ type ListAccountRolesOutput struct { } func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsRestjson1_serializeOpListAccountRoles{}, middleware.After) if err != nil { return err @@ -79,62 +75,32 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "ListAccountRoles"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpListAccountRolesValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccountRoles(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "ListAccountRoles"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -149,12 +115,6 @@ func (c *Client) addOperationListAccountRolesMiddlewares(stack *middleware.Stack if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } @@ -253,11 +213,3 @@ type ListAccountRolesAPIClient interface { } var _ ListAccountRolesAPIClient = (*Client)(nil) - -func newServiceMetadataMiddleware_opListAccountRoles(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "ListAccountRoles", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go index fea5b43912..6142a5d39e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go @@ -5,7 +5,6 @@ package sso import ( "context" "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sso/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -67,9 +66,6 @@ type ListAccountsOutput struct { } func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsRestjson1_serializeOpListAccounts{}, middleware.After) if err != nil { return err @@ -78,62 +74,32 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "ListAccounts"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpListAccountsValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opListAccounts(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "ListAccounts"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -148,12 +114,6 @@ func (c *Client) addOperationListAccountsMiddlewares(stack *middleware.Stack, op if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } @@ -251,11 +211,3 @@ type ListAccountsAPIClient interface { } var _ ListAccountsAPIClient = (*Client)(nil) - -func newServiceMetadataMiddleware_opListAccounts(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "ListAccounts", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go index 84aef7ce5f..ccafa26f4c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go @@ -4,8 +4,6 @@ package sso import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" ) @@ -62,9 +60,6 @@ type LogoutOutput struct { } func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsRestjson1_serializeOpLogout{}, middleware.After) if err != nil { return err @@ -73,62 +68,32 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "Logout"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpLogoutValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opLogout(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "Logout"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -143,22 +108,8 @@ func (c *Client) addOperationLogoutMiddlewares(stack *middleware.Stack, options if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opLogout(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "Logout", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go index c658615fde..a17cf6ee9c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go @@ -208,7 +208,7 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) } for _, scheme := range m.options.AuthSchemes { - if scheme.SchemeID() != option.SchemeID { + if !matchSchemeID(scheme.SchemeID(), option.SchemeID) { continue } @@ -221,6 +221,16 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func matchSchemeID(registered, option string) bool { + if registered == option { + return true + } + if i := strings.LastIndex(registered, "#"); i != -1 { + return registered[i+1:] == option + } + return false +} + func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { byPriority := make([]*smithyauth.Option, 0, len(options)) for _, prefName := range preferred { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go index a889f3c7a7..bfa1758c8a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go @@ -16,7 +16,6 @@ import ( "github.com/aws/smithy-go/tracing" smithyhttp "github.com/aws/smithy-go/transport/http" "io" - "io/ioutil" "strings" ) @@ -551,7 +550,7 @@ func (m *awsRestjson1_deserializeOpLogout) HandleDeserialize(ctx context.Context output := &LogoutOutput{} out.Result = output - if _, err = io.Copy(ioutil.Discard, response.Body); err != nil { + if _, err = io.Copy(io.Discard, response.Body); err != nil { return out, metadata, &smithy.DeserializationError{ Err: fmt.Errorf("failed to discard response body, %w", err), } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go index 551f05974e..f67fe538d7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go @@ -14,6 +14,7 @@ import ( internalendpoints "github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints" smithyauth "github.com/aws/smithy-go/auth" smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/bdd" "github.com/aws/smithy-go/endpoints/private/rulesfn" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" @@ -229,6 +230,8 @@ func bindRegion(region string) (*string, error) { return aws.String(endpoints.MapFIPSRegion(region)), nil } +var _ = rulesfn.StringSlice(nil) + // EndpointParameters provides the parameters that influence how endpoints are // resolved. type EndpointParameters struct { @@ -294,21 +297,157 @@ func (p EndpointParameters) WithDefaults() EndpointParameters { return p } -type stringSlice []string +const bddRoot int32 = 2 -func (s stringSlice) Get(i int) *string { - if i < 0 || i >= len(s) { - return nil - } +var bddNodes = [42]int32{ + -1, 1, -1, 0, 13, 3, 1, 4, 100000012, 2, 5, 100000012, 3, 8, 6, 4, 7, 100000011, 5, 100000009, 100000010, 4, 11, 9, 6, 10, 100000008, 7, 100000006, 100000007, 5, 12, 100000005, 6, 100000004, 100000005, 3, 100000001, 14, 4, 100000002, 100000003} - v := s[i] - return &v +type conditionContext struct { + PartitionResult *awsrulesfn.PartitionConfig +} + +func evalCondition(idx int, params *EndpointParameters, c *conditionContext) bool { + switch idx { + case 0: + return params.Endpoint != nil + case 1: + return params.Region != nil + case 2: + if v := awsrulesfn.GetPartition(*params.Region); v != nil { + c.PartitionResult = v + return true + } + return false + case 3: + return *params.UseFIPS == true + case 4: + return *params.UseDualStack == true + case 5: + return c.PartitionResult.SupportsDualStack == true + case 6: + return c.PartitionResult.SupportsFIPS == true + case 7: + return c.PartitionResult.Name == "aws-us-gov" + } + return false +} + +func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) (smithyendpoints.Endpoint, error) { + switch idx { + case 0: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint resolution failed: no matching rule") + case 1: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") + case 2: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") + case 3: + uriString := *params.Endpoint + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 4: + uriString := func() string { + var out strings.Builder + out.WriteString("https://portal.sso-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 5: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") + case 6: + uriString := func() string { + var out strings.Builder + out.WriteString("https://portal.sso.") + out.WriteString(*params.Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 7: + uriString := func() string { + var out strings.Builder + out.WriteString("https://portal.sso-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 8: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") + case 9: + uriString := func() string { + var out strings.Builder + out.WriteString("https://portal.sso.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 10: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") + case 11: + uriString := func() string { + var out strings.Builder + out.WriteString("https://portal.sso.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 12: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + } + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, invalid result index: %d", idx) } // EndpointResolverV2 provides the interface for resolving service endpoints. type EndpointResolverV2 interface { - // ResolveEndpoint attempts to resolve the endpoint with the provided options, - // returning the endpoint if found. Otherwise an error is returned. ResolveEndpoint(ctx context.Context, params EndpointParameters) ( smithyendpoints.Endpoint, error, ) @@ -332,152 +471,12 @@ func (r *resolver) ResolveEndpoint( if err = params.ValidateRequired(); err != nil { return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) } - _UseDualStack := *params.UseDualStack - _ = _UseDualStack - _UseFIPS := *params.UseFIPS - _ = _UseFIPS - - if exprVal := params.Endpoint; exprVal != nil { - _Endpoint := *exprVal - _ = _Endpoint - if _UseFIPS == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") - } - if _UseDualStack == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") - } - uriString := _Endpoint - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - if exprVal := params.Region; exprVal != nil { - _Region := *exprVal - _ = _Region - if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil { - _PartitionResult := *exprVal - _ = _PartitionResult - if _UseFIPS == true { - if _UseDualStack == true { - if true == _PartitionResult.SupportsFIPS { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://portal.sso-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") - } - } - if _UseFIPS == true { - if _PartitionResult.SupportsFIPS == true { - if _PartitionResult.Name == "aws-us-gov" { - uriString := func() string { - var out strings.Builder - out.WriteString("https://portal.sso.") - out.WriteString(_Region) - out.WriteString(".amazonaws.com") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://portal.sso-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") - } - if _UseDualStack == true { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://portal.sso.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://portal.sso.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.") - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + c := &conditionContext{} + ref := bdd.Evaluate(bddNodes[:], bddRoot, func(idx int) bool { + return evalCondition(idx, ¶ms, c) + }) + return resolveResult(ref, ¶ms, c) } type endpointParamsBinder interface { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go index 9674e4957b..7bc725826c 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go @@ -3,4 +3,4 @@ package sso // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.30.14" +const goModuleVersion = "1.31.4" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go index 9f550c3f1b..871275a6bf 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go @@ -482,6 +482,11 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsEusc, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "eusc-de-east-1", + }: endpoints.Endpoint{}, + }, }, { ID: "aws-iso", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md index 2bb4cd8fbb..f0bac803b8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md @@ -1,3 +1,51 @@ +# v1.36.7 (2026-06-29) + +* No change notes available for this release. + +# v1.36.6 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.36.5 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.36.4 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.36.3 (2026-06-02) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.36.2 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.36.1 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.36.0 (2026-05-22) + +* **Feature**: Adding new BDD representation of endpoint ruleset + +# v1.35.21 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.20 (2026-04-17) + +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.35.19 (2026-04-02) + +* No change notes available for this release. + # v1.35.18 (2026-03-26) * **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go index 2c0958ade2..ebdaff6e62 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go @@ -259,6 +259,10 @@ func (c *Client) invokeOperation( finalizeClientEndpointResolverOptions(&options) + if err := c.addCommonMiddlewares(stack, options, opID); err != nil { + return nil, metadata, err + } + for _, fn := range stackFns { if err := fn(stack, options); err != nil { return nil, metadata, err @@ -363,6 +367,49 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o } return nil } + +func (c *Client) addCommonMiddlewares(stack *middleware.Stack, options Options, operation string) error { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, operation); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + if err := addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err := addClientRequestID(stack); err != nil { + return err + } + if err := addRetry(stack, options, c); err != nil { + return err + } + if err := addRawResponseToMetadata(stack); err != nil { + return err + } + if err := addSpanRetryLoop(stack, options); err != nil { + return err + } + if err := addClientUserAgent(stack, options); err != nil { + return err + } + if err := addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err := addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err := addRecursionDetection(stack); err != nil { + return err + } + if err := addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err := addInterceptAttempt(stack, options); err != nil { + return err + } + return nil +} func resolveAuthSchemeResolver(options *Options) { if options.AuthSchemeResolver == nil { options.AuthSchemeResolver = &defaultAuthSchemeResolver{} @@ -635,7 +682,7 @@ func addClientRequestID(stack *middleware.Stack) error { } func addComputeContentLength(stack *middleware.Stack) error { - return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After) + return stack.Build.Insert(&smithyhttp.ComputeContentLength{}, "ClientRequestID", middleware.After) } func addRawResponseToMetadata(stack *middleware.Stack) error { @@ -816,6 +863,14 @@ func resolveMeterProvider(options *Options) { } } +func newServiceMetadataMiddleware(region, operation string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: operation, + } +} + func addRecursionDetection(stack *middleware.Stack) error { return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go index cd739d53f5..5c1df1c088 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go @@ -4,8 +4,6 @@ package ssooidc import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" ) @@ -133,9 +131,6 @@ type CreateTokenOutput struct { } func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateToken{}, middleware.After) if err != nil { return err @@ -144,62 +139,32 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "CreateToken"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpCreateTokenValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateToken(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "CreateToken"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -214,22 +179,8 @@ func (c *Client) addOperationCreateTokenMiddlewares(stack *middleware.Stack, opt if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opCreateToken(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "CreateToken", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go index a02f62a286..088e7f2ec8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go @@ -4,8 +4,6 @@ package ssooidc import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/ssooidc/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -177,9 +175,6 @@ type CreateTokenWithIAMOutput struct { } func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateTokenWithIAM{}, middleware.After) if err != nil { return err @@ -188,19 +183,10 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "CreateTokenWithIAM"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -210,43 +196,22 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpCreateTokenWithIAMValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateTokenWithIAM(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "CreateTokenWithIAM"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -261,22 +226,8 @@ func (c *Client) addOperationCreateTokenWithIAMMiddlewares(stack *middleware.Sta if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opCreateTokenWithIAM(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "CreateTokenWithIAM", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go index f32e86be9c..4632f36569 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go @@ -4,8 +4,6 @@ package ssooidc import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" ) @@ -104,9 +102,6 @@ type RegisterClientOutput struct { } func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsRestjson1_serializeOpRegisterClient{}, middleware.After) if err != nil { return err @@ -115,62 +110,32 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack, if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "RegisterClient"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpRegisterClientValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opRegisterClient(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "RegisterClient"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -185,22 +150,8 @@ func (c *Client) addOperationRegisterClientMiddlewares(stack *middleware.Stack, if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opRegisterClient(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "RegisterClient", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go index a35750b227..3417f8dbd3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go @@ -4,8 +4,6 @@ package ssooidc import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" ) @@ -86,9 +84,6 @@ type StartDeviceAuthorizationOutput struct { } func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsRestjson1_serializeOpStartDeviceAuthorization{}, middleware.After) if err != nil { return err @@ -97,62 +92,32 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "StartDeviceAuthorization"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpStartDeviceAuthorizationValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opStartDeviceAuthorization(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "StartDeviceAuthorization"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -167,22 +132,8 @@ func (c *Client) addOperationStartDeviceAuthorizationMiddlewares(stack *middlewa if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opStartDeviceAuthorization(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "StartDeviceAuthorization", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go index 5f253df305..2ceab3e1bd 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go @@ -202,7 +202,7 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) } for _, scheme := range m.options.AuthSchemes { - if scheme.SchemeID() != option.SchemeID { + if !matchSchemeID(scheme.SchemeID(), option.SchemeID) { continue } @@ -215,6 +215,16 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func matchSchemeID(registered, option string) bool { + if registered == option { + return true + } + if i := strings.LastIndex(registered, "#"); i != -1 { + return registered[i+1:] == option + } + return false +} + func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { byPriority := make([]*smithyauth.Option, 0, len(options)) for _, prefName := range preferred { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go index 884983eb4d..1bc32925de 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go @@ -14,6 +14,7 @@ import ( internalendpoints "github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints" smithyauth "github.com/aws/smithy-go/auth" smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/bdd" "github.com/aws/smithy-go/endpoints/private/rulesfn" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" @@ -229,6 +230,8 @@ func bindRegion(region string) (*string, error) { return aws.String(endpoints.MapFIPSRegion(region)), nil } +var _ = rulesfn.StringSlice(nil) + // EndpointParameters provides the parameters that influence how endpoints are // resolved. type EndpointParameters struct { @@ -294,21 +297,157 @@ func (p EndpointParameters) WithDefaults() EndpointParameters { return p } -type stringSlice []string +const bddRoot int32 = 2 -func (s stringSlice) Get(i int) *string { - if i < 0 || i >= len(s) { - return nil - } +var bddNodes = [42]int32{ + -1, 1, -1, 0, 13, 3, 1, 4, 100000012, 2, 5, 100000012, 3, 8, 6, 4, 7, 100000011, 5, 100000009, 100000010, 4, 11, 9, 6, 10, 100000008, 7, 100000006, 100000007, 5, 12, 100000005, 6, 100000004, 100000005, 3, 100000001, 14, 4, 100000002, 100000003} - v := s[i] - return &v +type conditionContext struct { + PartitionResult *awsrulesfn.PartitionConfig +} + +func evalCondition(idx int, params *EndpointParameters, c *conditionContext) bool { + switch idx { + case 0: + return params.Endpoint != nil + case 1: + return params.Region != nil + case 2: + if v := awsrulesfn.GetPartition(*params.Region); v != nil { + c.PartitionResult = v + return true + } + return false + case 3: + return *params.UseFIPS == true + case 4: + return *params.UseDualStack == true + case 5: + return c.PartitionResult.SupportsDualStack == true + case 6: + return c.PartitionResult.SupportsFIPS == true + case 7: + return c.PartitionResult.Name == "aws-us-gov" + } + return false +} + +func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) (smithyendpoints.Endpoint, error) { + switch idx { + case 0: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint resolution failed: no matching rule") + case 1: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") + case 2: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") + case 3: + uriString := *params.Endpoint + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 4: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 5: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") + case 6: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc.") + out.WriteString(*params.Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 7: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 8: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") + case 9: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 10: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") + case 11: + uriString := func() string { + var out strings.Builder + out.WriteString("https://oidc.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 12: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + } + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, invalid result index: %d", idx) } // EndpointResolverV2 provides the interface for resolving service endpoints. type EndpointResolverV2 interface { - // ResolveEndpoint attempts to resolve the endpoint with the provided options, - // returning the endpoint if found. Otherwise an error is returned. ResolveEndpoint(ctx context.Context, params EndpointParameters) ( smithyendpoints.Endpoint, error, ) @@ -332,152 +471,12 @@ func (r *resolver) ResolveEndpoint( if err = params.ValidateRequired(); err != nil { return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) } - _UseDualStack := *params.UseDualStack - _ = _UseDualStack - _UseFIPS := *params.UseFIPS - _ = _UseFIPS - - if exprVal := params.Endpoint; exprVal != nil { - _Endpoint := *exprVal - _ = _Endpoint - if _UseFIPS == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") - } - if _UseDualStack == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") - } - uriString := _Endpoint - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - if exprVal := params.Region; exprVal != nil { - _Region := *exprVal - _ = _Region - if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil { - _PartitionResult := *exprVal - _ = _PartitionResult - if _UseFIPS == true { - if _UseDualStack == true { - if true == _PartitionResult.SupportsFIPS { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") - } - } - if _UseFIPS == true { - if _PartitionResult.SupportsFIPS == true { - if _PartitionResult.Name == "aws-us-gov" { - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc.") - out.WriteString(_Region) - out.WriteString(".amazonaws.com") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") - } - if _UseDualStack == true { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://oidc.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.") - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + c := &conditionContext{} + ref := bdd.Evaluate(bddNodes[:], bddRoot, func(idx int) bool { + return evalCondition(idx, ¶ms, c) + }) + return resolveResult(ref, ¶ms, c) } type endpointParamsBinder interface { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go index 2ae8e4e3b8..d1f579cfae 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go @@ -3,4 +3,4 @@ package ssooidc // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.35.18" +const goModuleVersion = "1.36.7" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go index b7c58e2f24..4ab58f60bd 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go @@ -482,6 +482,11 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsEusc, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + endpoints.EndpointKey{ + Region: "eusc-de-east-1", + }: endpoints.Endpoint{}, + }, }, { ID: "aws-iso", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md index c009086381..d0dbd1b80f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md @@ -1,3 +1,45 @@ +# v1.43.4 (2026-06-29) + +* No change notes available for this release. + +# v1.43.3 (2026-06-08) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.43.2 (2026-06-04) + +* **Dependency Update**: Update to smithy-go v1.27.1 to fix several union-related deserialization bugs in schema-serde-enabled services. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.43.1 (2026-06-03) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.43.0 (2026-06-02) + +* **Feature**: Adding new BDD representation of endpoint ruleset +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.42.3 (2026-05-29) + +* **Dependency Update**: Update to smithy-go v1.26.0. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.42.2 (2026-05-28) + +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.42.1 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + +# v1.42.0 (2026-04-17) + +* **Feature**: The STS client now supports configuring SigV4a through the auth scheme preference setting. SigV4a uses asymmetric cryptography, enabling customers using long-term IAM credentials to continue making STS API calls even when a region is isolated from the partition leader. +* **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait +* **Dependency Update**: Updated to the latest SDK module versions + # v1.41.10 (2026-03-26) * **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go index c0c6af3a15..c0d927a0c8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go @@ -16,6 +16,7 @@ import ( internalauth "github.com/aws/aws-sdk-go-v2/internal/auth" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" internalConfig "github.com/aws/aws-sdk-go-v2/internal/configsources" + "github.com/aws/aws-sdk-go-v2/internal/v4a" acceptencodingcust "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding" presignedurlcust "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url" smithy "github.com/aws/smithy-go" @@ -207,6 +208,8 @@ func New(options Options, optFns ...func(*Options)) *Client { resolveEndpointResolverV2(&options) + resolveHTTPSignerV4a(&options) + resolveTracerProvider(&options) resolveMeterProvider(&options) @@ -221,6 +224,8 @@ func New(options Options, optFns ...func(*Options)) *Client { ignoreAnonymousAuth(&options) + finalizeSTSRetryableErrors(&options) + wrapWithAnonymousAuth(&options) resolveAuthSchemes(&options) @@ -263,6 +268,10 @@ func (c *Client) invokeOperation( finalizeClientEndpointResolverOptions(&options) + if err := c.addCommonMiddlewares(stack, options, opID); err != nil { + return nil, metadata, err + } + for _, fn := range stackFns { if err := fn(stack, options); err != nil { return nil, metadata, err @@ -367,6 +376,49 @@ func addProtocolFinalizerMiddlewares(stack *middleware.Stack, options Options, o } return nil } + +func (c *Client) addCommonMiddlewares(stack *middleware.Stack, options Options, operation string) error { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, operation); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + if err := addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err := addClientRequestID(stack); err != nil { + return err + } + if err := addRetry(stack, options, c); err != nil { + return err + } + if err := addRawResponseToMetadata(stack); err != nil { + return err + } + if err := addSpanRetryLoop(stack, options); err != nil { + return err + } + if err := addClientUserAgent(stack, options); err != nil { + return err + } + if err := addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err := addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err := addRecursionDetection(stack); err != nil { + return err + } + if err := addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err := addInterceptAttempt(stack, options); err != nil { + return err + } + return nil +} func resolveAuthSchemeResolver(options *Options) { if options.AuthSchemeResolver == nil { options.AuthSchemeResolver = &defaultAuthSchemeResolver{} @@ -381,6 +433,11 @@ func resolveAuthSchemes(options *Options) { Logger: options.Logger, LogSigning: options.ClientLogMode.IsSigning(), }), + internalauth.NewHTTPAuthScheme("aws.auth#sigv4a", &v4a.SignerAdapter{ + Signer: options.httpSignerV4a, + Logger: options.Logger, + LogSigning: options.ClientLogMode.IsSigning(), + }), } } } @@ -639,7 +696,7 @@ func addClientRequestID(stack *middleware.Stack) error { } func addComputeContentLength(stack *middleware.Stack) error { - return stack.Build.Add(&smithyhttp.ComputeContentLength{}, middleware.After) + return stack.Build.Insert(&smithyhttp.ComputeContentLength{}, "ClientRequestID", middleware.After) } func addRawResponseToMetadata(stack *middleware.Stack) error { @@ -758,6 +815,26 @@ func resolveUseFIPSEndpoint(cfg aws.Config, o *Options) error { return nil } +type httpSignerV4a interface { + SignHTTP(ctx context.Context, credentials v4a.Credentials, r *http.Request, payloadHash, + service string, regionSet []string, signingTime time.Time, + optFns ...func(*v4a.SignerOptions)) error +} + +func resolveHTTPSignerV4a(o *Options) { + if o.httpSignerV4a != nil { + return + } + o.httpSignerV4a = newDefaultV4aSigner(*o) +} + +func newDefaultV4aSigner(o Options) *v4a.Signer { + return v4a.NewSigner(func(so *v4a.SignerOptions) { + so.Logger = o.Logger + so.LogSigning = o.ClientLogMode.IsSigning() + }) +} + func initializeTimeOffsetResolver(c *Client) { c.timeOffset = new(atomic.Int64) } @@ -808,6 +885,10 @@ func addCredentialSource(stack *middleware.Stack, options Options) error { return stack.Build.Insert(&mw, "UserAgent", middleware.Before) } +func finalizeSTSRetryableErrors(o *Options) { + o.Retryer = retry.AddWithErrorCodes(o.Retryer, "IDPCommunicationError") +} + func resolveTracerProvider(options *Options) { if options.TracerProvider == nil { options.TracerProvider = &tracing.NopTracerProvider{} @@ -820,6 +901,14 @@ func resolveMeterProvider(options *Options) { } } +func newServiceMetadataMiddleware(region, operation string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: operation, + } +} + func addRecursionDetection(stack *middleware.Stack) error { return stack.Build.Add(&awsmiddleware.RecursionDetection{}, middleware.After) } diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go index 83aa65a5a2..a1c0534bc5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/aws/signer/v4" "github.com/aws/aws-sdk-go-v2/service/sts/types" "github.com/aws/smithy-go/middleware" @@ -415,9 +413,6 @@ type AssumeRoleOutput struct { } func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRole{}, middleware.After) if err != nil { return err @@ -426,19 +421,10 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRole"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -448,43 +434,22 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpAssumeRoleValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRole(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "AssumeRole"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -499,26 +464,12 @@ func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, opti if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } -func newServiceMetadataMiddleware_opAssumeRole(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "AssumeRole", - } -} - // PresignAssumeRole is used to generate a presigned HTTP Request which contains // presigned URL, signed headers and HTTP method used. func (c *PresignClient) PresignAssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*PresignOptions)) (*v4.PresignedHTTPRequest, error) { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go index 520e6e1c61..16ffcf2efb 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sts/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -353,9 +351,6 @@ type AssumeRoleWithSAMLOutput struct { } func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRoleWithSAML{}, middleware.After) if err != nil { return err @@ -364,62 +359,32 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRoleWithSAML"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpAssumeRoleWithSAMLValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoleWithSAML(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "AssumeRoleWithSAML"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -434,22 +399,8 @@ func (c *Client) addOperationAssumeRoleWithSAMLMiddlewares(stack *middleware.Sta if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opAssumeRoleWithSAML(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "AssumeRoleWithSAML", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go index 8a164be5be..2fe5f9284f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sts/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -370,9 +368,6 @@ type AssumeRoleWithWebIdentityOutput struct { } func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRoleWithWebIdentity{}, middleware.After) if err != nil { return err @@ -381,62 +376,32 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRoleWithWebIdentity"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } if err = addResolveEndpointMiddleware(stack, options); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpAssumeRoleWithWebIdentityValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoleWithWebIdentity(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "AssumeRoleWithWebIdentity"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -451,22 +416,8 @@ func (c *Client) addOperationAssumeRoleWithWebIdentityMiddlewares(stack *middlew if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opAssumeRoleWithWebIdentity(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "AssumeRoleWithWebIdentity", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go index b52a372dba..353512bb26 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoot.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sts/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -124,9 +122,6 @@ type AssumeRootOutput struct { } func (c *Client) addOperationAssumeRootMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRoot{}, middleware.After) if err != nil { return err @@ -135,19 +130,10 @@ func (c *Client) addOperationAssumeRootMiddlewares(stack *middleware.Stack, opti if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRoot"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -157,43 +143,22 @@ func (c *Client) addOperationAssumeRootMiddlewares(stack *middleware.Stack, opti if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpAssumeRootValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRoot(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "AssumeRoot"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -208,22 +173,8 @@ func (c *Client) addOperationAssumeRootMiddlewares(stack *middleware.Stack, opti if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opAssumeRoot(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "AssumeRoot", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go index eaeab8a683..2e54340ef4 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" ) @@ -84,9 +82,6 @@ type DecodeAuthorizationMessageOutput struct { } func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpDecodeAuthorizationMessage{}, middleware.After) if err != nil { return err @@ -95,19 +90,10 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "DecodeAuthorizationMessage"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -117,43 +103,22 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpDecodeAuthorizationMessageValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDecodeAuthorizationMessage(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "DecodeAuthorizationMessage"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -168,22 +133,8 @@ func (c *Client) addOperationDecodeAuthorizationMessageMiddlewares(stack *middle if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opDecodeAuthorizationMessage(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "DecodeAuthorizationMessage", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go index 2f7adb2f53..c1e9af4403 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" ) @@ -75,9 +73,6 @@ type GetAccessKeyInfoOutput struct { } func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpGetAccessKeyInfo{}, middleware.After) if err != nil { return err @@ -86,19 +81,10 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "GetAccessKeyInfo"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -108,43 +94,22 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpGetAccessKeyInfoValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetAccessKeyInfo(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "GetAccessKeyInfo"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -159,22 +124,8 @@ func (c *Client) addOperationGetAccessKeyInfoMiddlewares(stack *middleware.Stack if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opGetAccessKeyInfo(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "GetAccessKeyInfo", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go index f2d4fbc240..7c2b4e9220 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/aws/signer/v4" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -66,9 +64,6 @@ type GetCallerIdentityOutput struct { } func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpGetCallerIdentity{}, middleware.After) if err != nil { return err @@ -77,19 +72,10 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "GetCallerIdentity"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -99,40 +85,19 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "GetCallerIdentity"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -147,26 +112,12 @@ func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stac if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } -func newServiceMetadataMiddleware_opGetCallerIdentity(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "GetCallerIdentity", - } -} - // PresignGetCallerIdentity is used to generate a presigned HTTP Request which // contains presigned URL, signed headers and HTTP method used. func (c *PresignClient) PresignGetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*PresignOptions)) (*v4.PresignedHTTPRequest, error) { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go index 78d688acc7..e00165161e 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetDelegatedAccessToken.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sts/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -64,9 +62,6 @@ type GetDelegatedAccessTokenOutput struct { } func (c *Client) addOperationGetDelegatedAccessTokenMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpGetDelegatedAccessToken{}, middleware.After) if err != nil { return err @@ -75,19 +70,10 @@ func (c *Client) addOperationGetDelegatedAccessTokenMiddlewares(stack *middlewar if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "GetDelegatedAccessToken"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -97,43 +83,22 @@ func (c *Client) addOperationGetDelegatedAccessTokenMiddlewares(stack *middlewar if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpGetDelegatedAccessTokenValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetDelegatedAccessToken(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "GetDelegatedAccessToken"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -148,22 +113,8 @@ func (c *Client) addOperationGetDelegatedAccessTokenMiddlewares(stack *middlewar if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opGetDelegatedAccessToken(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "GetDelegatedAccessToken", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go index 57b77ebcc3..ba5f92bef8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sts/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -288,9 +286,6 @@ type GetFederationTokenOutput struct { } func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpGetFederationToken{}, middleware.After) if err != nil { return err @@ -299,19 +294,10 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "GetFederationToken"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -321,43 +307,22 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpGetFederationTokenValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetFederationToken(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "GetFederationToken"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -372,22 +337,8 @@ func (c *Client) addOperationGetFederationTokenMiddlewares(stack *middleware.Sta if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opGetFederationToken(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "GetFederationToken", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go index 4b4083501d..644e95ece8 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetSessionToken.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sts/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -137,9 +135,6 @@ type GetSessionTokenOutput struct { } func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpGetSessionToken{}, middleware.After) if err != nil { return err @@ -148,19 +143,10 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "GetSessionToken"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -170,40 +156,19 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "GetSessionToken"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -218,22 +183,8 @@ func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opGetSessionToken(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "GetSessionToken", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go index 7738de5f60..09cbebc253 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetWebIdentityToken.go @@ -4,8 +4,6 @@ package sts import ( "context" - "fmt" - awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/service/sts/types" "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -87,9 +85,6 @@ type GetWebIdentityTokenOutput struct { } func (c *Client) addOperationGetWebIdentityTokenMiddlewares(stack *middleware.Stack, options Options) (err error) { - if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { - return err - } err = stack.Serialize.Add(&awsAwsquery_serializeOpGetWebIdentityToken{}, middleware.After) if err != nil { return err @@ -98,19 +93,10 @@ func (c *Client) addOperationGetWebIdentityTokenMiddlewares(stack *middleware.St if err != nil { return err } - if err := addProtocolFinalizerMiddlewares(stack, options, "GetWebIdentityToken"); err != nil { - return fmt.Errorf("add protocol finalizers: %v", err) - } if err = addlegacyEndpointContextSetter(stack, options); err != nil { return err } - if err = addSetLoggerMiddleware(stack, options); err != nil { - return err - } - if err = addClientRequestID(stack); err != nil { - return err - } if err = addComputeContentLength(stack); err != nil { return err } @@ -120,43 +106,22 @@ func (c *Client) addOperationGetWebIdentityTokenMiddlewares(stack *middleware.St if err = addComputePayloadSHA256(stack); err != nil { return err } - if err = addRetry(stack, options, c); err != nil { - return err - } - if err = addRawResponseToMetadata(stack); err != nil { - return err - } if err = addRecordResponseTiming(stack); err != nil { return err } - if err = addSpanRetryLoop(stack, options); err != nil { - return err - } - if err = addClientUserAgent(stack, options); err != nil { - return err - } if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { return err } if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { return err } - if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { - return err - } - if err = addUserAgentRetryMode(stack, options); err != nil { - return err - } if err = addCredentialSource(stack, options); err != nil { return err } if err = addOpGetWebIdentityTokenValidationMiddleware(stack); err != nil { return err } - if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetWebIdentityToken(options.Region), middleware.Before); err != nil { - return err - } - if err = addRecursionDetection(stack); err != nil { + if err = stack.Initialize.Add(newServiceMetadataMiddleware(options.Region, "GetWebIdentityToken"), middleware.Before); err != nil { return err } if err = addRequestIDRetrieverMiddleware(stack); err != nil { @@ -171,22 +136,8 @@ func (c *Client) addOperationGetWebIdentityTokenMiddlewares(stack *middleware.St if err = addDisableHTTPSMiddleware(stack, options); err != nil { return err } - if err = addInterceptBeforeRetryLoop(stack, options); err != nil { - return err - } - if err = addInterceptAttempt(stack, options); err != nil { - return err - } if err = addInterceptors(stack, options); err != nil { return err } return nil } - -func newServiceMetadataMiddleware_opGetWebIdentityToken(region string) *awsmiddleware.RegisterServiceMetadata { - return &awsmiddleware.RegisterServiceMetadata{ - Region: region, - ServiceID: ServiceID, - OperationName: "GetWebIdentityToken", - } -} diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go index 4db5a51f93..5fe4c60124 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/auth.go @@ -149,6 +149,16 @@ func serviceAuthOptions(params *AuthResolverParameters) []*smithyauth.Option { return props }(), }, + + { + SchemeID: smithyauth.SchemeIDSigV4A, + SignerProperties: func() smithy.Properties { + var props smithy.Properties + smithyhttp.SetSigV4ASigningName(&props, "sts") + smithyhttp.SetSigV4ASigningRegions(&props, []string{params.Region}) + return props + }(), + }, } } @@ -196,7 +206,7 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) } for _, scheme := range m.options.AuthSchemes { - if scheme.SchemeID() != option.SchemeID { + if !matchSchemeID(scheme.SchemeID(), option.SchemeID) { continue } @@ -209,6 +219,16 @@ func (m *resolveAuthSchemeMiddleware) selectScheme(options []*smithyauth.Option) return nil, false } +func matchSchemeID(registered, option string) bool { + if registered == option { + return true + } + if i := strings.LastIndex(registered, "#"); i != -1 { + return registered[i+1:] == option + } + return false +} + func sortAuthOptions(options []*smithyauth.Option, preferred []string) []*smithyauth.Option { byPriority := make([]*smithyauth.Option, 0, len(options)) for _, prefName := range preferred { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go index c8f9526c78..52e7a1fd63 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/endpoints.go @@ -15,6 +15,7 @@ import ( smithy "github.com/aws/smithy-go" smithyauth "github.com/aws/smithy-go/auth" smithyendpoints "github.com/aws/smithy-go/endpoints" + "github.com/aws/smithy-go/endpoints/private/bdd" "github.com/aws/smithy-go/endpoints/private/rulesfn" "github.com/aws/smithy-go/middleware" "github.com/aws/smithy-go/ptr" @@ -230,6 +231,8 @@ func bindRegion(region string) (*string, error) { return aws.String(endpoints.MapFIPSRegion(region)), nil } +var _ = rulesfn.StringSlice(nil) + // EndpointParameters provides the parameters that influence how endpoints are // resolved. type EndpointParameters struct { @@ -312,21 +315,252 @@ func (p EndpointParameters) WithDefaults() EndpointParameters { return p } -type stringSlice []string +const bddRoot int32 = 2 -func (s stringSlice) Get(i int) *string { - if i < 0 || i >= len(s) { - return nil - } +var bddNodes = [93]int32{ + -1, 1, -1, 0, 30, 3, 1, 4, 100000014, 2, 5, 100000014, 3, 25, 6, 4, 24, 7, 5, 100000001, 8, 6, 9, 100000013, 7, 100000001, 10, 10, 100000001, 11, 11, 100000001, 12, 12, 100000001, 13, 13, 100000001, 14, 14, 100000001, 15, 15, 100000001, 16, 16, 100000001, 17, 17, 100000001, 18, 18, 100000001, 19, 19, 100000001, 20, 20, 100000001, 21, 21, 100000001, 22, 22, 100000001, 23, 23, 100000001, 100000002, 8, 100000011, 100000012, 4, 28, 26, 9, 27, 100000010, 24, 100000008, 100000009, 8, 29, 100000007, 9, 100000006, 100000007, 3, 100000003, 31, 4, 100000004, 100000005} + +type conditionContext struct { + PartitionResult *awsrulesfn.PartitionConfig +} - v := s[i] - return &v +func evalCondition(idx int, params *EndpointParameters, c *conditionContext) bool { + switch idx { + case 0: + return params.Endpoint != nil + case 1: + return params.Region != nil + case 2: + if v := awsrulesfn.GetPartition(*params.Region); v != nil { + c.PartitionResult = v + return true + } + return false + case 3: + return *params.UseFIPS == true + case 4: + return *params.UseDualStack == true + case 5: + return *params.Region == "aws-global" + case 6: + return *params.UseGlobalEndpoint == true + case 7: + return *params.Region == "eu-central-1" + case 8: + return c.PartitionResult.SupportsDualStack == true + case 9: + return c.PartitionResult.SupportsFIPS == true + case 10: + return *params.Region == "ap-south-1" + case 11: + return *params.Region == "eu-north-1" + case 12: + return *params.Region == "eu-west-1" + case 13: + return *params.Region == "eu-west-2" + case 14: + return *params.Region == "eu-west-3" + case 15: + return *params.Region == "sa-east-1" + case 16: + return *params.Region == "us-east-1" + case 17: + return *params.Region == "us-east-2" + case 18: + return *params.Region == "us-west-2" + case 19: + return *params.Region == "us-west-1" + case 20: + return *params.Region == "ca-central-1" + case 21: + return *params.Region == "ap-southeast-1" + case 22: + return *params.Region == "ap-northeast-1" + case 23: + return *params.Region == "ap-southeast-2" + case 24: + return c.PartitionResult.Name == "aws-us-gov" + } + return false +} + +func resolveResult(idx int32, params *EndpointParameters, c *conditionContext) (smithyendpoints.Endpoint, error) { + switch idx { + case 0: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint resolution failed: no matching rule") + case 1: + uriString := "https://sts.amazonaws.com" + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetSigV4SigningName(&sp, "sts") + smithyhttp.SetSigV4ASigningName(&sp, "sts") + + smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") + return sp + }(), + }, + }) + return out + }(), + }, nil + case 2: + uriString := func() string { + var out strings.Builder + out.WriteString("https://sts.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + Properties: func() smithy.Properties { + var out smithy.Properties + smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ + { + SchemeID: "sigv4", + SignerProperties: func() smithy.Properties { + var sp smithy.Properties + smithyhttp.SetSigV4SigningName(&sp, "sts") + smithyhttp.SetSigV4ASigningName(&sp, "sts") + + smithyhttp.SetSigV4SigningRegion(&sp, *params.Region) + return sp + }(), + }, + }) + return out + }(), + }, nil + case 3: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") + case 4: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") + case 5: + uriString := *params.Endpoint + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 6: + uriString := func() string { + var out strings.Builder + out.WriteString("https://sts-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 7: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") + case 8: + uriString := func() string { + var out strings.Builder + out.WriteString("https://sts.") + out.WriteString(*params.Region) + out.WriteString(".amazonaws.com") + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 9: + uriString := func() string { + var out strings.Builder + out.WriteString("https://sts-fips.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 10: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") + case 11: + uriString := func() string { + var out strings.Builder + out.WriteString("https://sts.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DualStackDnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 12: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") + case 13: + uriString := func() string { + var out strings.Builder + out.WriteString("https://sts.") + out.WriteString(*params.Region) + out.WriteString(".") + out.WriteString(c.PartitionResult.DnsSuffix) + return out.String() + }() + uri, err := url.Parse(uriString) + if err != nil { + return smithyendpoints.Endpoint{}, fmt.Errorf("Failed to parse uri: %s", uriString) + } + return smithyendpoints.Endpoint{ + URI: *uri, + Headers: http.Header{}, + }, nil + case 14: + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + } + return smithyendpoints.Endpoint{}, fmt.Errorf("endpoint rule error, invalid result index: %d", idx) } // EndpointResolverV2 provides the interface for resolving service endpoints. type EndpointResolverV2 interface { - // ResolveEndpoint attempts to resolve the endpoint with the provided options, - // returning the endpoint if found. Otherwise an error is returned. ResolveEndpoint(ctx context.Context, params EndpointParameters) ( smithyendpoints.Endpoint, error, ) @@ -350,715 +584,12 @@ func (r *resolver) ResolveEndpoint( if err = params.ValidateRequired(); err != nil { return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err) } - _UseDualStack := *params.UseDualStack - _ = _UseDualStack - _UseFIPS := *params.UseFIPS - _ = _UseFIPS - _UseGlobalEndpoint := *params.UseGlobalEndpoint - _ = _UseGlobalEndpoint - - if _UseGlobalEndpoint == true { - if !(params.Endpoint != nil) { - if exprVal := params.Region; exprVal != nil { - _Region := *exprVal - _ = _Region - if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil { - _PartitionResult := *exprVal - _ = _PartitionResult - if _UseFIPS == false { - if _UseDualStack == false { - if _Region == "ap-northeast-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "ap-south-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "ap-southeast-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "ap-southeast-2" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "aws-global" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "ca-central-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "eu-central-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "eu-north-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "eu-west-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "eu-west-2" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "eu-west-3" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "sa-east-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "us-east-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "us-east-2" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "us-west-1" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - if _Region == "us-west-2" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://sts.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, _Region) - return sp - }(), - }, - }) - return out - }(), - }, nil - } - } - } - } - } - } - if exprVal := params.Endpoint; exprVal != nil { - _Endpoint := *exprVal - _ = _Endpoint - if _UseFIPS == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported") - } - if _UseDualStack == true { - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported") - } - uriString := _Endpoint - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - if exprVal := params.Region; exprVal != nil { - _Region := *exprVal - _ = _Region - if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil { - _PartitionResult := *exprVal - _ = _PartitionResult - if _UseFIPS == true { - if _UseDualStack == true { - if true == _PartitionResult.SupportsFIPS { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://sts-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both") - } - } - if _UseFIPS == true { - if _PartitionResult.SupportsFIPS == true { - if _PartitionResult.Name == "aws-us-gov" { - uriString := func() string { - var out strings.Builder - out.WriteString("https://sts.") - out.WriteString(_Region) - out.WriteString(".amazonaws.com") - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://sts-fips.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS") - } - if _UseDualStack == true { - if true == _PartitionResult.SupportsDualStack { - uriString := func() string { - var out strings.Builder - out.WriteString("https://sts.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DualStackDnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack") - } - if _Region == "aws-global" { - uriString := "https://sts.amazonaws.com" - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - Properties: func() smithy.Properties { - var out smithy.Properties - smithyauth.SetAuthOptions(&out, []*smithyauth.Option{ - { - SchemeID: "aws.auth#sigv4", - SignerProperties: func() smithy.Properties { - var sp smithy.Properties - smithyhttp.SetSigV4SigningName(&sp, "sts") - smithyhttp.SetSigV4ASigningName(&sp, "sts") - - smithyhttp.SetSigV4SigningRegion(&sp, "us-east-1") - return sp - }(), - }, - }) - return out - }(), - }, nil - } - uriString := func() string { - var out strings.Builder - out.WriteString("https://sts.") - out.WriteString(_Region) - out.WriteString(".") - out.WriteString(_PartitionResult.DnsSuffix) - return out.String() - }() - - uri, err := url.Parse(uriString) - if err != nil { - return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString) - } - - return smithyendpoints.Endpoint{ - URI: *uri, - Headers: http.Header{}, - }, nil - } - return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.") - } - return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region") + c := &conditionContext{} + ref := bdd.Evaluate(bddNodes[:], bddRoot, func(idx int) bool { + return evalCondition(idx, ¶ms, c) + }) + return resolveResult(ref, ¶ms, c) } type endpointParamsBinder interface { diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json index b5556cbfbf..2fc7b400f7 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/generated.json @@ -3,6 +3,7 @@ "github.com/aws/aws-sdk-go-v2": "v1.4.0", "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000", "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000", + "github.com/aws/aws-sdk-go-v2/internal/v4a": "v0.0.0-00010101000000-000000000000", "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding": "v1.0.5", "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url": "v1.0.7", "github.com/aws/smithy-go": "v1.4.0" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go index 317746f0fd..92bbf3754b 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go @@ -3,4 +3,4 @@ package sts // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.41.10" +const goModuleVersion = "1.43.4" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go index c66e69a8d9..a9f2361fd3 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/options.go @@ -4,9 +4,11 @@ package sts import ( "context" + "fmt" "github.com/aws/aws-sdk-go-v2/aws" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" internalauthsmithy "github.com/aws/aws-sdk-go-v2/internal/auth/smithy" + "github.com/aws/aws-sdk-go-v2/internal/v4a" smithyauth "github.com/aws/smithy-go/auth" "github.com/aws/smithy-go/logging" "github.com/aws/smithy-go/metrics" @@ -107,6 +109,9 @@ type Options struct { // The client tracer provider. TracerProvider tracing.TracerProvider + // Signature Version 4a (SigV4a) Signer + httpSignerV4a httpSignerV4a + // The initial DefaultsMode used when the client options were constructed. If the // DefaultsMode was set to aws.DefaultsModeAuto this will store what the resolved // value was at that point in time. @@ -146,6 +151,9 @@ func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolve if schemeID == "aws.auth#sigv4" { return getSigV4IdentityResolver(o) } + if schemeID == "aws.auth#sigv4a" { + return getSigV4AIdentityResolver(o) + } if schemeID == "smithy.api#noAuth" { return &smithyauth.AnonymousIdentityResolver{} } @@ -231,6 +239,46 @@ func WithSigV4SigningRegion(region string) func(*Options) { } } +func getSigV4AIdentityResolver(o Options) smithyauth.IdentityResolver { + if o.Credentials != nil { + return &v4a.CredentialsProviderAdapter{ + Provider: &v4a.SymmetricCredentialAdaptor{ + SymmetricProvider: o.Credentials, + }, + } + } + return nil +} + +// WithSigV4ASigningRegions applies an override to the authentication workflow to +// use the given signing region set for SigV4A-authenticated operations. +// +// This is an advanced setting. The value here is FINAL, taking precedence over +// the resolved signing region set from both auth scheme resolution and endpoint +// resolution. +func WithSigV4ASigningRegions(regions []string) func(*Options) { + fn := func(ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, + ) { + rscheme := getResolvedAuthScheme(ctx) + if rscheme == nil { + return out, metadata, fmt.Errorf("no resolved auth scheme") + } + + smithyhttp.SetSigV4ASigningRegions(&rscheme.SignerProperties, regions) + return next.HandleFinalize(ctx, in) + } + return func(o *Options) { + o.APIOptions = append(o.APIOptions, func(s *middleware.Stack) error { + return s.Finalize.Insert( + middleware.FinalizeMiddlewareFunc("withSigV4ASigningRegions", fn), + "Signing", + middleware.Before, + ) + }) + } +} + func ignoreAnonymousAuth(options *Options) { if aws.IsCredentialsProvider(options.Credentials, (*aws.AnonymousCredentials)(nil)) { options.Credentials = nil diff --git a/vendor/github.com/aws/smithy-go/AGENTS.md b/vendor/github.com/aws/smithy-go/AGENTS.md new file mode 100644 index 0000000000..e2a75b8ea1 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/AGENTS.md @@ -0,0 +1,172 @@ +# AGENTS.md + +## Project overview + +smithy-go is the Go code generator and runtime for [Smithy](https://smithy.io/). +It has two major components: + +1. **Codegen** (`codegen/`) — A Smithy build plugin written in Java that + generates Go client/server/shape code from Smithy models. +2. **Runtime** (`./`, top-level Go module) — The Go packages that generated + code depends on at runtime. + +The primary downstream consumer is +[aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2). + +## Repository layout + +``` +. # Root Go module (github.com/aws/smithy-go) +├── auth/ # Auth identity + scheme interfaces +│ └── bearer/ # Bearer token auth +├── aws-http-auth/ # Separate module: AWS SigV4/SigV4A HTTP signing +├── codegen/ # Java/Gradle: Smithy code generator +│ ├── smithy-go-codegen/ # Main codegen source (Java) +│ └── smithy-go-codegen-test/ # Codegen integration tests +├── container/ # Generic container types +├── context/ # Context helpers +├── document/ # Smithy document type abstraction +│ └── json/ # JSON document codec +├── encoding/ # Wire format encoders/decoders +│ ├── cbor/ # CBOR (used by rpcv2Cbor) +│ ├── httpbinding/ # HTTP binding serde helpers +│ ├── json/ # JSON encoder/decoder +│ └── xml/ # XML encoder/decoder +├── endpoints/ # Endpoint resolution types +├── internal/ # Internal utilities (singleflight, etc.) +├── io/ # I/O helpers +├── logging/ # Logging interfaces +├── metrics/ # Metrics interfaces +│ └── smithyotelmetrics/ # Separate module: OpenTelemetry metrics adapter +├── middleware/ # Middleware stack (the core of the operation pipeline) +├── ptr/ # Pointer-to/from-value helpers +├── testing/ # Test assertion helpers for generated protocol tests +│ └── xml/ # XML comparison utilities +├── time/ # Smithy timestamp format helpers +├── tracing/ # Tracing interfaces +│ └── smithyoteltracing/ # Separate module: OpenTelemetry tracing adapter +└── transport/ + └── http/ # HTTP request/response types and middleware +``` + +## Building and testing + +### Runtime (Go) + +```bash +# Run unit tests +make unit +``` + +### Codegen (Java) + +```bash +# Build and test codegen +cd codegen && ./gradlew build + +# Publish to local Maven for downstream use +cd codegen && ./gradlew publishToMavenLocal +``` + +The codegen artifact version is fixed at `0.1.0` and is not published to +Maven Central — you **MUST** `publishToMavenLocal`. + +## Runtime architecture + +### Middleware stack + +The operation pipeline is built on a middleware stack defined in `middleware/`. +Steps execute in order: Initialize → Serialize → Build → Finalize → +Deserialize. Each step is a `middleware.Step` that holds an ordered list of +middleware. The codegen generates middleware registrations for each operation. + +### Encoding packages + +Each wire format has its own encoder/decoder under `encoding/`. These are +low-level — they produce/consume raw tokens or values, not full Smithy shapes. +Generated serde code calls into these packages. + +## Codegen: GoWriter and template system + +GoWriter extends Smithy's `SymbolWriter` and is the primary mechanism for +generating Go source. It has **two distinct writing styles** that must not be +confused. + +### Style 1: Positional args (`writer.write` / `writer.openBlock`) + +Inherited from `SymbolWriter`. Arguments are positional and referenced with +`$`-prefixed format characters. Each `$X` consumes the next argument in order. + +Format characters: +- `$L` — Literal (toString). Strings, names, anything that should be inserted + verbatim. +- `$S` — String, quoted. Wraps the value in Go double-quotes. +- `$T` — Type (Symbol). Inserts the symbol name and auto-adds its import. +- `$P` — Pointable type (Symbol). Like `$T` but prepends `*` if the symbol is + marked pointable. +- `$W` — Writable. Evaluates a `Writable` (lambda/closure) inline. +- `$D` — Dependency. Adds a `GoDependency` import, expands to empty string. + +Numbered variants (`$1L`, `$2T`, etc.) allow reusing the same argument +multiple times. The number is 1-indexed and refers to the position in the +argument list: + +```java +// $1L is used twice, $2L once — only 2 args needed +writer.write("type $1L struct{}\nvar _ $2L = (*$1L)(nil)", + DEFAULT_NAME, INTERFACE_NAME); +``` + +`openBlock`/`closeBlock` manage indentation for braced blocks. Arguments are +positional: + +```java +writer.openBlock("func (c $P) $T(ctx $T) ($P, error) {", "}", + serviceSymbol, operationSymbol, contextSymbol, outputSymbol, + () -> { + writer.write("return nil, nil"); + }); +``` + +### Style 2: Named template args (`goTemplate` / `writeGoTemplate`) + +Uses `$name:X` syntax where `name` is a key in a `Map` and `X` +is the format character. Arguments are passed as one or more maps. This is the +**preferred style for new code** — it is more readable and less error-prone +than positional args. + +```java +return goTemplate(""" + func $name:L(v $cborValue:T) ($type:T, error) { + return $coercer:T(v) + } + """, + Map.of( + "name", getDeserializerName(shape), + "cborValue", SmithyGoTypes.Encoding.Cbor.Value, + "type", symbolProvider.toSymbol(shape), + "coercer", coercer + )); +``` + +Rules: +- `goTemplate(String, Map...)` is a **static** method that returns a + `Writable` (a `Consumer` lambda). It does NOT write immediately. +- `writeGoTemplate(String, Map...)` is an **instance** method that writes + immediately to the writer. +- Maps are merged into the writer's context scope for the duration of the + template. Multiple maps can be passed and are applied in order. +- The writer pre-populates common symbols in context: `fmt.Sprintf`, + `fmt.Errorf`, `errors.As`, `context.Context`, `time.Now`. + +### Composing writables + +- `ChainWritable` — Collects multiple `Writable`s and composes them with + newlines between each. Use `.compose()` (with newlines) or + `.compose(false)` (without). + +### Symbol constants + +For symbols, use `SmithyGoDependency.*.valueSymbol("Name")` or +`SmithyGoDependency.*.pointableSymbol("Name")`. + diff --git a/vendor/github.com/aws/smithy-go/CHANGELOG.md b/vendor/github.com/aws/smithy-go/CHANGELOG.md index 27fc881232..1c96bba237 100644 --- a/vendor/github.com/aws/smithy-go/CHANGELOG.md +++ b/vendor/github.com/aws/smithy-go/CHANGELOG.md @@ -1,8 +1,87 @@ -# Release (2026-02-27) +# Release (2026-06-26) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.27.3 + * **Bug Fix**: Fix bug in JSON doc encoder and endpoint host label format validation + +# Release (2026-06-05) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.27.2 + * **Bug Fix**: Fix incorrect serialization of unions in CBOR-based protocols. + +# Release (2026-06-04) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.27.1 + * **Bug Fix**: Fixed a deserialization failure in all protocols when encountering a union with explicit null members. + * **Bug Fix**: Fixed a panic when deserializing nested unions in JSON- and CBOR-based protocols. + +# Release (2026-06-02) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.27.0 + * **Feature**: Add APIs for schema-based serialization. + * **Feature**: Add support for all current AWS and Smithy protocols. + * **Bug Fix**: Enforce max nesting depth of 128 on CBOR payloads. +* `github.com/aws/smithy-go/aws-http-auth`: [v1.2.0](aws-http-auth/CHANGELOG.md#v120-2026-06-02) + * **Feature**: Add event stream signer. + +# Release (2026-05-27) ## General Highlights * **Dependency Update**: Updated to the latest SDK module versions +## Module Highlights +* `github.com/aws/smithy-go`: v1.26.0 + * **Feature**: Add StringSlice to endpoint rulesfn. + +# Release (2026-04-23) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.25.1 + * **Bug Fix**: Fixed a memory leak in the LRU cache implementation used by some AWS services. + +# Release (2026-04-15) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.25.0 + * **Feature**: Add support for endpointBdd trait + +# Release (2026-04-02) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.24.3 + * **Bug Fix**: Add additional sigv4 configuration. +* `github.com/aws/smithy-go/aws-http-auth`: [v1.1.3](aws-http-auth/CHANGELOG.md#v113-2026-04-02) + * **Bug Fix**: Add additional sigv4 configuration. + +# Release (2026-02-27) + +## General Highlights +* **Dependency Update**: Bump minimum go version to 1.24. + # Release (2026-02-20) ## General Highlights diff --git a/vendor/github.com/aws/smithy-go/README.md b/vendor/github.com/aws/smithy-go/README.md index a413ff3d87..c5e14564b4 100644 --- a/vendor/github.com/aws/smithy-go/README.md +++ b/vendor/github.com/aws/smithy-go/README.md @@ -8,22 +8,19 @@ The smithy-go runtime requires a minimum version of Go 1.24. **WARNING: All interfaces are subject to change.** -## :no_entry_sign: DO NOT use the code generators in this repository +## :warning: Client codegen is unstable -**The code generators in this repository do not generate working clients at -this time.** +The client code generator in this repository powers the aws-sdk-go-v2. +Arbitrary client generation, while technically possible, is in an early stage +of development: -In order to generate a usable smithy client you must provide a [protocol definition](https://github.com/aws/smithy-go/blob/main/codegen/smithy-go-codegen/src/main/java/software/amazon/smithy/go/codegen/integration/ProtocolGenerator.java), -such as [AWS restJson1](https://smithy.io/2.0/aws/protocols/aws-restjson1-protocol.html), -in order to generate transport mechanisms and serialization/deserialization -code ("serde") accordingly. +* Generated clients are missing certain features that were originally + implemented SDK-side (e.g. retries) +* There may be bugs +* The public APIs of generated clients may be unstable -The code generator does not currently support any protocols out of the box. -Support for all [AWS protocols](https://smithy.io/2.0/aws/protocols/index.html) -exists in [aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2). We are -tracking the movement of those out of the SDK into smithy-go in -[#458](https://github.com/aws/smithy-go/issues/458), but there's currently no -timeline for doing so. +If you are interested in using the client code generators, we encourage you to +experiment and share any feedback with us in an issue. ## Plugins @@ -55,9 +52,19 @@ methods and types. The up-to-date list of top-level properties enabled for ### Supported protocols +The protocol a client uses is configured by the `Protocol` field on a client's +`Options`. The SDK will configure a default based on the protocol traits +applied to the modeled service. + | Protocol | Notes | |----------|-------| -| [`smithy.protocols#rpcv2Cbor`](https://smithy.io/2.0/additional-specs/protocols/smithy-rpc-v2.html) | Event streaming not yet implemented. | +| [`smithy.protocols#rpcv2Cbor`](https://smithy.io/2.0/additional-specs/protocols/smithy-rpc-v2.html) | | +| [`aws.protocols#restJson1`](https://smithy.io/2.0/aws/protocols/aws-restjson1-protocol.html) | | +| [`aws.protocols#restXml`](https://smithy.io/2.0/aws/protocols/aws-restxml-protocol.html) | | +| [`aws.protocols#awsJson1_0`](https://smithy.io/2.0/aws/protocols/aws-json-1_0-protocol.html) | | +| [`aws.protocols#awsJson1_1`](https://smithy.io/2.0/aws/protocols/aws-json-1_1-protocol.html) | | +| [`aws.protocols#awsQuery`](https://smithy.io/2.0/aws/protocols/aws-query-protocol.html) | | +| [`aws.protocols#ec2Query`](https://smithy.io/2.0/aws/protocols/aws-ec2-query-protocol.html) | | ### Example diff --git a/vendor/github.com/aws/smithy-go/document/document.go b/vendor/github.com/aws/smithy-go/document/document.go index 8f852d95c6..82b48eb592 100644 --- a/vendor/github.com/aws/smithy-go/document/document.go +++ b/vendor/github.com/aws/smithy-go/document/document.go @@ -4,6 +4,7 @@ import ( "fmt" "math/big" "strconv" + "time" ) // Marshaler is an interface for a type that marshals a document to its protocol-specific byte representation and @@ -15,26 +16,26 @@ import ( // When defining struct types. the `document` struct tag can be used to control how the value will be // marshaled into the resulting protocol document. // -// // Field is ignored -// Field int `document:"-"` +// // Field is ignored +// Field int `document:"-"` // -// // Field object of key "myName" -// Field int `document:"myName"` +// // Field object of key "myName" +// Field int `document:"myName"` // -// // Field object key of key "myName", and -// // Field is omitted if the field is a zero value for the type. -// Field int `document:"myName,omitempty"` +// // Field object key of key "myName", and +// // Field is omitted if the field is a zero value for the type. +// Field int `document:"myName,omitempty"` // -// // Field object key of "Field", and -// // Field is omitted if the field is a zero value for the type. -// Field int `document:",omitempty"` +// // Field object key of "Field", and +// // Field is omitted if the field is a zero value for the type. +// Field int `document:",omitempty"` // // All struct fields, including anonymous fields, are marshaled unless the // any of the following conditions are meet. // -// - the field is not exported -// - document field tag is "-" -// - document field tag specifies "omitempty", and is a zero value. +// - the field is not exported +// - document field tag is "-" +// - document field tag specifies "omitempty", and is a zero value. // // Pointer and interface values are encoded as the value pointed to or // contained in the interface. A nil value encodes as a null @@ -50,6 +51,13 @@ import ( // // Marshal cannot represent cyclic data structures and will not handle them. // Passing cyclic structures to Marshal will result in an infinite recursion. +// +// Marshaler is not used in schema-serde based services (which are currently +// being rolled out) since having an implementation of Marshaler locks a +// document into support for a specific serial format. Existing implementations +// of Marshaler will continue to encode to JSON as that is effectively the only +// serial format supported for Document prior to the introduction of +// schema-serde. In schema-serde services it is replaced by [Value]. type Marshaler interface { MarshalSmithyDocument() ([]byte, error) } @@ -63,18 +71,94 @@ type Marshaler interface { // // Both generic interface{} and concrete types are valid unmarshal destination types. When unmarshaling a document // into an empty interface the Unmarshaler will store one of these values: -// bool, for boolean values -// document.Number, for arbitrary-precision numbers (int64, float64, big.Int, big.Float) -// string, for string values -// []interface{}, for array values -// map[string]interface{}, for objects -// nil, for null values +// +// bool, for boolean values +// document.Number, for arbitrary-precision numbers (int64, float64, big.Int, big.Float) +// string, for string values +// []interface{}, for array values +// map[string]interface{}, for objects +// nil, for null values // // When unmarshaling, any error that occurs will halt the unmarshal and return the error. type Unmarshaler interface { UnmarshalSmithyDocument(v interface{}) error } +// Value is a sealed type representing a Smithy document value. It covers the +// full Smithy data model including blob and timestamp. +// +// The following types implement Value: +// - [Null] +// - [Boolean] +// - [Number] +// - [String] +// - [Blob] +// - [Timestamp] +// - [List] +// - [Map] +// - [Structure] +// - [Opaque] +type Value interface { + isValue() +} + +// Null is a document null value. +type Null struct{} + +func (Null) isValue() {} + +// Boolean is a document boolean value. +type Boolean bool + +func (Boolean) isValue() {} + +// String is a document string value. +type String string + +func (String) isValue() {} + +// Blob is a document blob value. +type Blob []byte + +func (Blob) isValue() {} + +// Timestamp is a document timestamp value. +type Timestamp time.Time + +func (Timestamp) isValue() {} + +// List is a document list value. +type List []Value + +func (List) isValue() {} + +// Map is a document map value with string keys. +type Map map[string]Value + +func (Map) isValue() {} + +// Structure is a document structure value with an optional discriminator +// identifying the shape it represents. +type Structure struct { + // Discriminator is the absolute shape ID (e.g. + // "com.example#MyShape") of the concrete type this structure + // represents. It may be empty if the type is unknown. + Discriminator string + + // Members maps member names to their document values. + Members map[string]Value +} + +func (Structure) isValue() {} + +// Opaque wraps an arbitrary Go value for backward compatibility with the +// legacy reflection-based document serialization path. +type Opaque struct { + Value any +} + +func (Opaque) isValue() {} + type noSerde interface { noSmithyDocumentSerde() } @@ -96,6 +180,8 @@ func IsNoSerde(x interface{}) bool { // Number is an arbitrary precision numerical value type Number string +func (Number) isValue() {} + // Int64 returns the number as a string. func (n Number) String() string { return string(n) diff --git a/vendor/github.com/aws/smithy-go/encoding/json/value.go b/vendor/github.com/aws/smithy-go/encoding/json/value.go index b41ff1e15c..eac49c44c2 100644 --- a/vendor/github.com/aws/smithy-go/encoding/json/value.go +++ b/vendor/github.com/aws/smithy-go/encoding/json/value.go @@ -106,6 +106,11 @@ func (jv Value) BigInteger(v *big.Int) { // BigDecimal encodes v as JSON value func (jv Value) BigDecimal(v *big.Float) { + if v.Sign() == 0 && v.Signbit() { + // Preserve negative zero sign which Int64() would lose. + jv.w.Write([]byte("-0")) + return + } if i, accuracy := v.Int64(); accuracy == big.Exact { jv.Long(i) return diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/bdd/evaluate.go b/vendor/github.com/aws/smithy-go/endpoints/private/bdd/evaluate.go new file mode 100644 index 0000000000..ae0fb7fdad --- /dev/null +++ b/vendor/github.com/aws/smithy-go/endpoints/private/bdd/evaluate.go @@ -0,0 +1,35 @@ +package bdd + +const resultOffset int32 = 100_000_000 +const intsPerNode = 3 + +// Evaluate traverses a compiled BDD node array and returns the result index. +// nodes is a flat array of [condIdx, hi, lo] triples (1-indexed). +// root is the root node reference. evalCond returns true/false for condition index. +func Evaluate(nodes []int32, root int32, evalCond func(int) bool) int32 { + ref := root + for { + if ref >= resultOffset { + return ref - resultOffset + } + if ref == 1 || ref == -1 { + return 0 // NoMatchRule + } + + complement := ref < 0 + nodeIdx := ref + if complement { + nodeIdx = -ref + } + base := (nodeIdx - 1) * intsPerNode + condIdx := nodes[base] + hi := nodes[base+1] + lo := nodes[base+2] + + if complement != evalCond(int(condIdx)) { + ref = hi + } else { + ref = lo + } + } +} diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go new file mode 100644 index 0000000000..f8b30789a0 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/split.go @@ -0,0 +1,16 @@ +package rulesfn + +import "strings" + +// Split splits the input string by the delimiter and returns the resulting +// parts. If limit is > 0, at most limit substrings are returned. +// Returns a slice with a single empty string if the input is empty. +func Split(input, delimiter string, limit int) []string { + if len(input) == 0 { + return []string{""} + } + if limit > 0 { + return strings.SplitN(input, delimiter, limit) + } + return strings.Split(input, delimiter) +} diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/string_slice.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/string_slice.go new file mode 100644 index 0000000000..7a82fcd94e --- /dev/null +++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/string_slice.go @@ -0,0 +1,18 @@ +package rulesfn + +// StringSlice is a string slice with a negative-index-aware Get method for use +// in endpoint rule evaluation. +type StringSlice []string + +// Get returns a pointer to the string at index i, or nil if the index is out +// of bounds. Negative indices count from the end of the slice. +func (s StringSlice) Get(i int) *string { + if i < 0 { + i = len(s) + i + } + if i < 0 || i >= len(s) { + return nil + } + v := s[i] + return &v +} diff --git a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/uri.go b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/uri.go index 0c11541276..68828dbfe9 100644 --- a/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/uri.go +++ b/vendor/github.com/aws/smithy-go/endpoints/private/rulesfn/uri.go @@ -27,6 +27,9 @@ func IsValidHostLabel(input string, allowSubDomains bool) bool { if !smithyhttp.ValidHostLabel(label) { return false } + if label[0] == '-' || label[len(label)-1] == '-' { + return false + } } return true diff --git a/vendor/github.com/aws/smithy-go/eventstream/const.go b/vendor/github.com/aws/smithy-go/eventstream/const.go new file mode 100644 index 0000000000..893156c5d5 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/const.go @@ -0,0 +1,24 @@ +package eventstream + +// EventStream headers with specific meaning to async API functionality. +const ( + ChunkSignatureHeader = `:chunk-signature` // chunk signature for message + DateHeader = `:date` // Date header for signature + ContentTypeHeader = ":content-type" // message payload content-type + + // Message header and values + MessageTypeHeader = `:message-type` // Identifies type of message. + EventMessageType = `event` + ErrorMessageType = `error` + ExceptionMessageType = `exception` + + // Message Events + EventTypeHeader = `:event-type` // Identifies message event type e.g. "Stats". + + // Message Error + ErrorCodeHeader = `:error-code` + ErrorMessageHeader = `:error-message` + + // Message Exception + ExceptionTypeHeader = `:exception-type` +) diff --git a/vendor/github.com/aws/smithy-go/eventstream/debug.go b/vendor/github.com/aws/smithy-go/eventstream/debug.go new file mode 100644 index 0000000000..6049402b1f --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/debug.go @@ -0,0 +1,144 @@ +package eventstream + +import ( + "bytes" + "encoding/base64" + "encoding/json" + "fmt" + "strconv" +) + +type decodedMessage struct { + rawMessage + Headers decodedHeaders `json:"headers"` +} +type jsonMessage struct { + Length json.Number `json:"total_length"` + HeadersLen json.Number `json:"headers_length"` + PreludeCRC json.Number `json:"prelude_crc"` + Headers decodedHeaders `json:"headers"` + Payload []byte `json:"payload"` + CRC json.Number `json:"message_crc"` +} + +func (d *decodedMessage) UnmarshalJSON(b []byte) (err error) { + var jsonMsg jsonMessage + if err = json.Unmarshal(b, &jsonMsg); err != nil { + return err + } + + d.Length, err = numAsUint32(jsonMsg.Length) + if err != nil { + return err + } + d.HeadersLen, err = numAsUint32(jsonMsg.HeadersLen) + if err != nil { + return err + } + d.PreludeCRC, err = numAsUint32(jsonMsg.PreludeCRC) + if err != nil { + return err + } + d.Headers = jsonMsg.Headers + d.Payload = jsonMsg.Payload + d.CRC, err = numAsUint32(jsonMsg.CRC) + if err != nil { + return err + } + + return nil +} + +func (d *decodedMessage) MarshalJSON() ([]byte, error) { + jsonMsg := jsonMessage{ + Length: json.Number(strconv.Itoa(int(d.Length))), + HeadersLen: json.Number(strconv.Itoa(int(d.HeadersLen))), + PreludeCRC: json.Number(strconv.Itoa(int(d.PreludeCRC))), + Headers: d.Headers, + Payload: d.Payload, + CRC: json.Number(strconv.Itoa(int(d.CRC))), + } + + return json.Marshal(jsonMsg) +} + +func numAsUint32(n json.Number) (uint32, error) { + v, err := n.Int64() + if err != nil { + return 0, fmt.Errorf("failed to get int64 json number, %v", err) + } + + return uint32(v), nil +} + +func (d decodedMessage) Message() Message { + return Message{ + Headers: Headers(d.Headers), + Payload: d.Payload, + } +} + +type decodedHeaders Headers + +func (hs *decodedHeaders) UnmarshalJSON(b []byte) error { + var jsonHeaders []struct { + Name string `json:"name"` + Type valueType `json:"type"` + Value any `json:"value"` + } + + decoder := json.NewDecoder(bytes.NewReader(b)) + decoder.UseNumber() + if err := decoder.Decode(&jsonHeaders); err != nil { + return err + } + + var headers Headers + for _, h := range jsonHeaders { + value, err := valueFromType(h.Type, h.Value) + if err != nil { + return err + } + headers.Set(h.Name, value) + } + *hs = decodedHeaders(headers) + + return nil +} + +func valueFromType(typ valueType, val any) (Value, error) { + switch typ { + case trueValueType: + return BoolValue(true), nil + case falseValueType: + return BoolValue(false), nil + case int8ValueType: + v, err := val.(json.Number).Int64() + return Int8Value(int8(v)), err + case int16ValueType: + v, err := val.(json.Number).Int64() + return Int16Value(int16(v)), err + case int32ValueType: + v, err := val.(json.Number).Int64() + return Int32Value(int32(v)), err + case int64ValueType: + v, err := val.(json.Number).Int64() + return Int64Value(v), err + case bytesValueType: + v, err := base64.StdEncoding.DecodeString(val.(string)) + return BytesValue(v), err + case stringValueType: + v, err := base64.StdEncoding.DecodeString(val.(string)) + return StringValue(string(v)), err + case timestampValueType: + v, err := val.(json.Number).Int64() + return TimestampValue(timeFromEpochMilli(v)), err + case uuidValueType: + v, err := base64.StdEncoding.DecodeString(val.(string)) + var tv UUIDValue + copy(tv[:], v) + return tv, err + default: + panic(fmt.Sprintf("unknown type, %s, %T", typ.String(), val)) + } +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/decode.go b/vendor/github.com/aws/smithy-go/eventstream/decode.go new file mode 100644 index 0000000000..d9ab7652f4 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/decode.go @@ -0,0 +1,218 @@ +package eventstream + +import ( + "bytes" + "encoding/binary" + "encoding/hex" + "encoding/json" + "fmt" + "github.com/aws/smithy-go/logging" + "hash" + "hash/crc32" + "io" +) + +// DecoderOptions is the Decoder configuration options. +type DecoderOptions struct { + Logger logging.Logger + LogMessages bool +} + +// Decoder provides decoding of an Event Stream messages. +type Decoder struct { + options DecoderOptions +} + +// NewDecoder initializes and returns a Decoder for decoding event +// stream messages from the reader provided. +func NewDecoder(optFns ...func(*DecoderOptions)) *Decoder { + options := DecoderOptions{} + + for _, fn := range optFns { + fn(&options) + } + + return &Decoder{ + options: options, + } +} + +// Decode attempts to decode a single message from the event stream reader. +// Will return the event stream message, or error if decodeMessage fails to read +// the message from the stream. +// +// payloadBuf is a byte slice that will be used in the returned Message.Payload. Callers +// must ensure that the Message.Payload from a previous decode has been consumed before passing in the same underlying +// payloadBuf byte slice. +func (d *Decoder) Decode(reader io.Reader, payloadBuf []byte) (m Message, err error) { + if d.options.Logger != nil && d.options.LogMessages { + debugMsgBuf := bytes.NewBuffer(nil) + reader = io.TeeReader(reader, debugMsgBuf) + defer func() { + logMessageDecode(d.options.Logger, debugMsgBuf, m, err) + }() + } + + m, err = decodeMessage(reader, payloadBuf) + + return m, err +} + +// decodeMessage attempts to decode a single message from the event stream reader. +// Will return the event stream message, or error if decodeMessage fails to read +// the message from the reader. +func decodeMessage(reader io.Reader, payloadBuf []byte) (m Message, err error) { + crc := crc32.New(crc32IEEETable) + hashReader := io.TeeReader(reader, crc) + + prelude, err := decodePrelude(hashReader, crc) + if err != nil { + return Message{}, err + } + + if prelude.HeadersLen > 0 { + lr := io.LimitReader(hashReader, int64(prelude.HeadersLen)) + m.Headers, err = decodeHeaders(lr) + if err != nil { + return Message{}, err + } + } + + if payloadLen := prelude.PayloadLen(); payloadLen > 0 { + buf, err := decodePayload(payloadBuf, io.LimitReader(hashReader, int64(payloadLen))) + if err != nil { + return Message{}, err + } + m.Payload = buf + } + + msgCRC := crc.Sum32() + if err := validateCRC(reader, msgCRC); err != nil { + return Message{}, err + } + + return m, nil +} + +func logMessageDecode(logger logging.Logger, msgBuf *bytes.Buffer, msg Message, decodeErr error) { + w := bytes.NewBuffer(nil) + defer func() { logger.Logf(logging.Debug, w.String()) }() + + fmt.Fprintf(w, "Raw message:\n%s\n", + hex.Dump(msgBuf.Bytes())) + + if decodeErr != nil { + fmt.Fprintf(w, "decodeMessage error: %v\n", decodeErr) + return + } + + rawMsg, err := msg.rawMessage() + if err != nil { + fmt.Fprintf(w, "failed to create raw message, %v\n", err) + return + } + + decodedMsg := decodedMessage{ + rawMessage: rawMsg, + Headers: decodedHeaders(msg.Headers), + } + + fmt.Fprintf(w, "Decoded message:\n") + encoder := json.NewEncoder(w) + if err := encoder.Encode(decodedMsg); err != nil { + fmt.Fprintf(w, "failed to generate decoded message, %v\n", err) + } +} + +func decodePrelude(r io.Reader, crc hash.Hash32) (messagePrelude, error) { + var p messagePrelude + + var err error + p.Length, err = decodeUint32(r) + if err != nil { + return messagePrelude{}, err + } + + p.HeadersLen, err = decodeUint32(r) + if err != nil { + return messagePrelude{}, err + } + + if err := p.ValidateLens(); err != nil { + return messagePrelude{}, err + } + + preludeCRC := crc.Sum32() + if err := validateCRC(r, preludeCRC); err != nil { + return messagePrelude{}, err + } + + p.PreludeCRC = preludeCRC + + return p, nil +} + +func decodePayload(buf []byte, r io.Reader) ([]byte, error) { + w := bytes.NewBuffer(buf[0:0]) + + _, err := io.Copy(w, r) + return w.Bytes(), err +} + +func decodeUint8(r io.Reader) (uint8, error) { + type byteReader interface { + ReadByte() (byte, error) + } + + if br, ok := r.(byteReader); ok { + v, err := br.ReadByte() + return v, err + } + + var b [1]byte + _, err := io.ReadFull(r, b[:]) + return b[0], err +} + +func decodeUint16(r io.Reader) (uint16, error) { + var b [2]byte + bs := b[:] + _, err := io.ReadFull(r, bs) + if err != nil { + return 0, err + } + return binary.BigEndian.Uint16(bs), nil +} + +func decodeUint32(r io.Reader) (uint32, error) { + var b [4]byte + bs := b[:] + _, err := io.ReadFull(r, bs) + if err != nil { + return 0, err + } + return binary.BigEndian.Uint32(bs), nil +} + +func decodeUint64(r io.Reader) (uint64, error) { + var b [8]byte + bs := b[:] + _, err := io.ReadFull(r, bs) + if err != nil { + return 0, err + } + return binary.BigEndian.Uint64(bs), nil +} + +func validateCRC(r io.Reader, expect uint32) error { + msgCRC, err := decodeUint32(r) + if err != nil { + return err + } + + if msgCRC != expect { + return ChecksumError{} + } + + return nil +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/deserializer.go b/vendor/github.com/aws/smithy-go/eventstream/deserializer.go new file mode 100644 index 0000000000..8bc931a324 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/deserializer.go @@ -0,0 +1,294 @@ +package eventstream + +import ( + "fmt" + "math/big" + "time" + + "github.com/aws/smithy-go" + "github.com/aws/smithy-go/document" + "github.com/aws/smithy-go/traits" +) + +// ShapeDeserializer wraps a [smithy.ShapeDeserializer] to handle event stream +// message binding traits. +type ShapeDeserializer struct { + Message *Message + + inner smithy.ShapeDeserializer + + depth int + schema *smithy.Schema + + bindings []*smithy.Schema + bindIdx int + inBindings bool + + inBody bool + hasPayload bool + hasBody bool +} + +var _ smithy.ShapeDeserializer = (*ShapeDeserializer)(nil) + +// NewShapeDeserializer returns a deserializer for a Message. +func NewShapeDeserializer(msg *Message, inner smithy.ShapeDeserializer) *ShapeDeserializer { + return &ShapeDeserializer{ + Message: msg, + inner: inner, + } +} + +func (d *ShapeDeserializer) ReadStruct(s *smithy.Schema) error { + d.depth++ + if d.depth > 1 { + return d.inner.ReadStruct(s) + } + d.schema = s + for _, m := range s.Members() { + if _, ok := smithy.SchemaTrait[*traits.EventPayload](m); ok { + d.hasPayload = true + } + if isEventBound(m) { + d.bindings = append(d.bindings, m) + } else { + d.hasBody = true + } + } + return nil +} + +func (d *ShapeDeserializer) ReadStructMember() (*smithy.Schema, error) { + if d.depth > 1 { + ms, err := d.inner.ReadStructMember() + if ms == nil { + d.depth-- + } + return ms, err + } + + // like httpbinding, throw back the bound stuff first before we drop into + // the body + for d.bindIdx < len(d.bindings) { + m := d.bindings[d.bindIdx] + d.bindIdx++ + if isEventHeader(m) && d.Message.Headers.Get(m.MemberName()) == nil { + continue + } + d.inBindings = true + return m, nil + } + d.inBindings = false + + if d.hasPayload { + d.depth-- + return nil, nil + } + + if !d.hasBody { + d.depth-- + return nil, nil + } + + if !d.inBody { + d.inBody = true + if err := d.inner.ReadStruct(d.schema); err != nil { + return nil, err + } + } + + ms, err := d.inner.ReadStructMember() + if ms == nil { + d.depth-- + } + + return ms, err +} + +func (d *ShapeDeserializer) ReadString(s *smithy.Schema, v *string) error { + if d.inBindings { + if isEventHeader(s) { + hv := d.Message.Headers.Get(s.MemberName()) + if hv == nil { + return nil + } + sv, ok := hv.(StringValue) + if !ok { + return fmt.Errorf("event header %q: expected string, got %T", s.MemberName(), hv) + } + *v = string(sv) + return nil + } + if isEventPayload(s) { + *v = string(d.Message.Payload) + return nil + } + } + return d.inner.ReadString(s, v) +} + +func (d *ShapeDeserializer) ReadBool(s *smithy.Schema, v *bool) error { + if d.inBindings && isEventHeader(s) { + hv := d.Message.Headers.Get(s.MemberName()) + if hv == nil { + return nil + } + bv, ok := hv.(BoolValue) + if !ok { + return fmt.Errorf("event header %q: expected bool, got %T", s.MemberName(), hv) + } + *v = bool(bv) + return nil + } + return d.inner.ReadBool(s, v) +} + +func (d *ShapeDeserializer) readHeaderInt64(name string) (int64, bool, error) { + hv := d.Message.Headers.Get(name) + if hv == nil { + return 0, false, nil + } + switch v := hv.(type) { + case Int8Value: + return int64(v), true, nil + case Int16Value: + return int64(v), true, nil + case Int32Value: + return int64(v), true, nil + case Int64Value: + return int64(v), true, nil + default: + return 0, false, fmt.Errorf("event header %q: expected integer, got %T", name, hv) + } +} + +type intn interface { + int8 | int16 | int32 | int64 +} + +func readEventHeaderInt[T intn](d *ShapeDeserializer, s *smithy.Schema, v *T) error { + n, ok, err := d.readHeaderInt64(s.MemberName()) + if err != nil || !ok { + return err + } + *v = T(n) + return nil +} + +func (d *ShapeDeserializer) ReadInt8(s *smithy.Schema, v *int8) error { + if d.inBindings && isEventHeader(s) { + return readEventHeaderInt(d, s, v) + } + return d.inner.ReadInt8(s, v) +} + +func (d *ShapeDeserializer) ReadInt16(s *smithy.Schema, v *int16) error { + if d.inBindings && isEventHeader(s) { + return readEventHeaderInt(d, s, v) + } + return d.inner.ReadInt16(s, v) +} + +func (d *ShapeDeserializer) ReadInt32(s *smithy.Schema, v *int32) error { + if d.inBindings && isEventHeader(s) { + return readEventHeaderInt(d, s, v) + } + return d.inner.ReadInt32(s, v) +} + +func (d *ShapeDeserializer) ReadInt64(s *smithy.Schema, v *int64) error { + if d.inBindings && isEventHeader(s) { + return readEventHeaderInt(d, s, v) + } + return d.inner.ReadInt64(s, v) +} + +func (d *ShapeDeserializer) ReadFloat32(s *smithy.Schema, v *float32) error { + return d.inner.ReadFloat32(s, v) +} + +func (d *ShapeDeserializer) ReadFloat64(s *smithy.Schema, v *float64) error { + return d.inner.ReadFloat64(s, v) +} + +func (d *ShapeDeserializer) ReadBlob(s *smithy.Schema, v *[]byte) error { + if d.inBindings { + if isEventHeader(s) { + hv := d.Message.Headers.Get(s.MemberName()) + if hv == nil { + return nil + } + bv, ok := hv.(BytesValue) + if !ok { + return fmt.Errorf("event header %q: expected bytes, got %T", s.MemberName(), hv) + } + *v = []byte(bv) + return nil + } + if isEventPayload(s) { + *v = d.Message.Payload + return nil + } + } + return d.inner.ReadBlob(s, v) +} + +func (d *ShapeDeserializer) ReadTime(s *smithy.Schema, v *time.Time) error { + if d.inBindings && isEventHeader(s) { + hv := d.Message.Headers.Get(s.MemberName()) + if hv == nil { + return nil + } + tv, ok := hv.(TimestampValue) + if !ok { + return fmt.Errorf("event header %q: expected timestamp, got %T", s.MemberName(), hv) + } + *v = time.Time(tv) + return nil + } + return d.inner.ReadTime(s, v) +} + +func (d *ShapeDeserializer) ReadList(s *smithy.Schema) error { + return d.inner.ReadList(s) +} + +func (d *ShapeDeserializer) ReadListItem(s *smithy.Schema) (bool, error) { + return d.inner.ReadListItem(s) +} + +func (d *ShapeDeserializer) ReadMap(s *smithy.Schema) error { + return d.inner.ReadMap(s) +} + +func (d *ShapeDeserializer) ReadMapKey(s *smithy.Schema) (string, bool, error) { + return d.inner.ReadMapKey(s) +} + +func (d *ShapeDeserializer) ReadUnion(s *smithy.Schema) (*smithy.Schema, error) { + return d.inner.ReadUnion(s) +} + +func (d *ShapeDeserializer) ReadNil(s *smithy.Schema) (bool, error) { + return d.inner.ReadNil(s) +} + +func (d *ShapeDeserializer) ReadDocument(s *smithy.Schema, v *document.Value) error { + return d.inner.ReadDocument(s, v) +} + +func isEventBound(schema *smithy.Schema) bool { + _, h := smithy.SchemaTrait[*traits.EventHeader](schema) + _, p := smithy.SchemaTrait[*traits.EventPayload](schema) + return h || p +} + +// ReadBigInt is unimplemented and will return an error. +func (d *ShapeDeserializer) ReadBigInt(_ *smithy.Schema, _ *big.Int) error { + return fmt.Errorf("unimplemented") +} + +// ReadBigFloat is unimplemented and will return an error. +func (d *ShapeDeserializer) ReadBigFloat(_ *smithy.Schema, _ *big.Float) error { + return fmt.Errorf("unimplemented") +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/encode.go b/vendor/github.com/aws/smithy-go/eventstream/encode.go new file mode 100644 index 0000000000..61cf7238d9 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/encode.go @@ -0,0 +1,167 @@ +package eventstream + +import ( + "bytes" + "encoding/binary" + "encoding/hex" + "encoding/json" + "fmt" + "github.com/aws/smithy-go/logging" + "hash" + "hash/crc32" + "io" +) + +// EncoderOptions is the configuration options for Encoder. +type EncoderOptions struct { + Logger logging.Logger + LogMessages bool +} + +// Encoder provides EventStream message encoding. +type Encoder struct { + options EncoderOptions + + headersBuf *bytes.Buffer + messageBuf *bytes.Buffer +} + +// NewEncoder initializes and returns an Encoder to encode Event Stream +// messages. +func NewEncoder(optFns ...func(*EncoderOptions)) *Encoder { + o := EncoderOptions{} + + for _, fn := range optFns { + fn(&o) + } + + return &Encoder{ + options: o, + headersBuf: bytes.NewBuffer(nil), + messageBuf: bytes.NewBuffer(nil), + } +} + +// Encode encodes a single EventStream message to the io.Writer the Encoder +// was created with. An error is returned if writing the message fails. +func (e *Encoder) Encode(w io.Writer, msg Message) (err error) { + e.headersBuf.Reset() + e.messageBuf.Reset() + + var writer io.Writer = e.messageBuf + if e.options.Logger != nil && e.options.LogMessages { + encodeMsgBuf := bytes.NewBuffer(nil) + writer = io.MultiWriter(writer, encodeMsgBuf) + defer func() { + logMessageEncode(e.options.Logger, encodeMsgBuf, msg, err) + }() + } + + if err = EncodeHeaders(e.headersBuf, msg.Headers); err != nil { + return err + } + + crc := crc32.New(crc32IEEETable) + hashWriter := io.MultiWriter(writer, crc) + + headersLen := uint32(e.headersBuf.Len()) + payloadLen := uint32(len(msg.Payload)) + + if err = encodePrelude(hashWriter, crc, headersLen, payloadLen); err != nil { + return err + } + + if headersLen > 0 { + if _, err = io.Copy(hashWriter, e.headersBuf); err != nil { + return err + } + } + + if payloadLen > 0 { + if _, err = hashWriter.Write(msg.Payload); err != nil { + return err + } + } + + msgCRC := crc.Sum32() + if err := binary.Write(writer, binary.BigEndian, msgCRC); err != nil { + return err + } + + _, err = io.Copy(w, e.messageBuf) + + return err +} + +func logMessageEncode(logger logging.Logger, msgBuf *bytes.Buffer, msg Message, encodeErr error) { + w := bytes.NewBuffer(nil) + defer func() { logger.Logf(logging.Debug, w.String()) }() + + fmt.Fprintf(w, "Message to encode:\n") + encoder := json.NewEncoder(w) + if err := encoder.Encode(msg); err != nil { + fmt.Fprintf(w, "Failed to get encoded message, %v\n", err) + } + + if encodeErr != nil { + fmt.Fprintf(w, "Encode error: %v\n", encodeErr) + return + } + + fmt.Fprintf(w, "Raw message:\n%s\n", hex.Dump(msgBuf.Bytes())) +} + +func encodePrelude(w io.Writer, crc hash.Hash32, headersLen, payloadLen uint32) error { + p := messagePrelude{ + Length: minMsgLen + headersLen + payloadLen, + HeadersLen: headersLen, + } + if err := p.ValidateLens(); err != nil { + return err + } + + err := binaryWriteFields(w, binary.BigEndian, + p.Length, + p.HeadersLen, + ) + if err != nil { + return err + } + + p.PreludeCRC = crc.Sum32() + err = binary.Write(w, binary.BigEndian, p.PreludeCRC) + if err != nil { + return err + } + + return nil +} + +// EncodeHeaders writes the header values to the writer encoded in the event +// stream format. Returns an error if a header fails to encode. +func EncodeHeaders(w io.Writer, headers Headers) error { + for _, h := range headers { + hn := headerName{ + Len: uint8(len(h.Name)), + } + copy(hn.Name[:hn.Len], h.Name) + if err := hn.encode(w); err != nil { + return err + } + + if err := h.Value.encode(w); err != nil { + return err + } + } + + return nil +} + +func binaryWriteFields(w io.Writer, order binary.ByteOrder, vs ...any) error { + for _, v := range vs { + if err := binary.Write(w, order, v); err != nil { + return err + } + } + return nil +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/error.go b/vendor/github.com/aws/smithy-go/eventstream/error.go new file mode 100644 index 0000000000..7616214dd6 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/error.go @@ -0,0 +1,23 @@ +package eventstream + +import "fmt" + +// LengthError provides the error for items being larger than a maximum length. +type LengthError struct { + Part string + Want int + Have int + Value any +} + +func (e LengthError) Error() string { + return fmt.Sprintf("%s length invalid, %d/%d, %v", + e.Part, e.Want, e.Have, e.Value) +} + +// ChecksumError provides the error for message checksum invalidation errors. +type ChecksumError struct{} + +func (e ChecksumError) Error() string { + return "message checksum mismatch" +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/header.go b/vendor/github.com/aws/smithy-go/eventstream/header.go new file mode 100644 index 0000000000..f580bda4c0 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/header.go @@ -0,0 +1,175 @@ +package eventstream + +import ( + "encoding/binary" + "fmt" + "io" +) + +// Headers are a collection of EventStream header values. +type Headers []Header + +// Header is a single EventStream Key Value header pair. +type Header struct { + Name string + Value Value +} + +// Set associates the name with a value. If the header name already exists in +// the Headers the value will be replaced with the new one. +func (hs *Headers) Set(name string, value Value) { + var i int + for ; i < len(*hs); i++ { + if (*hs)[i].Name == name { + (*hs)[i].Value = value + return + } + } + + *hs = append(*hs, Header{ + Name: name, Value: value, + }) +} + +// Get returns the Value associated with the header. Nil is returned if the +// value does not exist. +func (hs Headers) Get(name string) Value { + for i := range hs { + if h := hs[i]; h.Name == name { + return h.Value + } + } + return nil +} + +// Del deletes the value in the Headers if it exists. +func (hs *Headers) Del(name string) { + for i := 0; i < len(*hs); i++ { + if (*hs)[i].Name == name { + copy((*hs)[i:], (*hs)[i+1:]) + (*hs) = (*hs)[:len(*hs)-1] + } + } +} + +// Clone returns a deep copy of the headers +func (hs Headers) Clone() Headers { + o := make(Headers, 0, len(hs)) + for _, h := range hs { + o.Set(h.Name, h.Value) + } + return o +} + +func decodeHeaders(r io.Reader) (Headers, error) { + hs := Headers{} + + for { + name, err := decodeHeaderName(r) + if err != nil { + if err == io.EOF { + // EOF while getting header name means no more headers + break + } + return nil, err + } + + value, err := decodeHeaderValue(r) + if err != nil { + return nil, err + } + + hs.Set(name, value) + } + + return hs, nil +} + +func decodeHeaderName(r io.Reader) (string, error) { + var n headerName + + var err error + n.Len, err = decodeUint8(r) + if err != nil { + return "", err + } + + name := n.Name[:n.Len] + if _, err := io.ReadFull(r, name); err != nil { + return "", err + } + + return string(name), nil +} + +func decodeHeaderValue(r io.Reader) (Value, error) { + var raw rawValue + + typ, err := decodeUint8(r) + if err != nil { + return nil, err + } + raw.Type = valueType(typ) + + var v Value + + switch raw.Type { + case trueValueType: + v = BoolValue(true) + case falseValueType: + v = BoolValue(false) + case int8ValueType: + var tv Int8Value + err = tv.decode(r) + v = tv + case int16ValueType: + var tv Int16Value + err = tv.decode(r) + v = tv + case int32ValueType: + var tv Int32Value + err = tv.decode(r) + v = tv + case int64ValueType: + var tv Int64Value + err = tv.decode(r) + v = tv + case bytesValueType: + var tv BytesValue + err = tv.decode(r) + v = tv + case stringValueType: + var tv StringValue + err = tv.decode(r) + v = tv + case timestampValueType: + var tv TimestampValue + err = tv.decode(r) + v = tv + case uuidValueType: + var tv UUIDValue + err = tv.decode(r) + v = tv + default: + panic(fmt.Sprintf("unknown value type %d", raw.Type)) + } + + // Error could be EOF, let caller deal with it + return v, err +} + +const maxHeaderNameLen = 255 + +type headerName struct { + Len uint8 + Name [maxHeaderNameLen]byte +} + +func (v headerName) encode(w io.Writer) error { + if err := binary.Write(w, binary.BigEndian, v.Len); err != nil { + return err + } + + _, err := w.Write(v.Name[:v.Len]) + return err +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/header_value.go b/vendor/github.com/aws/smithy-go/eventstream/header_value.go new file mode 100644 index 0000000000..61ed35366d --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/header_value.go @@ -0,0 +1,521 @@ +package eventstream + +import ( + "encoding/base64" + "encoding/binary" + "encoding/hex" + "fmt" + "io" + "strconv" + "time" +) + +const maxHeaderValueLen = 1<<15 - 1 // 2^15-1 or 32KB - 1 + +// valueType is the EventStream header value type. +type valueType uint8 + +// Header value types +const ( + trueValueType valueType = iota + falseValueType + int8ValueType // Byte + int16ValueType // Short + int32ValueType // Integer + int64ValueType // Long + bytesValueType + stringValueType + timestampValueType + uuidValueType +) + +func (t valueType) String() string { + switch t { + case trueValueType: + return "bool" + case falseValueType: + return "bool" + case int8ValueType: + return "int8" + case int16ValueType: + return "int16" + case int32ValueType: + return "int32" + case int64ValueType: + return "int64" + case bytesValueType: + return "byte_array" + case stringValueType: + return "string" + case timestampValueType: + return "timestamp" + case uuidValueType: + return "uuid" + default: + return fmt.Sprintf("unknown value type %d", uint8(t)) + } +} + +type rawValue struct { + Type valueType + Len uint16 // Only set for variable length slices + Value []byte // byte representation of value, BigEndian encoding. +} + +func (r rawValue) encodeScalar(w io.Writer, v any) error { + return binaryWriteFields(w, binary.BigEndian, + r.Type, + v, + ) +} + +func (r rawValue) encodeFixedSlice(w io.Writer, v []byte) error { + binary.Write(w, binary.BigEndian, r.Type) + + _, err := w.Write(v) + return err +} + +func (r rawValue) encodeBytes(w io.Writer, v []byte) error { + if len(v) > maxHeaderValueLen { + return LengthError{ + Part: "header value", + Want: maxHeaderValueLen, Have: len(v), + Value: v, + } + } + r.Len = uint16(len(v)) + + err := binaryWriteFields(w, binary.BigEndian, + r.Type, + r.Len, + ) + if err != nil { + return err + } + + _, err = w.Write(v) + return err +} + +func (r rawValue) encodeString(w io.Writer, v string) error { + if len(v) > maxHeaderValueLen { + return LengthError{ + Part: "header value", + Want: maxHeaderValueLen, Have: len(v), + Value: v, + } + } + r.Len = uint16(len(v)) + + type stringWriter interface { + WriteString(string) (int, error) + } + + err := binaryWriteFields(w, binary.BigEndian, + r.Type, + r.Len, + ) + if err != nil { + return err + } + + if sw, ok := w.(stringWriter); ok { + _, err = sw.WriteString(v) + } else { + _, err = w.Write([]byte(v)) + } + + return err +} + +func decodeFixedBytesValue(r io.Reader, buf []byte) error { + _, err := io.ReadFull(r, buf) + return err +} + +func decodeBytesValue(r io.Reader) ([]byte, error) { + var raw rawValue + var err error + raw.Len, err = decodeUint16(r) + if err != nil { + return nil, err + } + + buf := make([]byte, raw.Len) + _, err = io.ReadFull(r, buf) + if err != nil { + return nil, err + } + + return buf, nil +} + +func decodeStringValue(r io.Reader) (string, error) { + v, err := decodeBytesValue(r) + return string(v), err +} + +// Value represents the abstract header value. +type Value interface { + Get() any + String() string + valueType() valueType + encode(io.Writer) error +} + +// An BoolValue provides eventstream encoding, and representation +// of a Go bool value. +type BoolValue bool + +// Get returns the underlying type +func (v BoolValue) Get() any { + return bool(v) +} + +// valueType returns the EventStream header value type value. +func (v BoolValue) valueType() valueType { + if v { + return trueValueType + } + return falseValueType +} + +func (v BoolValue) String() string { + return strconv.FormatBool(bool(v)) +} + +// encode encodes the BoolValue into an eventstream binary value +// representation. +func (v BoolValue) encode(w io.Writer) error { + return binary.Write(w, binary.BigEndian, v.valueType()) +} + +// An Int8Value provides eventstream encoding, and representation of a Go +// int8 value. +type Int8Value int8 + +// Get returns the underlying value. +func (v Int8Value) Get() any { + return int8(v) +} + +// valueType returns the EventStream header value type value. +func (Int8Value) valueType() valueType { + return int8ValueType +} + +func (v Int8Value) String() string { + return fmt.Sprintf("0x%02x", int8(v)) +} + +// encode encodes the Int8Value into an eventstream binary value +// representation. +func (v Int8Value) encode(w io.Writer) error { + raw := rawValue{ + Type: v.valueType(), + } + + return raw.encodeScalar(w, v) +} + +func (v *Int8Value) decode(r io.Reader) error { + n, err := decodeUint8(r) + if err != nil { + return err + } + + *v = Int8Value(n) + return nil +} + +// An Int16Value provides eventstream encoding, and representation of a Go +// int16 value. +type Int16Value int16 + +// Get returns the underlying value. +func (v Int16Value) Get() any { + return int16(v) +} + +// valueType returns the EventStream header value type value. +func (Int16Value) valueType() valueType { + return int16ValueType +} + +func (v Int16Value) String() string { + return fmt.Sprintf("0x%04x", int16(v)) +} + +// encode encodes the Int16Value into an eventstream binary value +// representation. +func (v Int16Value) encode(w io.Writer) error { + raw := rawValue{ + Type: v.valueType(), + } + return raw.encodeScalar(w, v) +} + +func (v *Int16Value) decode(r io.Reader) error { + n, err := decodeUint16(r) + if err != nil { + return err + } + + *v = Int16Value(n) + return nil +} + +// An Int32Value provides eventstream encoding, and representation of a Go +// int32 value. +type Int32Value int32 + +// Get returns the underlying value. +func (v Int32Value) Get() any { + return int32(v) +} + +// valueType returns the EventStream header value type value. +func (Int32Value) valueType() valueType { + return int32ValueType +} + +func (v Int32Value) String() string { + return fmt.Sprintf("0x%08x", int32(v)) +} + +// encode encodes the Int32Value into an eventstream binary value +// representation. +func (v Int32Value) encode(w io.Writer) error { + raw := rawValue{ + Type: v.valueType(), + } + return raw.encodeScalar(w, v) +} + +func (v *Int32Value) decode(r io.Reader) error { + n, err := decodeUint32(r) + if err != nil { + return err + } + + *v = Int32Value(n) + return nil +} + +// An Int64Value provides eventstream encoding, and representation of a Go +// int64 value. +type Int64Value int64 + +// Get returns the underlying value. +func (v Int64Value) Get() any { + return int64(v) +} + +// valueType returns the EventStream header value type value. +func (Int64Value) valueType() valueType { + return int64ValueType +} + +func (v Int64Value) String() string { + return fmt.Sprintf("0x%016x", int64(v)) +} + +// encode encodes the Int64Value into an eventstream binary value +// representation. +func (v Int64Value) encode(w io.Writer) error { + raw := rawValue{ + Type: v.valueType(), + } + return raw.encodeScalar(w, v) +} + +func (v *Int64Value) decode(r io.Reader) error { + n, err := decodeUint64(r) + if err != nil { + return err + } + + *v = Int64Value(n) + return nil +} + +// An BytesValue provides eventstream encoding, and representation of a Go +// byte slice. +type BytesValue []byte + +// Get returns the underlying value. +func (v BytesValue) Get() any { + return []byte(v) +} + +// valueType returns the EventStream header value type value. +func (BytesValue) valueType() valueType { + return bytesValueType +} + +func (v BytesValue) String() string { + return base64.StdEncoding.EncodeToString([]byte(v)) +} + +// encode encodes the BytesValue into an eventstream binary value +// representation. +func (v BytesValue) encode(w io.Writer) error { + raw := rawValue{ + Type: v.valueType(), + } + + return raw.encodeBytes(w, []byte(v)) +} + +func (v *BytesValue) decode(r io.Reader) error { + buf, err := decodeBytesValue(r) + if err != nil { + return err + } + + *v = BytesValue(buf) + return nil +} + +// An StringValue provides eventstream encoding, and representation of a Go +// string. +type StringValue string + +// Get returns the underlying value. +func (v StringValue) Get() any { + return string(v) +} + +// valueType returns the EventStream header value type value. +func (StringValue) valueType() valueType { + return stringValueType +} + +func (v StringValue) String() string { + return string(v) +} + +// encode encodes the StringValue into an eventstream binary value +// representation. +func (v StringValue) encode(w io.Writer) error { + raw := rawValue{ + Type: v.valueType(), + } + + return raw.encodeString(w, string(v)) +} + +func (v *StringValue) decode(r io.Reader) error { + s, err := decodeStringValue(r) + if err != nil { + return err + } + + *v = StringValue(s) + return nil +} + +// An TimestampValue provides eventstream encoding, and representation of a Go +// timestamp. +type TimestampValue time.Time + +// Get returns the underlying value. +func (v TimestampValue) Get() any { + return time.Time(v) +} + +// valueType returns the EventStream header value type value. +func (TimestampValue) valueType() valueType { + return timestampValueType +} + +func (v TimestampValue) epochMilli() int64 { + nano := time.Time(v).UnixNano() + msec := nano / int64(time.Millisecond) + return msec +} + +func (v TimestampValue) String() string { + msec := v.epochMilli() + return strconv.FormatInt(msec, 10) +} + +// encode encodes the TimestampValue into an eventstream binary value +// representation. +func (v TimestampValue) encode(w io.Writer) error { + raw := rawValue{ + Type: v.valueType(), + } + + msec := v.epochMilli() + return raw.encodeScalar(w, msec) +} + +func (v *TimestampValue) decode(r io.Reader) error { + n, err := decodeUint64(r) + if err != nil { + return err + } + + *v = TimestampValue(timeFromEpochMilli(int64(n))) + return nil +} + +// MarshalJSON implements the json.Marshaler interface +func (v TimestampValue) MarshalJSON() ([]byte, error) { + return []byte(v.String()), nil +} + +func timeFromEpochMilli(t int64) time.Time { + secs := t / 1e3 + msec := t % 1e3 + return time.Unix(secs, msec*int64(time.Millisecond)).UTC() +} + +// An UUIDValue provides eventstream encoding, and representation of a UUID +// value. +type UUIDValue [16]byte + +// Get returns the underlying value. +func (v UUIDValue) Get() any { + return v[:] +} + +// valueType returns the EventStream header value type value. +func (UUIDValue) valueType() valueType { + return uuidValueType +} + +func (v UUIDValue) String() string { + var scratch [36]byte + + const dash = '-' + + hex.Encode(scratch[:8], v[0:4]) + scratch[8] = dash + hex.Encode(scratch[9:13], v[4:6]) + scratch[13] = dash + hex.Encode(scratch[14:18], v[6:8]) + scratch[18] = dash + hex.Encode(scratch[19:23], v[8:10]) + scratch[23] = dash + hex.Encode(scratch[24:], v[10:]) + + return string(scratch[:]) +} + +// encode encodes the UUIDValue into an eventstream binary value +// representation. +func (v UUIDValue) encode(w io.Writer) error { + raw := rawValue{ + Type: v.valueType(), + } + + return raw.encodeFixedSlice(w, v[:]) +} + +func (v *UUIDValue) decode(r io.Reader) error { + tv := (*v)[:] + return decodeFixedBytesValue(r, tv) +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/message.go b/vendor/github.com/aws/smithy-go/eventstream/message.go new file mode 100644 index 0000000000..1a77654f7e --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/message.go @@ -0,0 +1,99 @@ +package eventstream + +import ( + "bytes" + "encoding/binary" + "hash/crc32" +) + +const preludeLen = 8 +const preludeCRCLen = 4 +const msgCRCLen = 4 +const minMsgLen = preludeLen + preludeCRCLen + msgCRCLen + +var crc32IEEETable = crc32.MakeTable(crc32.IEEE) + +// A Message provides the eventstream message representation. +type Message struct { + Headers Headers + Payload []byte +} + +func (m *Message) rawMessage() (rawMessage, error) { + var raw rawMessage + + if len(m.Headers) > 0 { + var headers bytes.Buffer + if err := EncodeHeaders(&headers, m.Headers); err != nil { + return rawMessage{}, err + } + raw.Headers = headers.Bytes() + raw.HeadersLen = uint32(len(raw.Headers)) + } + + raw.Length = raw.HeadersLen + uint32(len(m.Payload)) + minMsgLen + + hash := crc32.New(crc32IEEETable) + binaryWriteFields(hash, binary.BigEndian, raw.Length, raw.HeadersLen) + raw.PreludeCRC = hash.Sum32() + + binaryWriteFields(hash, binary.BigEndian, raw.PreludeCRC) + + if raw.HeadersLen > 0 { + hash.Write(raw.Headers) + } + + // Read payload bytes and update hash for it as well. + if len(m.Payload) > 0 { + raw.Payload = m.Payload + hash.Write(raw.Payload) + } + + raw.CRC = hash.Sum32() + + return raw, nil +} + +// Clone returns a deep copy of the message. +func (m Message) Clone() Message { + var payload []byte + if m.Payload != nil { + payload = make([]byte, len(m.Payload)) + copy(payload, m.Payload) + } + + return Message{ + Headers: m.Headers.Clone(), + Payload: payload, + } +} + +type messagePrelude struct { + Length uint32 + HeadersLen uint32 + PreludeCRC uint32 +} + +func (p messagePrelude) PayloadLen() uint32 { + return p.Length - p.HeadersLen - minMsgLen +} + +func (p messagePrelude) ValidateLens() error { + if p.Length == 0 { + return LengthError{ + Part: "message prelude", + Want: minMsgLen, + Have: int(p.Length), + } + } + return nil +} + +type rawMessage struct { + messagePrelude + + Headers []byte + Payload []byte + + CRC uint32 +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/serializer.go b/vendor/github.com/aws/smithy-go/eventstream/serializer.go new file mode 100644 index 0000000000..018481e938 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/serializer.go @@ -0,0 +1,228 @@ +package eventstream + +import ( + "math/big" + "time" + + "github.com/aws/smithy-go" + "github.com/aws/smithy-go/document" + "github.com/aws/smithy-go/traits" +) + +// ShapeSerializer wraps a [smithy.ShapeSerializer], much like the internal +// httpbinding serializer, to handle event stream message binding traits. +type ShapeSerializer struct { + Message *Message + + inner smithy.ShapeSerializer + contentType string // may be inflenced by bindings + depth int + hasBody bool +} + +var _ smithy.ShapeSerializer = (*ShapeSerializer)(nil) + +// NewShapeSerializer returns a serializer for a single Message. +func NewShapeSerializer(msg *Message, inner smithy.ShapeSerializer) *ShapeSerializer { + return &ShapeSerializer{ + Message: msg, + inner: inner, + } +} + +// ContentType returns the resolved content type for the event message payload +// after serialization, which may be affected by bindings. +func (s *ShapeSerializer) ContentType() string { + return s.contentType +} + +// Bytes returns the serialized body bytes. +func (s *ShapeSerializer) Bytes() []byte { + return s.inner.Bytes() +} + +// WriteBool implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteBool(schema *smithy.Schema, v bool) { + if isEventHeader(schema) { + s.Message.Headers.Set(schema.MemberName(), BoolValue(v)) + return + } + s.inner.WriteBool(schema, v) +} + +// WriteInt8 implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteInt8(schema *smithy.Schema, v int8) { + if isEventHeader(schema) { + s.Message.Headers.Set(schema.MemberName(), Int8Value(v)) + return + } + s.inner.WriteInt8(schema, v) +} + +// WriteInt16 implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteInt16(schema *smithy.Schema, v int16) { + if isEventHeader(schema) { + s.Message.Headers.Set(schema.MemberName(), Int16Value(v)) + return + } + s.inner.WriteInt16(schema, v) +} + +// WriteInt32 implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteInt32(schema *smithy.Schema, v int32) { + if isEventHeader(schema) { + s.Message.Headers.Set(schema.MemberName(), Int32Value(v)) + return + } + s.inner.WriteInt32(schema, v) +} + +// WriteInt64 implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteInt64(schema *smithy.Schema, v int64) { + if isEventHeader(schema) { + s.Message.Headers.Set(schema.MemberName(), Int64Value(v)) + return + } + s.inner.WriteInt64(schema, v) +} + +// WriteFloat32 implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteFloat32(schema *smithy.Schema, v float32) { + s.inner.WriteFloat32(schema, v) +} + +// WriteFloat64 implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteFloat64(schema *smithy.Schema, v float64) { + s.inner.WriteFloat64(schema, v) +} + +// WriteString implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteString(schema *smithy.Schema, v string) { + if isEventHeader(schema) { + s.Message.Headers.Set(schema.MemberName(), StringValue(v)) + return + } + if isEventPayload(schema) { + s.Message.Payload = []byte(v) + s.contentType = "text/plain" + return + } + s.inner.WriteString(schema, v) +} + +// WriteBlob implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteBlob(schema *smithy.Schema, v []byte) { + if isEventHeader(schema) { + s.Message.Headers.Set(schema.MemberName(), BytesValue(v)) + return + } + if isEventPayload(schema) { + s.Message.Payload = v + s.contentType = "application/octet-stream" + return + } + s.inner.WriteBlob(schema, v) +} + +// WriteTime implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteTime(schema *smithy.Schema, v time.Time) { + if isEventHeader(schema) { + s.Message.Headers.Set(schema.MemberName(), TimestampValue(v)) + return + } + s.inner.WriteTime(schema, v) +} + +// WriteBigInt implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteBigInt(schema *smithy.Schema, v *big.Int) { + s.inner.WriteBigInt(schema, v) +} + +// WriteBigFloat implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteBigFloat(schema *smithy.Schema, v *big.Float) { + s.inner.WriteBigFloat(schema, v) +} + +// WriteStruct implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteStruct(schema *smithy.Schema) { + s.depth++ + if s.depth > 1 { + s.inner.WriteStruct(schema) + return + } + // At depth 1 (the event struct itself), start a JSON body if there are + // implicit body members (members without @eventHeader or @eventPayload). + for _, m := range schema.Members() { + if !isEventBound(m) { + s.inner.WriteStruct(schema) + s.hasBody = true + return + } + } +} + +// CloseStruct implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) CloseStruct() { + if s.depth > 1 || s.hasBody { + s.inner.CloseStruct() + } + if s.depth == 1 { + s.hasBody = false + } + s.depth-- +} + +// WriteUnion implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteUnion(schema, variant *smithy.Schema) { + s.inner.WriteUnion(schema, variant) +} + +// CloseUnion implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) CloseUnion() { + s.inner.CloseUnion() +} + +// WriteNil implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteNil(schema *smithy.Schema) { + s.inner.WriteNil(schema) +} + +// WriteList implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteList(schema *smithy.Schema) { + s.inner.WriteList(schema) +} + +// CloseList implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) CloseList() { + s.inner.CloseList() +} + +// WriteMap implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteMap(schema *smithy.Schema) { + s.inner.WriteMap(schema) +} + +// WriteKey implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteKey(schema *smithy.Schema, key string) { + s.inner.WriteKey(schema, key) +} + +// CloseMap implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) CloseMap() { + s.inner.CloseMap() +} + +// WriteDocument implements [smithy.ShapeSerializer]. +func (s *ShapeSerializer) WriteDocument(schema *smithy.Schema, v document.Value) { + s.inner.WriteDocument(schema, v) +} + +func isEventHeader(schema *smithy.Schema) bool { + _, ok := smithy.SchemaTrait[*traits.EventHeader](schema) + return ok +} + +func isEventPayload(schema *smithy.Schema) bool { + _, ok := smithy.SchemaTrait[*traits.EventPayload](schema) + return ok +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/signer.go b/vendor/github.com/aws/smithy-go/eventstream/signer.go new file mode 100644 index 0000000000..69f7779d80 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/signer.go @@ -0,0 +1,82 @@ +package eventstream + +import ( + "bytes" + "io" + "time" +) + +// MessageSigner signs event stream message header and payload byte pairs. +// Each invocation chains off the previous signature. +type MessageSigner interface { + SignMessage(headers, payload []byte, signingTime time.Time) ([]byte, error) +} + +// SigningWriter wraps an io.WriteCloser and signs each event stream message +// frame written to it. Each Write call MUST contain exactly one complete +// encoded event stream message frame. +// +// The signing writer wraps each incoming frame in an outer event stream +// message with :date and :chunk-signature headers, then encodes the outer +// message to the underlying writer. +// +// Close sends a signed empty message to signal end-of-stream, then closes +// the underlying writer. +type SigningWriter struct { + writer io.WriteCloser + signer MessageSigner + encoder *Encoder + + headersBuf bytes.Buffer +} + +// NewSigningWriter returns a SigningWriter that signs frames and writes them +// to w. +func NewSigningWriter(w io.WriteCloser, signer MessageSigner) *SigningWriter { + return &SigningWriter{ + writer: w, + signer: signer, + encoder: NewEncoder(), + } +} + +// Write signs a complete event stream message frame and writes the signed +// outer envelope to the underlying writer. +func (s *SigningWriter) Write(frame []byte) (int, error) { + if err := s.signAndWrite(frame); err != nil { + return 0, err + } + return len(frame), nil +} + +// Close sends a signed empty message to signal end-of-stream, then closes +// the underlying writer. +func (s *SigningWriter) Close() error { + if err := s.signAndWrite([]byte{}); err != nil { + _ = s.writer.Close() + return err + } + return s.writer.Close() +} + +func (s *SigningWriter) signAndWrite(payload []byte) error { + now := time.Now().UTC() + + var msg Message + msg.Headers.Set(DateHeader, TimestampValue(now)) + msg.Payload = payload + + s.headersBuf.Reset() + if err := EncodeHeaders(&s.headersBuf, msg.Headers); err != nil { + return err + } + + sig, err := s.signer.SignMessage(s.headersBuf.Bytes(), payload, now) + if err != nil { + return err + } + + msg.Headers.Set(ChunkSignatureHeader, BytesValue(sig)) + + return s.encoder.Encode(s.writer, msg) +} diff --git a/vendor/github.com/aws/smithy-go/eventstream/types.go b/vendor/github.com/aws/smithy-go/eventstream/types.go new file mode 100644 index 0000000000..4627bb2091 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/eventstream/types.go @@ -0,0 +1,26 @@ +package eventstream + +import "github.com/aws/smithy-go" + +// UnknownUnionMember is returned when a union member is returned over the +// wire, but has an unknown tag. +type UnknownUnionMember struct { + Tag string + Value []byte +} + +// Deserialize is a no-op. The raw bytes are already captured in Value. +func (*UnknownUnionMember) Deserialize(smithy.ShapeDeserializer) error { + return nil +} + +// UnknownMessageError provides an error when a message is received from the +// stream, but the reader is unable to determine what kind of message it is. +type UnknownMessageError struct { + Type string + Message *Message +} + +func (e *UnknownMessageError) Error() string { + return "unknown event stream message type, " + e.Type +} diff --git a/vendor/github.com/aws/smithy-go/go_module_metadata.go b/vendor/github.com/aws/smithy-go/go_module_metadata.go index dc9dfd0d86..c9230c669d 100644 --- a/vendor/github.com/aws/smithy-go/go_module_metadata.go +++ b/vendor/github.com/aws/smithy-go/go_module_metadata.go @@ -3,4 +3,4 @@ package smithy // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.24.2" +const goModuleVersion = "1.27.3" diff --git a/vendor/github.com/aws/smithy-go/schema.go b/vendor/github.com/aws/smithy-go/schema.go new file mode 100644 index 0000000000..6293d34b1e --- /dev/null +++ b/vendor/github.com/aws/smithy-go/schema.go @@ -0,0 +1,328 @@ +package smithy + +import ( + "fmt" + "strings" + "sync/atomic" + "unsafe" +) + +// ShapeType is a type of Smithy shape. +// See https://smithy.io/2.0/spec/idl.html#defining-shapes. +type ShapeType int + +// Enumerates ShapeType per the Smithy IDL. +const ( + ShapeTypeBlob ShapeType = iota + ShapeTypeBoolean + ShapeTypeString + ShapeTypeTimestamp + ShapeTypeByte + ShapeTypeShort + ShapeTypeInteger + ShapeTypeLong + ShapeTypeFloat + ShapeTypeDocument + ShapeTypeDouble + ShapeTypeBigDecimal + ShapeTypeBigInteger + ShapeTypeEnum + ShapeTypeIntEnum + ShapeTypeList + ShapeTypeSet + ShapeTypeMap + ShapeTypeStructure + ShapeTypeUnion + ShapeTypeMember + ShapeTypeService + ShapeTypeResource + ShapeTypeOperation +) + +// ShapeID fields of a Smithy shape ID. +type ShapeID struct { + Namespace, Name, Member string +} + +// String returns the IDL microformat for the shape ID. +func (s ShapeID) String() string { + if s.Member == "" { + return fmt.Sprintf("%s#%s", s.Namespace, s.Name) + } + return fmt.Sprintf("%s#%s$%s", s.Namespace, s.Name, s.Member) +} + +func stoid(s string) ShapeID { + ns, n, _ := strings.Cut(s, "#") + n, m, _ := strings.Cut(n, "$") + return ShapeID{ns, n, m} +} + +// Schema encodes information about a shape from a Smithy model. +// +// Generated clients use schemas at runtime to dynamically (de)serialize +// request/responses. +type Schema struct { + id ShapeID + typ ShapeType + members map[string]*Schema // member name -> schema + traits map[ShapeID]Trait // trait ID -> non-indexed traits only + indexed []Trait // indexed trait slots, sized to max index present + directMask uint64 // bitmask: bit i set means indexed[i] was declared directly on this schema + targetID ShapeID // for member schemas, the target's shape ID + + listMember *Schema + mapKey, mapValue *Schema + + ext [numExtensionSlots]unsafe.Pointer // lazily-computed codec extensions, accessed atomically +} + +// NewSchema creates a new Schema with the given shape ID and traits. +func NewSchema(id ShapeID, typ ShapeType, numMembers int, ts ...Trait) *Schema { + s := &Schema{ + id: id, + typ: typ, + members: make(map[string]*Schema, numMembers), + } + for _, t := range ts { + s.addTrait(t, true) + } + return s +} + +func (s *Schema) addTrait(t Trait, direct bool) { + if it, ok := t.(IndexableTrait); ok { + idx := it.TraitIndex() + if idx >= len(s.indexed) { + s.indexed = append(s.indexed, make([]Trait, idx-len(s.indexed)+1)...) + } + s.indexed[idx] = t + if direct { + s.directMask |= 1 << uint(idx) + } + return + } + + if s.traits == nil { + s.traits = map[ShapeID]Trait{} + } + s.traits[t.TraitID()] = t +} + +// AddMember adds a member to the schema derived from the target, with +// optional trait overrides. The member schema is returned for caller +// reference. +// +// The member schema's effective trait view (accessed via [SchemaTrait]) +// inherits all of the target's traits, then applies the overrides. The +// member's direct trait view (accessed via [SchemaDirectTrait]) contains +// only the overrides, i.e. the traits declared directly on the member. +func (s *Schema) AddMember(name string, target *Schema, ts ...Trait) *Schema { + m := &Schema{ + id: ShapeID{Member: name}, + typ: target.typ, + members: target.members, + indexed: cloneIndexed(target.indexed), + traits: cloneTraits(target.traits), + directMask: 0, // inherited traits are not direct + targetID: target.id, + listMember: target.listMember, + mapKey: target.mapKey, + mapValue: target.mapValue, + } + + // member-declared traits override and are direct + for _, t := range ts { + m.addTrait(t, true) + } + + s.members[name] = m + + // Invalidate cached extensions, schema structure changed. + for i := range s.ext { + atomic.StorePointer(&s.ext[i], nil) + } + + switch name { + case "member": + s.listMember = m + case "key": + s.mapKey = m + case "value": + s.mapValue = m + } + return m +} + +func cloneIndexed(src []Trait) []Trait { + if src == nil { + return nil + } + dst := make([]Trait, len(src)) + copy(dst, src) + return dst +} + +func cloneTraits(src map[ShapeID]Trait) map[ShapeID]Trait { + if src == nil { + return nil + } + dst := make(map[ShapeID]Trait, len(src)) + for k, v := range src { + dst[k] = v + } + return dst +} + +// ListMember returns the "member" schema for list types. +func (s *Schema) ListMember() *Schema { + return s.listMember +} + +// MapKey returns the "key" schema for map types. +func (s *Schema) MapKey() *Schema { + return s.mapKey +} + +// MapValue returns the "value" schema for map types. +func (s *Schema) MapValue() *Schema { + return s.mapValue +} + +// MemberName returns the member component of the schema's shape ID. +func (s *Schema) MemberName() string { + return s.id.Member +} + +// ID returns the shape ID of the schema. +func (s *Schema) ID() ShapeID { + return s.id +} + +// TargetID returns the shape ID of the member's target shape. +func (s *Schema) TargetID() ShapeID { + return s.targetID +} + +// Type returns the shape type of the schema. +func (s *Schema) Type() ShapeType { + return s.typ +} + +// Member returns the member schema for the given name, or nil. +func (s *Schema) Member(name string) *Schema { + return s.members[name] +} + +// Members returns the schema's members as a map of name to schema. +func (s *Schema) Members() map[string]*Schema { + return s.members +} + +// OperationSchema describes an operation, which is essentially its own schema +// with additional pointers to its input and output. +type OperationSchema struct { + *Schema + Input, Output *Schema + + inputStream, outputStream bool +} + +// NewOperationSchema returns an OperationSchema for (input, output). +func NewOperationSchema(op, input, output *Schema) *OperationSchema { + return &OperationSchema{ + Schema: op, + Input: input, + Output: output, + inputStream: isEventStream(input), + outputStream: isEventStream(output), + } +} + +// IsInputEventStream reports whether this is an input event stream. +func (s *OperationSchema) IsInputEventStream() bool { + return s.inputStream +} + +// IsOutputEventStream reports whether this is an output event stream. +func (s *OperationSchema) IsOutputEventStream() bool { + return s.outputStream +} + +// ServiceSchema describes a service shape. +type ServiceSchema struct { + *Schema + Version string +} + +// NewServiceSchema returns a ServiceSchema for the given service shape. +func NewServiceSchema(schema *Schema, version string) *ServiceSchema { + return &ServiceSchema{Schema: schema, Version: version} +} + +// SchemaTrait returns the target trait on the schema if it exists. +// +// For member schemas this returns the effective trait, which is the trait +// declared directly on the member if present, else the trait inherited from +// the target shape. +func SchemaTrait[T Trait](s *Schema) (T, bool) { + return schemaTrait[T](s, false) +} + +// SchemaDirectTrait returns the target trait on the schema if it was +// declared directly on the schema. +// +// For member schemas this returns the trait only if it was declared on the +// member itself, ignoring any trait inherited from the target shape. For +// non-member schemas this is equivalent to [SchemaTrait]. +func SchemaDirectTrait[T Trait](s *Schema) (T, bool) { + return schemaTrait[T](s, true) +} + +func schemaTrait[T Trait](s *Schema, directOnly bool) (T, bool) { + var zero T + + if s == nil { + return zero, false + } + + if it, ok := Trait(zero).(IndexableTrait); ok { + idx := it.TraitIndex() + if idx >= len(s.indexed) { + return zero, false + } + if directOnly && s.directMask&(1< indexStreaming && m.indexed[indexStreaming] != nil { + return true + } + } + return false +} diff --git a/vendor/github.com/aws/smithy-go/schema_ext.go b/vendor/github.com/aws/smithy-go/schema_ext.go new file mode 100644 index 0000000000..7503b30b80 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/schema_ext.go @@ -0,0 +1,37 @@ +package smithy + +import ( + "sync/atomic" + "unsafe" +) + +// ExtensionID identifies a schema extension slot. Each codec family +// (JSON, CBOR, etc.) uses a distinct slot to cache precomputed data. +type ExtensionID int + +const numExtensionSlots = 4 + +const ( + ExtJSON ExtensionID = iota // transport/http/protocol/internal/json + ExtCBOR // transport/http/protocol/internal/cbor + ExtXML // transport/http/protocol/internal/xml + ExtQuery // transport/http/protocol/internal/query +) + +// SchemaExtension retrieves or lazily computes the extension for the given +// slot. build is called on first access for a schema and the result is cached. +// The build function must return a pointer to an immutable value. +func SchemaExtension[T any](s *Schema, id ExtensionID, build func(*Schema) *T) *T { + p := atomic.LoadPointer(&s.ext[id]) + if p != nil { + return (*T)(p) + } + return computeSchemaExtension(s, id, build) +} + +//go:noinline +func computeSchemaExtension[T any](s *Schema, id ExtensionID, build func(*Schema) *T) *T { + v := build(s) + atomic.StorePointer(&s.ext[id], unsafe.Pointer(v)) + return v +} diff --git a/vendor/github.com/aws/smithy-go/serde.go b/vendor/github.com/aws/smithy-go/serde.go new file mode 100644 index 0000000000..a9effc5655 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/serde.go @@ -0,0 +1,229 @@ +package smithy + +import ( + "fmt" + "io" + "math/big" + "time" + + "github.com/aws/smithy-go/document" +) + +// ShapeSerializer implements the marshaling of an in-code representation of a +// shape to an unspecified data format, which is determined by the +// implementation. +// +// A ShapeSerializer is consumed by the **code-generated** Serialize() method +// of a modeled structure. For example: +// +// func (v *PutItemInput) Serialize(s smithy.ShapeSerializer) { +// s.WriteStruct(schemas.PutItemInput) +// v.SerializeMembers(s) +// s.CloseStruct() +// } +// +// func (v *PutItemInput) SerializeMembers(s smithy.ShapeSerializer) { +// if v.TableName != nil { +// s.WriteString(schemas.PutItemInput_TableName, *v.TableName) +// } +// if v.Item != nil { +// serializeAttributeMap(s, schemas.PutItemInput_Item, v.Item) +// } +// // ... +// } +type ShapeSerializer interface { + Bytes() []byte + + WriteInt8(*Schema, int8) + WriteInt16(*Schema, int16) + WriteInt32(*Schema, int32) + WriteInt64(*Schema, int64) + WriteFloat32(*Schema, float32) + WriteFloat64(*Schema, float64) + WriteBool(*Schema, bool) + WriteString(*Schema, string) + WriteBigInt(*Schema, *big.Int) + WriteBigFloat(*Schema, *big.Float) + WriteBlob(*Schema, []byte) + WriteTime(*Schema, time.Time) + + WriteUnion(schema, variant *Schema) + CloseUnion() + WriteDocument(*Schema, document.Value) + WriteNil(*Schema) + + WriteStruct(*Schema) + CloseStruct() + + WriteList(*Schema) + CloseList() + + WriteMap(*Schema) + WriteKey(*Schema, string) + CloseMap() +} + +// ShapeDeserializer implements the unmarshaling from some unspecified data +// format to an in-code representation of a shape, which is determined by the +// implementation. +type ShapeDeserializer interface { + ReadInt8(*Schema, *int8) error + ReadInt16(*Schema, *int16) error + ReadInt32(*Schema, *int32) error + ReadInt64(*Schema, *int64) error + ReadFloat32(*Schema, *float32) error + ReadFloat64(*Schema, *float64) error + ReadBool(*Schema, *bool) error + ReadString(*Schema, *string) error + ReadBlob(*Schema, *[]byte) error + ReadTime(*Schema, *time.Time) error + ReadBigInt(*Schema, *big.Int) error + ReadBigFloat(*Schema, *big.Float) error + ReadNil(*Schema) (bool, error) + + ReadStruct(*Schema) error + ReadStructMember() (*Schema, error) + + ReadUnion(*Schema) (*Schema, error) + ReadDocument(*Schema, *document.Value) error + + ReadList(*Schema) error + ReadListItem(*Schema) (hasMoreElements bool, err error) + + ReadMap(*Schema) error + ReadMapKey(*Schema) (key string, hasMoreElements bool, err error) +} + +// Serializable is an entity that can describe itself to a ShapeSerializer to +// be encoded to some format. +// +// Unlike the standard library marshaler interfaces, which idiomatically encode +// to []byte, the output format and data type here is not specified at all. +// This is because Smithy shapes need to encode to a variety of formats or data +// carriers. For example, HTTP-binding JSON protocols need to serialize some +// members to bytes (the HTTP request body) and others directly to fields on +// the HTTP request itself (e.g. headers). +type Serializable interface { + Serialize(ShapeSerializer) +} + +// StreamingInput is implemented by input types that have a streaming blob +// payload (an io.Reader member with @httpPayload + @streaming). +type StreamingInput interface { + GetPayloadStream() io.Reader +} + +// StreamingOutput is implemented by output types that have a streaming blob +// payload (an io.ReadCloser member with @httpPayload + @streaming). +type StreamingOutput interface { + SetPayloadStream(io.ReadCloser) +} + +// Deserializable is an entity that can unmarshal itself from a +// ShapeDeserializer. +type Deserializable interface { + Deserialize(ShapeDeserializer) error +} + +// DeserializableError is implemented by modeled error types for a service. +type DeserializableError interface { + Deserializable + error +} + +// ReadUnion is a utility API for generated clients. +func ReadUnion(d ShapeDeserializer, schema *Schema, memberFn func(*Schema) error) error { + ms, err := d.ReadUnion(schema) + if ms == nil || err != nil { + return err + } + + if err := memberFn(ms); err != nil { + return err + } + + for { + ms, err = d.ReadUnion(schema) + if err != nil { + return err + } + if ms == nil { + return nil + } + return fmt.Errorf("union has more than one non-nil member: %s", ms.MemberName()) + } +} + +// ReadStruct is a utility API for generated clients. +func ReadStruct(d ShapeDeserializer, schema *Schema, memberFn func(*Schema) error) error { + if err := d.ReadStruct(schema); err != nil { + return err + } + + for { + ms, err := d.ReadStructMember() + if err != nil { + return err + } + + if ms == nil { + return nil + } + + if err := memberFn(ms); err != nil { + return err + } + } +} + +// ReadList is a utility API for generated clients. +func ReadList(d ShapeDeserializer, schema *Schema, memberFn func() error) error { + if err := d.ReadList(schema); err != nil { + return err + } + + var memberSchema *Schema + if schema != nil { + memberSchema = schema.ListMember() + } + + for { + ok, err := d.ReadListItem(memberSchema) + if !ok { + return nil + } + if err != nil { + return err + } + + if err := memberFn(); err != nil { + return err + } + } +} + +// ReadMap is a utility API for generated clients. +func ReadMap(d ShapeDeserializer, schema *Schema, memberFn func(string) error) error { + if err := d.ReadMap(schema); err != nil { + return err + } + + var keySchema *Schema + if schema != nil { + keySchema = schema.MapKey() + } + + for { + k, ok, err := d.ReadMapKey(keySchema) + if !ok { + return nil + } + if err != nil { + return err + } + + if err := memberFn(k); err != nil { + return err + } + } +} diff --git a/vendor/github.com/aws/smithy-go/sync/error.go b/vendor/github.com/aws/smithy-go/sync/error.go new file mode 100644 index 0000000000..629207672b --- /dev/null +++ b/vendor/github.com/aws/smithy-go/sync/error.go @@ -0,0 +1,53 @@ +package sync + +import "sync" + +// OnceErr wraps the behavior of recording an error +// once and signal on a channel when this has occurred. +// Signaling is done by closing of the channel. +// +// Type is safe for concurrent usage. +type OnceErr struct { + mu sync.RWMutex + err error + ch chan struct{} +} + +// NewOnceErr return a new OnceErr +func NewOnceErr() *OnceErr { + return &OnceErr{ + ch: make(chan struct{}, 1), + } +} + +// Err acquires a read-lock and returns an +// error if one has been set. +func (e *OnceErr) Err() error { + e.mu.RLock() + err := e.err + e.mu.RUnlock() + + return err +} + +// SetError acquires a write-lock and will set +// the underlying error value if one has not been set. +func (e *OnceErr) SetError(err error) { + if err == nil { + return + } + + e.mu.Lock() + if e.err == nil { + e.err = err + close(e.ch) + } + e.mu.Unlock() +} + +// ErrorSet returns a channel that will be used to signal +// that an error has been set. This channel will be closed +// when the error value has been set for OnceErr. +func (e *OnceErr) ErrorSet() <-chan struct{} { + return e.ch +} diff --git a/vendor/github.com/aws/smithy-go/trait.go b/vendor/github.com/aws/smithy-go/trait.go new file mode 100644 index 0000000000..a45db96c07 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/trait.go @@ -0,0 +1,21 @@ +package smithy + +// Trait represents a trait applied to a shape in a Smithy model. Traits +// related to (de)serialization are included in code-generated Schemas for the +// client. +type Trait interface { + TraitID() ShapeID +} + +// IndexableTrait is optionally implemented by Trait values that have a +// reserved index in Schema's indexed trait slice. All traits defined in the +// traits package implement this interface. +// +// You SHOULD NOT implement this outside of a smithy-go trait unless you know +// what you are doing. If you implement this and return a value that collides +// with one of the primary serde-based indexed traits (see index.go) you will +// probably break something. +type IndexableTrait interface { + Trait + TraitIndex() int +} diff --git a/vendor/github.com/aws/smithy-go/traits/http.go b/vendor/github.com/aws/smithy-go/traits/http.go new file mode 100644 index 0000000000..b06e9fed14 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/traits/http.go @@ -0,0 +1,69 @@ +package traits + +import smithy "github.com/aws/smithy-go" + +// HTTPHeader represents smithy.api#httpHeader. +type HTTPHeader struct { + Name string +} + +// TraitID identifies the trait. +func (*HTTPHeader) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "httpHeader"} } + +// HTTPLabel represents smithy.api#httpLabel. +type HTTPLabel struct{} + +// TraitID identifies the trait. +func (*HTTPLabel) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "httpLabel"} } + +// HTTPPayload represents smithy.api#httpPayload. +type HTTPPayload struct{} + +// TraitID identifies the trait. +func (*HTTPPayload) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "httpPayload"} } + +// HTTPPrefixHeaders represents smithy.api#httpPrefixHeaders. +type HTTPPrefixHeaders struct { + Prefix string +} + +// TraitID identifies the trait. +func (*HTTPPrefixHeaders) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "httpPrefixHeaders"} } + +// HTTPQuery represents smithy.api#httpQuery. +type HTTPQuery struct { + Name string +} + +// TraitID identifies the trait. +func (*HTTPQuery) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "httpQuery"} } + +// HTTPQueryParams represents smithy.api#httpQueryParams. +type HTTPQueryParams struct{} + +// TraitID identifies the trait. +func (*HTTPQueryParams) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "httpQueryParams"} } + +// HTTPResponseCode represents smithy.api#httpResponseCode. +type HTTPResponseCode struct{} + +// TraitID identifies the trait. +func (*HTTPResponseCode) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "httpResponseCode"} } + +// HTTP represents smithy.api#http. +type HTTP struct { + Method string + URI string + Code int +} + +// TraitID identifies the trait. +func (*HTTP) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "http"} } + +// HTTPError represents smithy.api#httpError. +type HTTPError struct { + Code int +} + +// TraitID identifies the trait. +func (*HTTPError) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "httpError"} } diff --git a/vendor/github.com/aws/smithy-go/traits/index.go b/vendor/github.com/aws/smithy-go/traits/index.go new file mode 100644 index 0000000000..47733afc6b --- /dev/null +++ b/vendor/github.com/aws/smithy-go/traits/index.go @@ -0,0 +1,107 @@ +package traits + +// Trait index constants, ordered by frequency of occurrence across AWS API +// models. Lower indices are assigned to more common traits so that the +// per-schema indexed slice stays small. +const ( + indexJSONName = iota + indexHTTP + indexHTTPLabel + indexXMLName + indexHTTPQuery + indexEC2QueryName + indexHTTPError + indexHTTPHeader + indexSensitive + indexAWSQueryError + indexTimestampFormat + indexHTTPPayload + indexContextParam + indexHTTPResponseCode + indexHostLabel + indexXMLNamespace + indexXMLFlattened + indexStreaming + indexMediaType + indexHTTPQueryParams + indexEventPayload + indexHTTPPrefixHeaders + indexEventHeader + indexXMLAttribute + indexUnitShape +) + +// TraitIndex implements [smithy.IndexableTrait]. +func (*JSONName) TraitIndex() int { return indexJSONName } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HTTP) TraitIndex() int { return indexHTTP } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HTTPLabel) TraitIndex() int { return indexHTTPLabel } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*XMLName) TraitIndex() int { return indexXMLName } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HTTPQuery) TraitIndex() int { return indexHTTPQuery } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*EC2QueryName) TraitIndex() int { return indexEC2QueryName } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HTTPError) TraitIndex() int { return indexHTTPError } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HTTPHeader) TraitIndex() int { return indexHTTPHeader } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*Sensitive) TraitIndex() int { return indexSensitive } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*AWSQueryError) TraitIndex() int { return indexAWSQueryError } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*TimestampFormat) TraitIndex() int { return indexTimestampFormat } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HTTPPayload) TraitIndex() int { return indexHTTPPayload } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*ContextParam) TraitIndex() int { return indexContextParam } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HTTPResponseCode) TraitIndex() int { return indexHTTPResponseCode } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HostLabel) TraitIndex() int { return indexHostLabel } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*XMLNamespace) TraitIndex() int { return indexXMLNamespace } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*XMLFlattened) TraitIndex() int { return indexXMLFlattened } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*Streaming) TraitIndex() int { return indexStreaming } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*MediaType) TraitIndex() int { return indexMediaType } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HTTPQueryParams) TraitIndex() int { return indexHTTPQueryParams } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*EventPayload) TraitIndex() int { return indexEventPayload } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*HTTPPrefixHeaders) TraitIndex() int { return indexHTTPPrefixHeaders } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*EventHeader) TraitIndex() int { return indexEventHeader } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*XMLAttribute) TraitIndex() int { return indexXMLAttribute } + +// TraitIndex implements [smithy.IndexableTrait]. +func (*UnitShape) TraitIndex() int { return indexUnitShape } diff --git a/vendor/github.com/aws/smithy-go/traits/serde.go b/vendor/github.com/aws/smithy-go/traits/serde.go new file mode 100644 index 0000000000..25b7f0dd33 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/traits/serde.go @@ -0,0 +1,56 @@ +package traits + +import smithy "github.com/aws/smithy-go" + +// JSONName represents smithy.api#jsonName. +type JSONName struct { + Name string +} + +// TraitID identifies the trait. +func (*JSONName) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "jsonName"} } + +// MediaType represents smithy.api#mediaType. +type MediaType struct { + Type string +} + +// TraitID identifies the trait. +func (*MediaType) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "mediaType"} } + +// TimestampFormat represents smithy.api#timestampFormat. +type TimestampFormat struct { + Format string +} + +// TraitID identifies the trait. +func (*TimestampFormat) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "timestampFormat"} } + +// XMLAttribute represents smithy.api#xmlAttribute. +type XMLAttribute struct{} + +// TraitID identifies the trait. +func (*XMLAttribute) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "xmlAttribute"} } + +// XMLFlattened represents smithy.api#xmlFlattened. +type XMLFlattened struct{} + +// TraitID identifies the trait. +func (*XMLFlattened) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "xmlFlattened"} } + +// XMLName represents smithy.api#xmlName. +type XMLName struct { + Name string +} + +// TraitID identifies the trait. +func (*XMLName) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "xmlName"} } + +// XMLNamespace represents smithy.api#xmlNamespace. +type XMLNamespace struct { + URI string + Prefix string +} + +// TraitID identifies the trait. +func (*XMLNamespace) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "xmlNamespace"} } diff --git a/vendor/github.com/aws/smithy-go/traits/traits.go b/vendor/github.com/aws/smithy-go/traits/traits.go new file mode 100644 index 0000000000..599be4e54e --- /dev/null +++ b/vendor/github.com/aws/smithy-go/traits/traits.go @@ -0,0 +1,72 @@ +// Package traits defines representations of Smithy IDL traits that appear in +// code-generated schemas. +package traits + +import smithy "github.com/aws/smithy-go" + +// Sensitive represents smithy.api#sensitive. +type Sensitive struct{} + +// TraitID identifies the trait. +func (*Sensitive) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "sensitive"} } + +// EventHeader represents smithy.api#eventHeader. +type EventHeader struct{} + +// TraitID identifies the trait. +func (*EventHeader) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "eventHeader"} } + +// EventPayload represents smithy.api#eventPayload. +type EventPayload struct{} + +// TraitID identifies the trait. +func (*EventPayload) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "eventPayload"} } + +// Streaming represents smithy.api#streaming. +type Streaming struct{} + +// TraitID identifies the trait. +func (*Streaming) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "streaming"} } + +// HostLabel represents smithy.api#hostLabel. +type HostLabel struct{} + +// TraitID identifies the trait. +func (*HostLabel) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.api", Name: "hostLabel"} } + +// ContextParam represents smithy.rules#contextParam. +type ContextParam struct{} + +// TraitID identifies the trait. +func (*ContextParam) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.rules", Name: "contextParam"} } + +// AWSQueryError represents aws.protocols#awsQueryError. +type AWSQueryError struct { + ErrorCode string + StatusCode int +} + +// TraitID identifies the trait. +func (*AWSQueryError) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "aws.protocols", Name: "awsQueryError"} } + +// EC2QueryName represents aws.protocols#ec2QueryName. +type EC2QueryName struct { + Name string +} + +// TraitID identifies the trait. +func (*EC2QueryName) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "aws.protocols", Name: "ec2QueryName"} } + +// AWSQueryCompatible represents aws.protocols#awsQueryCompatible. +type AWSQueryCompatible struct{} + +// TraitID identifies the trait. +func (*AWSQueryCompatible) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "aws.protocols", Name: "awsQueryCompatible"} } + +// UnitShape is a synthetic trait applied to input/output shapes that were +// backfilled from Unit. It indicates the shape has no defined members and +// should be treated as absent for protocol serialization purposes. +type UnitShape struct{} + +// TraitID identifies the trait. +func (*UnitShape) TraitID() smithy.ShapeID { return smithy.ShapeID{Namespace: "smithy.go", Name: "unitShape"} } diff --git a/vendor/github.com/aws/smithy-go/transport/http/auth.go b/vendor/github.com/aws/smithy-go/transport/http/auth.go index 58e1ab5ef8..5b5adad0b4 100644 --- a/vendor/github.com/aws/smithy-go/transport/http/auth.go +++ b/vendor/github.com/aws/smithy-go/transport/http/auth.go @@ -5,6 +5,7 @@ import ( smithy "github.com/aws/smithy-go" "github.com/aws/smithy-go/auth" + "github.com/aws/smithy-go/eventstream" ) // AuthScheme defines an HTTP authentication scheme. @@ -19,3 +20,11 @@ type AuthScheme interface { type Signer interface { SignRequest(context.Context, *Request, auth.Identity, smithy.Properties) error } + +// EventStreamSigner is an optional interface that a [Signer] can implement to +// support signing of event stream messages. If the resolved auth scheme's +// signer implements this interface, the event stream middleware will use it to +// wrap the outbound message stream with a signing layer. +type EventStreamSigner interface { + NewMessageSigner(ctx context.Context, r *Request, identity auth.Identity, props smithy.Properties) (eventstream.MessageSigner, error) +} diff --git a/vendor/github.com/aws/smithy-go/transport/http/eventstream.go b/vendor/github.com/aws/smithy-go/transport/http/eventstream.go new file mode 100644 index 0000000000..251db8ac35 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/transport/http/eventstream.go @@ -0,0 +1,209 @@ +package http + +import ( + "context" + "fmt" + "io" + "sync" + + "github.com/aws/smithy-go" + smithysync "github.com/aws/smithy-go/sync" +) + +// EventStreamWriter writes events to a stream using a ClientProtocol. +// +// The writer manages a background goroutine that facilitates the write loop. +// Calls to Send() on a writer will block until the message has been written. +// +// The writer doesn't know anything about signing. If event stream messages are +// getting signed by the client then the underlying io.Writer has already been +// wrapped to handle that at this point. +type EventStreamWriter struct { + protocol ClientProtocol + schema *smithy.Schema + + eventStream io.WriteCloser + stream chan singleflight + done chan struct{} + err *smithysync.OnceErr + + closeOnce sync.Once +} + +// we send one message at a time, the underlying write loop marshals these into +// the writer and reports back any error to the error channel +type singleflight struct { + variant *smithy.Schema + event smithy.Serializable + errCh chan<- error +} + +// NewEventStreamWriter returns an EventStreamWriter for the given schema. +func NewEventStreamWriter(protocol ClientProtocol, schema *smithy.Schema, stream io.WriteCloser) *EventStreamWriter { + w := &EventStreamWriter{ + protocol: protocol, + schema: schema, + + eventStream: stream, + stream: make(chan singleflight), + done: make(chan struct{}), + err: smithysync.NewOnceErr(), + } + + go w.writeStream() + + return w +} + +func (w *EventStreamWriter) writeStream() { + defer w.Close() + + for { + select { + case ev := <-w.stream: + err := w.protocol.SerializeEventMessage(w.schema, ev.variant, ev.event, w.eventStream) + if err != nil { + w.err.SetError(err) + } + ev.errCh <- err + case <-w.done: + return + } + } +} + +// Send writes a single event to the stream. +func (w *EventStreamWriter) Send(ctx context.Context, variant *smithy.Schema, event smithy.Serializable) error { + if err := w.err.Err(); err != nil { + return err + } + + errCh := make(chan error, 1) + select { + case w.stream <- singleflight{variant, event, errCh}: + case <-ctx.Done(): + return ctx.Err() + case <-w.done: + return fmt.Errorf("stream closed, unable to send event") + } + + select { + case err := <-errCh: + return err + case <-ctx.Done(): + return ctx.Err() + case <-w.done: + return fmt.Errorf("stream closed, unable to send event") + } +} + +// Close signals end-of-stream and closes the underlying writer. Close is +// safe for concurrent calls. +func (w *EventStreamWriter) Close() error { + w.closeOnce.Do(func() { + close(w.done) + w.err.SetError(w.eventStream.Close()) + }) + return w.err.Err() +} + +// Err returns the first error encountered during writing. +func (w *EventStreamWriter) Err() error { + return w.err.Err() +} + +// ErrorSet returns a channel that is closed when an error occurs. +func (w *EventStreamWriter) ErrorSet() <-chan struct{} { + return w.err.ErrorSet() +} + +// EventStreamReader reads events from a stream using a ClientProtocol. +type EventStreamReader struct { + protocol ClientProtocol + schema *smithy.Schema + types *smithy.TypeRegistry + + eventStream io.ReadCloser + stream chan smithy.Deserializable + done chan struct{} + err *smithysync.OnceErr + + closeOnce sync.Once +} + +// NewEventStreamReader returns an EventStreamReader that deserializes events +// through the given protocol from r. The schema is the event stream union +// schema. +func NewEventStreamReader(protocol ClientProtocol, schema *smithy.Schema, types *smithy.TypeRegistry, stream io.ReadCloser) *EventStreamReader { + r := &EventStreamReader{ + protocol: protocol, + schema: schema, + types: types, + + eventStream: stream, + stream: make(chan smithy.Deserializable), + done: make(chan struct{}), + err: smithysync.NewOnceErr(), + } + + go r.readEventStream() + + return r +} + +func (r *EventStreamReader) readEventStream() { + defer r.Close() + defer close(r.stream) + + for { + event, err := r.protocol.DeserializeEventMessage(r.schema, r.types, r.eventStream) + if err != nil { + if err == io.EOF { + return + } + select { + case <-r.done: + return + default: + r.err.SetError(err) + return + } + } + + select { + case r.stream <- event: + case <-r.done: + return + } + } +} + +// Events returns the channel from which deserialized events can be read. +func (r *EventStreamReader) Events() <-chan smithy.Deserializable { + return r.stream +} + +// Close stops the reader and releases the underlying stream. Close is safe +// for concurrent calls. +func (r *EventStreamReader) Close() error { + r.closeOnce.Do(func() { + close(r.done) + r.eventStream.Close() + }) + return r.err.Err() +} + +// Err returns the first error encountered during reading. +func (r *EventStreamReader) Err() error { + return r.err.Err() +} + +// ErrorSet returns a channel that is closed when an error occurs. +func (r *EventStreamReader) ErrorSet() <-chan struct{} { + return r.err.ErrorSet() +} + +// Closed returns a channel that is closed when the reader is closed. +func (r *EventStreamReader) Closed() <-chan struct{} { + return r.done +} diff --git a/vendor/github.com/aws/smithy-go/transport/http/eventstream_middleware.go b/vendor/github.com/aws/smithy-go/transport/http/eventstream_middleware.go new file mode 100644 index 0000000000..f7d60dc76a --- /dev/null +++ b/vendor/github.com/aws/smithy-go/transport/http/eventstream_middleware.go @@ -0,0 +1,69 @@ +package http + +import ( + "context" + "fmt" + "io" + + "github.com/aws/smithy-go/middleware" +) + +type eventStreamWriterKey struct{} + +// GetInputStreamWriter returns the io.WriteCloser pipe used for the +// operation's input event stream. +func GetInputStreamWriter(ctx context.Context) io.WriteCloser { + writeCloser, _ := middleware.GetStackValue(ctx, eventStreamWriterKey{}).(io.WriteCloser) + return writeCloser +} + +func setInputStreamWriter(ctx context.Context, writeCloser io.WriteCloser) context.Context { + return middleware.WithStackValue(ctx, eventStreamWriterKey{}, writeCloser) +} + +// InitializeStreamWriter is a Finalize middleware that creates an in-memory +// pipe and sets it as the HTTP request body so event stream messages can be +// written after the request is sent. +type InitializeStreamWriter struct{} + +// AddInitializeStreamWriter adds the InitializeStreamWriter middleware to the +// provided stack. +func AddInitializeStreamWriter(stack *middleware.Stack) error { + return stack.Finalize.Add(&InitializeStreamWriter{}, middleware.After) +} + +// ID returns the identifier for the middleware. +func (i *InitializeStreamWriter) ID() string { + return "InitializeStreamWriter" +} + +// HandleFinalize is the middleware implementation. +func (i *InitializeStreamWriter) HandleFinalize( + ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, +) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, +) { + request, ok := in.Request.(*Request) + if !ok { + return out, metadata, fmt.Errorf("unknown transport type: %T", in.Request) + } + + inputReader, inputWriter := io.Pipe() + defer func() { + if err == nil { + return + } + _ = inputReader.Close() + _ = inputWriter.Close() + }() + + request, err = request.SetStream(inputReader) + if err != nil { + return out, metadata, err + } + in.Request = request + + ctx = setInputStreamWriter(ctx, inputWriter) + + return next.HandleFinalize(ctx, in) +} diff --git a/vendor/github.com/aws/smithy-go/transport/http/host.go b/vendor/github.com/aws/smithy-go/transport/http/host.go index db9801bea5..b504a455da 100644 --- a/vendor/github.com/aws/smithy-go/transport/http/host.go +++ b/vendor/github.com/aws/smithy-go/transport/http/host.go @@ -69,7 +69,7 @@ func ValidPortNumber(port string) bool { return true } -// ValidHostLabel returns whether the label is a valid RFC 3986 host label. +// ValidHostLabel returns whether the label is a valid RFC 952/1123 host label. func ValidHostLabel(label string) bool { if l := len(label); l == 0 || l > 63 { return false diff --git a/vendor/github.com/aws/smithy-go/transport/http/protocol.go b/vendor/github.com/aws/smithy-go/transport/http/protocol.go new file mode 100644 index 0000000000..80fc9e6f99 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/transport/http/protocol.go @@ -0,0 +1,27 @@ +package http + +import ( + "context" + "io" + + "github.com/aws/smithy-go" +) + +// ClientProtocol defines the interface through which client-side operation +// request/responses are (de)serialized across the wire. +// +// While a caller CAN define their own protocol, it is almost never necessary +// to do so. In practice, a generated client will utilize one of the predefined +// protocols implemented as part of the Smithy client runtime. +type ClientProtocol interface { + ID() smithy.ShapeID + SerializeRequest(context.Context, *smithy.OperationSchema, smithy.Serializable, *Request) error + DeserializeResponse(ctx context.Context, schema *smithy.OperationSchema, types *smithy.TypeRegistry, resp *Response, out smithy.Deserializable) error + + // event stream APIs + HasInitialEventMessage() bool + SerializeEventMessage(schema, variant *smithy.Schema, v smithy.Serializable, w io.Writer) error + DeserializeEventMessage(schema *smithy.Schema, types *smithy.TypeRegistry, r io.Reader) (smithy.Deserializable, error) + SerializeInitialRequest(schema *smithy.Schema, v smithy.Serializable, w io.Writer) error + DeserializeInitialResponse(schema *smithy.Schema, r io.Reader, out smithy.Deserializable) error +} diff --git a/vendor/github.com/aws/smithy-go/type_registry.go b/vendor/github.com/aws/smithy-go/type_registry.go new file mode 100644 index 0000000000..3c4e02a185 --- /dev/null +++ b/vendor/github.com/aws/smithy-go/type_registry.go @@ -0,0 +1,70 @@ +package smithy + +import ( + "strings" +) + +// TypeRegistry creates an instance of a type based on its Smithy IDL shape ID. +// +// Generated clients have an exported package-level registry (named +// TypeRegistry) that holds all structure types for the service. +type TypeRegistry struct { + Entries map[string]*TypeRegistryEntry +} + +// RegistryEntry creates a type registry entry. +func RegistryEntry[T any](schema *Schema) *TypeRegistryEntry { + return &TypeRegistryEntry{ + Schema: schema, + New: func() any { + return new(T) + }, + } +} + +// DeserializableError provides an instance of a deserializable error structure +// for a given shape ID. +// +// The ID is given as a string here since this will be called in a context where +// a shape ID is a discriminator read in from some wire payload. +func (t *TypeRegistry) DeserializableError(id string) (DeserializableError, bool) { + return typeRegistryLookup[DeserializableError](t, id) +} + +// LookupEntry returns the registry entry for the given shape ID. +func (t *TypeRegistry) LookupEntry(id string) (*TypeRegistryEntry, bool) { + entry, ok := t.Entries[id] + if !ok { + entry, ok = t.lookupShortName(id) + } + return entry, ok +} + +// TypeRegistryEntry holds the schema and constructor for a registered shape. +type TypeRegistryEntry struct { + Schema *Schema + New func() any +} + +func (t *TypeRegistry) lookupShortName(id string) (*TypeRegistryEntry, bool) { + for key, e := range t.Entries { + if idx := strings.Index(key, "#"); idx != -1 && key[idx+1:] == id { + return e, true + } + } + return nil, false +} + +func typeRegistryLookup[T any](t *TypeRegistry, id string) (T, bool) { + entry, ok := t.Entries[id] + if !ok { + entry, ok = t.lookupShortName(id) + } + if !ok { + var v T + return v, false + } + + v, ok := entry.New().(T) + return v, ok +} diff --git a/vendor/github.com/buildkite/agent/v3/version/VERSION b/vendor/github.com/buildkite/agent/v3/version/VERSION index 93213a28f7..7b873d8300 100644 --- a/vendor/github.com/buildkite/agent/v3/version/VERSION +++ b/vendor/github.com/buildkite/agent/v3/version/VERSION @@ -1 +1 @@ -3.121.0 +3.121.1 diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE b/vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/build.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/build.go deleted file mode 100644 index a9e1b72ba7..0000000000 --- a/vendor/github.com/containerd/stargz-snapshotter/estargz/build.go +++ /dev/null @@ -1,756 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -/* - Copyright 2019 The Go Authors. All rights reserved. - Use of this source code is governed by a BSD-style - license that can be found in the LICENSE file. -*/ - -package estargz - -import ( - "archive/tar" - "bytes" - "compress/gzip" - "context" - "errors" - "fmt" - "io" - "os" - "path" - "runtime" - "strings" - "sync" - "sync/atomic" - - "github.com/containerd/stargz-snapshotter/estargz/errorutil" - "github.com/klauspost/compress/zstd" - digest "github.com/opencontainers/go-digest" - "golang.org/x/sync/errgroup" -) - -type GzipHelperFunc func(io.Reader) (io.ReadCloser, error) - -type options struct { - chunkSize int - compressionLevel int - prioritizedFiles []string - missedPrioritizedFiles *[]string - compression Compression - ctx context.Context - minChunkSize int - gzipHelperFunc GzipHelperFunc -} - -type Option func(o *options) error - -// WithChunkSize option specifies the chunk size of eStargz blob to build. -func WithChunkSize(chunkSize int) Option { - return func(o *options) error { - o.chunkSize = chunkSize - return nil - } -} - -// WithCompressionLevel option specifies the gzip compression level. -// The default is gzip.BestCompression. -// This option will be ignored if WithCompression option is used. -// See also: https://godoc.org/compress/gzip#pkg-constants -func WithCompressionLevel(level int) Option { - return func(o *options) error { - o.compressionLevel = level - return nil - } -} - -// WithPrioritizedFiles option specifies the list of prioritized files. -// These files must be complete paths that are absolute or relative to "/" -// For example, all of "foo/bar", "/foo/bar", "./foo/bar" and "../foo/bar" -// are treated as "/foo/bar". -func WithPrioritizedFiles(files []string) Option { - return func(o *options) error { - o.prioritizedFiles = files - return nil - } -} - -// WithAllowPrioritizeNotFound makes Build continue the execution even if some -// of prioritized files specified by WithPrioritizedFiles option aren't found -// in the input tar. Instead, this records all missed file names to the passed -// slice. -func WithAllowPrioritizeNotFound(missedFiles *[]string) Option { - return func(o *options) error { - if missedFiles == nil { - return fmt.Errorf("WithAllowPrioritizeNotFound: slice must be passed") - } - o.missedPrioritizedFiles = missedFiles - return nil - } -} - -// WithCompression specifies compression algorithm to be used. -// Default is gzip. -func WithCompression(compression Compression) Option { - return func(o *options) error { - o.compression = compression - return nil - } -} - -// WithContext specifies a context that can be used for clean canceleration. -func WithContext(ctx context.Context) Option { - return func(o *options) error { - o.ctx = ctx - return nil - } -} - -// WithMinChunkSize option specifies the minimal number of bytes of data -// must be written in one gzip stream. -// By increasing this number, one gzip stream can contain multiple files -// and it hopefully leads to smaller result blob. -// NOTE: This adds a TOC property that old reader doesn't understand. -func WithMinChunkSize(minChunkSize int) Option { - return func(o *options) error { - o.minChunkSize = minChunkSize - return nil - } -} - -// WithGzipHelperFunc option specifies a custom function to decompress gzip-compressed layers. -// When a gzip-compressed layer is detected, this function will be used instead of the -// Go standard library gzip decompression for better performance. -// The function should take an io.Reader as input and return an io.ReadCloser. -// If nil, the Go standard library gzip.NewReader will be used. -func WithGzipHelperFunc(gzipHelperFunc GzipHelperFunc) Option { - return func(o *options) error { - o.gzipHelperFunc = gzipHelperFunc - return nil - } -} - -// Blob is an eStargz blob. -type Blob struct { - io.ReadCloser - diffID digest.Digester - tocDigest digest.Digest - readCompleted *atomic.Bool - uncompressedSize *atomic.Int64 -} - -// DiffID returns the digest of uncompressed blob. -// It is only valid to call DiffID after Close. -func (b *Blob) DiffID() digest.Digest { - return b.diffID.Digest() -} - -// TOCDigest returns the digest of uncompressed TOC JSON. -func (b *Blob) TOCDigest() digest.Digest { - return b.tocDigest -} - -// UncompressedSize returns the size of uncompressed blob. -// UncompressedSize should only be called after the blob has been fully read. -func (b *Blob) UncompressedSize() (int64, error) { - switch { - case b.uncompressedSize == nil || b.readCompleted == nil: - return -1, fmt.Errorf("readCompleted or uncompressedSize is not initialized") - case !b.readCompleted.Load(): - return -1, fmt.Errorf("called UncompressedSize before the blob has been fully read") - default: - return b.uncompressedSize.Load(), nil - } -} - -// Build builds an eStargz blob which is an extended version of stargz, from a blob (gzip, zstd -// or plain tar) passed through the argument. If there are some prioritized files are listed in -// the option, these files are grouped as "prioritized" and can be used for runtime optimization -// (e.g. prefetch). This function builds a blob in parallel, with dividing that blob into several -// (at least the number of runtime.GOMAXPROCS(0)) sub-blobs. -func Build(tarBlob *io.SectionReader, opt ...Option) (_ *Blob, rErr error) { - var opts options - opts.compressionLevel = gzip.BestCompression // BestCompression by default - for _, o := range opt { - if err := o(&opts); err != nil { - return nil, err - } - } - if opts.compression == nil { - opts.compression = newGzipCompressionWithLevel(opts.compressionLevel) - } - layerFiles := newTempFiles() - ctx := opts.ctx - if ctx == nil { - ctx = context.Background() - } - done := make(chan struct{}) - defer close(done) - go func() { - select { - case <-done: - // nop - case <-ctx.Done(): - layerFiles.CleanupAll() - } - }() - defer func() { - if rErr != nil { - if err := layerFiles.CleanupAll(); err != nil { - rErr = fmt.Errorf("failed to cleanup tmp files: %v: %w", err, rErr) - } - } - if cErr := ctx.Err(); cErr != nil { - rErr = fmt.Errorf("error from context %q: %w", cErr, rErr) - } - }() - tarBlob, err := decompressBlob(tarBlob, layerFiles, opts.gzipHelperFunc) - if err != nil { - return nil, err - } - entries, err := sortEntries(tarBlob, opts.prioritizedFiles, opts.missedPrioritizedFiles) - if err != nil { - return nil, err - } - var tarParts [][]*entry - if opts.minChunkSize > 0 { - // Each entry needs to know the size of the current gzip stream so they - // cannot be processed in parallel. - tarParts = [][]*entry{entries} - } else { - tarParts = divideEntries(entries, runtime.GOMAXPROCS(0)) - } - writers := make([]*Writer, len(tarParts)) - payloads := make([]*os.File, len(tarParts)) - var mu sync.Mutex - var eg errgroup.Group - for i, parts := range tarParts { - i, parts := i, parts - // builds verifiable stargz sub-blobs - eg.Go(func() error { - esgzFile, err := layerFiles.TempFile("", "esgzdata") - if err != nil { - return err - } - sw := NewWriterWithCompressor(esgzFile, opts.compression) - sw.ChunkSize = opts.chunkSize - sw.MinChunkSize = opts.minChunkSize - if sw.needsOpenGzEntries == nil { - sw.needsOpenGzEntries = make(map[string]struct{}) - } - for _, f := range []string{PrefetchLandmark, NoPrefetchLandmark} { - sw.needsOpenGzEntries[f] = struct{}{} - } - if err := sw.AppendTar(readerFromEntries(parts...)); err != nil { - return err - } - mu.Lock() - writers[i] = sw - payloads[i] = esgzFile - mu.Unlock() - return nil - }) - } - if err := eg.Wait(); err != nil { - rErr = err - return nil, err - } - tocAndFooter, tocDgst, err := closeWithCombine(writers...) - if err != nil { - rErr = err - return nil, err - } - var rs []io.Reader - for _, p := range payloads { - fs, err := fileSectionReader(p) - if err != nil { - return nil, err - } - rs = append(rs, fs) - } - diffID := digest.Canonical.Digester() - pr, pw := io.Pipe() - readCompleted := new(atomic.Bool) - uncompressedSize := new(atomic.Int64) - go func() { - var size int64 - var decompressFunc func(io.Reader) (io.ReadCloser, error) - if _, ok := opts.compression.(*gzipCompression); ok && opts.gzipHelperFunc != nil { - decompressFunc = opts.gzipHelperFunc - } else { - decompressFunc = opts.compression.Reader - } - decompressR, err := decompressFunc(io.TeeReader(io.MultiReader(append(rs, tocAndFooter)...), pw)) - if err != nil { - pw.CloseWithError(err) - return - } - defer decompressR.Close() - if size, err = io.Copy(diffID.Hash(), decompressR); err != nil { - pw.CloseWithError(err) - return - } - uncompressedSize.Store(size) - readCompleted.Store(true) - pw.Close() - }() - return &Blob{ - ReadCloser: readCloser{ - Reader: pr, - closeFunc: layerFiles.CleanupAll, - }, - tocDigest: tocDgst, - diffID: diffID, - readCompleted: readCompleted, - uncompressedSize: uncompressedSize, - }, nil -} - -// closeWithCombine takes unclosed Writers and close them. This also returns the -// toc that combined all Writers into. -// Writers doesn't write TOC and footer to the underlying writers so they can be -// combined into a single eStargz and tocAndFooter returned by this function can -// be appended at the tail of that combined blob. -func closeWithCombine(ws ...*Writer) (tocAndFooterR io.Reader, tocDgst digest.Digest, err error) { - if len(ws) == 0 { - return nil, "", fmt.Errorf("at least one writer must be passed") - } - for _, w := range ws { - if w.closed { - return nil, "", fmt.Errorf("writer must be unclosed") - } - defer func(w *Writer) { w.closed = true }(w) - if err := w.closeGz(); err != nil { - return nil, "", err - } - if err := w.bw.Flush(); err != nil { - return nil, "", err - } - } - var ( - mtoc = new(JTOC) - currentOffset int64 - ) - mtoc.Version = ws[0].toc.Version - for _, w := range ws { - for _, e := range w.toc.Entries { - // Recalculate Offset of non-empty files/chunks - if (e.Type == "reg" && e.Size > 0) || e.Type == "chunk" { - e.Offset += currentOffset - } - mtoc.Entries = append(mtoc.Entries, e) - } - if w.toc.Version > mtoc.Version { - mtoc.Version = w.toc.Version - } - currentOffset += w.cw.n - } - - return tocAndFooter(ws[0].compressor, mtoc, currentOffset) -} - -func tocAndFooter(compressor Compressor, toc *JTOC, offset int64) (io.Reader, digest.Digest, error) { - buf := new(bytes.Buffer) - tocDigest, err := compressor.WriteTOCAndFooter(buf, offset, toc, nil) - if err != nil { - return nil, "", err - } - return buf, tocDigest, nil -} - -// divideEntries divides passed entries to the parts at least the number specified by the -// argument. -func divideEntries(entries []*entry, minPartsNum int) (set [][]*entry) { - var estimatedSize int64 - for _, e := range entries { - estimatedSize += e.header.Size - } - unitSize := estimatedSize / int64(minPartsNum) - var ( - nextEnd = unitSize - offset int64 - ) - set = append(set, []*entry{}) - for _, e := range entries { - set[len(set)-1] = append(set[len(set)-1], e) - offset += e.header.Size - if offset > nextEnd { - set = append(set, []*entry{}) - nextEnd += unitSize - } - } - return -} - -var errNotFound = errors.New("not found") - -// sortEntries reads the specified tar blob and returns a list of tar entries. -// If some of prioritized files are specified, the list starts from these -// files with keeping the order specified by the argument. -func sortEntries(in io.ReaderAt, prioritized []string, missedPrioritized *[]string) ([]*entry, error) { - - // Import tar file. - intar, err := importTar(in) - if err != nil { - return nil, fmt.Errorf("failed to sort: %w", err) - } - - // Sort the tar file respecting to the prioritized files list. - sorted := &tarFile{} - picked := make(map[string]struct{}) - for _, l := range prioritized { - if err := moveRec(l, intar, sorted, picked); err != nil { - if errors.Is(err, errNotFound) && missedPrioritized != nil { - *missedPrioritized = append(*missedPrioritized, l) - continue // allow not found - } - return nil, fmt.Errorf("failed to sort tar entries: %w", err) - } - } - if len(prioritized) == 0 { - sorted.add(&entry{ - header: &tar.Header{ - Name: NoPrefetchLandmark, - Typeflag: tar.TypeReg, - Size: int64(len([]byte{landmarkContents})), - }, - payload: bytes.NewReader([]byte{landmarkContents}), - }) - } else { - sorted.add(&entry{ - header: &tar.Header{ - Name: PrefetchLandmark, - Typeflag: tar.TypeReg, - Size: int64(len([]byte{landmarkContents})), - }, - payload: bytes.NewReader([]byte{landmarkContents}), - }) - } - - // Dump prioritized entries followed by the rest entries while skipping picked ones. - return append(sorted.dump(nil), intar.dump(picked)...), nil -} - -// readerFromEntries returns a reader of tar archive that contains entries passed -// through the arguments. -func readerFromEntries(entries ...*entry) io.Reader { - pr, pw := io.Pipe() - go func() { - tw := tar.NewWriter(pw) - defer tw.Close() - for _, entry := range entries { - if err := tw.WriteHeader(entry.header); err != nil { - pw.CloseWithError(fmt.Errorf("failed to write tar header: %v", err)) - return - } - if _, err := io.Copy(tw, entry.payload); err != nil { - pw.CloseWithError(fmt.Errorf("failed to write tar payload: %v", err)) - return - } - } - pw.Close() - }() - return pr -} - -func importTar(in io.ReaderAt) (*tarFile, error) { - tf := &tarFile{} - pw, err := newCountReadSeeker(in) - if err != nil { - return nil, fmt.Errorf("failed to make position watcher: %w", err) - } - tr := tar.NewReader(pw) - - // Walk through all nodes. - for { - // Fetch and parse next header. - h, err := tr.Next() - if err != nil { - if err == io.EOF { - break - } - return nil, fmt.Errorf("failed to parse tar file, %w", err) - } - switch cleanEntryName(h.Name) { - case PrefetchLandmark, NoPrefetchLandmark: - // Ignore existing landmark - continue - } - - // Add entry. If it already exists, replace it. - if _, ok := tf.get(h.Name); ok { - tf.remove(h.Name) - } - tf.add(&entry{ - header: h, - payload: io.NewSectionReader(in, pw.currentPos(), h.Size), - }) - } - - return tf, nil -} - -func moveRec(name string, in *tarFile, out *tarFile, picked map[string]struct{}) error { - name = cleanEntryName(name) - if name == "" { // root directory. stop recursion. - if e, ok := in.get(name); ok { - // entry of the root directory exists. we should move it as well. - // this case will occur if tar entries are prefixed with "./", "/", etc. - if _, done := picked[name]; !done { - out.add(e) - picked[name] = struct{}{} - } - } - return nil - } - - _, okIn := in.get(name) - _, okOut := out.get(name) - _, okPicked := picked[name] - if !okIn && !okOut && !okPicked { - return fmt.Errorf("file: %q: %w", name, errNotFound) - } - - parent, _ := path.Split(strings.TrimSuffix(name, "/")) - if err := moveRec(parent, in, out, picked); err != nil { - return err - } - if e, ok := in.get(name); ok && e.header.Typeflag == tar.TypeLink { - if err := moveRec(e.header.Linkname, in, out, picked); err != nil { - return err - } - } - if _, done := picked[name]; done { - return nil - } - if e, ok := in.get(name); ok { - out.add(e) - picked[name] = struct{}{} - } - return nil -} - -type entry struct { - header *tar.Header - payload io.ReadSeeker -} - -type tarFile struct { - index map[string]*entry - stream []*entry -} - -func (f *tarFile) add(e *entry) { - if f.index == nil { - f.index = make(map[string]*entry) - } - f.index[cleanEntryName(e.header.Name)] = e - f.stream = append(f.stream, e) -} - -func (f *tarFile) remove(name string) { - name = cleanEntryName(name) - if f.index != nil { - delete(f.index, name) - } - var filtered []*entry - for _, e := range f.stream { - if cleanEntryName(e.header.Name) == name { - continue - } - filtered = append(filtered, e) - } - f.stream = filtered -} - -func (f *tarFile) get(name string) (e *entry, ok bool) { - if f.index == nil { - return nil, false - } - e, ok = f.index[cleanEntryName(name)] - return -} - -func (f *tarFile) dump(skip map[string]struct{}) []*entry { - if len(skip) == 0 { - return f.stream - } - var out []*entry - for _, e := range f.stream { - if _, ok := skip[cleanEntryName(e.header.Name)]; ok { - continue - } - out = append(out, e) - } - return out -} - -type readCloser struct { - io.Reader - closeFunc func() error -} - -func (rc readCloser) Close() error { - return rc.closeFunc() -} - -func fileSectionReader(file *os.File) (*io.SectionReader, error) { - info, err := file.Stat() - if err != nil { - return nil, err - } - return io.NewSectionReader(file, 0, info.Size()), nil -} - -func newTempFiles() *tempFiles { - return &tempFiles{} -} - -type tempFiles struct { - files []*os.File - filesMu sync.Mutex - cleanupOnce sync.Once -} - -func (tf *tempFiles) TempFile(dir, pattern string) (*os.File, error) { - f, err := os.CreateTemp(dir, pattern) - if err != nil { - return nil, err - } - tf.filesMu.Lock() - tf.files = append(tf.files, f) - tf.filesMu.Unlock() - return f, nil -} - -func (tf *tempFiles) CleanupAll() (err error) { - tf.cleanupOnce.Do(func() { - err = tf.cleanupAll() - }) - return -} - -func (tf *tempFiles) cleanupAll() error { - tf.filesMu.Lock() - defer tf.filesMu.Unlock() - var allErr []error - for _, f := range tf.files { - if err := f.Close(); err != nil { - allErr = append(allErr, err) - } - if err := os.Remove(f.Name()); err != nil { - allErr = append(allErr, err) - } - } - tf.files = nil - return errorutil.Aggregate(allErr) -} - -func newCountReadSeeker(r io.ReaderAt) (*countReadSeeker, error) { - pos := int64(0) - return &countReadSeeker{r: r, cPos: &pos}, nil -} - -type countReadSeeker struct { - r io.ReaderAt - cPos *int64 - - mu sync.Mutex -} - -func (cr *countReadSeeker) Read(p []byte) (int, error) { - cr.mu.Lock() - defer cr.mu.Unlock() - - n, err := cr.r.ReadAt(p, *cr.cPos) - if err == nil { - *cr.cPos += int64(n) - } - return n, err -} - -func (cr *countReadSeeker) Seek(offset int64, whence int) (int64, error) { - cr.mu.Lock() - defer cr.mu.Unlock() - - switch whence { - default: - return 0, fmt.Errorf("unknown whence: %v", whence) - case io.SeekStart: - case io.SeekCurrent: - offset += *cr.cPos - case io.SeekEnd: - return 0, fmt.Errorf("unsupported whence: %v", whence) - } - - if offset < 0 { - return 0, fmt.Errorf("invalid offset") - } - *cr.cPos = offset - return offset, nil -} - -func (cr *countReadSeeker) currentPos() int64 { - cr.mu.Lock() - defer cr.mu.Unlock() - - return *cr.cPos -} - -func decompressBlob(org *io.SectionReader, tmp *tempFiles, gzipHelperFunc GzipHelperFunc) (*io.SectionReader, error) { - if org.Size() < 4 { - return org, nil - } - src := make([]byte, 4) - if _, err := org.Read(src); err != nil && err != io.EOF { - return nil, err - } - var dR io.Reader - if bytes.Equal([]byte{0x1F, 0x8B, 0x08}, src[:3]) { - // gzip - var dgR io.ReadCloser - var err error - if gzipHelperFunc != nil { - dgR, err = gzipHelperFunc(io.NewSectionReader(org, 0, org.Size())) - } else { - dgR, err = gzip.NewReader(io.NewSectionReader(org, 0, org.Size())) - } - if err != nil { - return nil, err - } - defer dgR.Close() - dR = io.Reader(dgR) - } else if bytes.Equal([]byte{0x28, 0xb5, 0x2f, 0xfd}, src[:4]) { - // zstd - dzR, err := zstd.NewReader(io.NewSectionReader(org, 0, org.Size())) - if err != nil { - return nil, err - } - defer dzR.Close() - dR = io.Reader(dzR) - } else { - // uncompressed - return io.NewSectionReader(org, 0, org.Size()), nil - } - b, err := tmp.TempFile("", "uncompresseddata") - if err != nil { - return nil, err - } - if _, err := io.Copy(b, dR); err != nil { - return nil, err - } - return fileSectionReader(b) -} diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go deleted file mode 100644 index 6de78b02dc..0000000000 --- a/vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go +++ /dev/null @@ -1,40 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package errorutil - -import ( - "errors" - "fmt" - "strings" -) - -// Aggregate combines a list of errors into a single new error. -func Aggregate(errs []error) error { - switch len(errs) { - case 0: - return nil - case 1: - return errs[0] - default: - points := make([]string, len(errs)+1) - points[0] = fmt.Sprintf("%d error(s) occurred:", len(errs)) - for i, err := range errs { - points[i+1] = fmt.Sprintf("* %s", err) - } - return errors.New(strings.Join(points, "\n\t")) - } -} diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go deleted file mode 100644 index 693730420c..0000000000 --- a/vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go +++ /dev/null @@ -1,1232 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -/* - Copyright 2019 The Go Authors. All rights reserved. - Use of this source code is governed by a BSD-style - license that can be found in the LICENSE file. -*/ - -package estargz - -import ( - "bufio" - "bytes" - "compress/gzip" - "crypto/sha256" - "errors" - "fmt" - "hash" - "io" - "os" - "path" - "sort" - "strings" - "sync" - "time" - - "github.com/containerd/stargz-snapshotter/estargz/errorutil" - digest "github.com/opencontainers/go-digest" - "github.com/vbatts/tar-split/archive/tar" -) - -// A Reader permits random access reads from a stargz file. -type Reader struct { - sr *io.SectionReader - toc *JTOC - tocDigest digest.Digest - - // m stores all non-chunk entries, keyed by name. - m map[string]*TOCEntry - - // chunks stores all TOCEntry values for regular files that - // are split up. For a file with a single chunk, it's only - // stored in m. - chunks map[string][]*TOCEntry - - decompressor Decompressor -} - -type openOpts struct { - tocOffset int64 - decompressors []Decompressor - telemetry *Telemetry -} - -// OpenOption is an option used during opening the layer -type OpenOption func(o *openOpts) error - -// WithTOCOffset option specifies the offset of TOC -func WithTOCOffset(tocOffset int64) OpenOption { - return func(o *openOpts) error { - o.tocOffset = tocOffset - return nil - } -} - -// WithDecompressors option specifies decompressors to use. -// Default is gzip-based decompressor. -func WithDecompressors(decompressors ...Decompressor) OpenOption { - return func(o *openOpts) error { - o.decompressors = decompressors - return nil - } -} - -// WithTelemetry option specifies the telemetry hooks -func WithTelemetry(telemetry *Telemetry) OpenOption { - return func(o *openOpts) error { - o.telemetry = telemetry - return nil - } -} - -// MeasureLatencyHook is a func which takes start time and records the diff -type MeasureLatencyHook func(time.Time) - -// Telemetry is a struct which defines telemetry hooks. By implementing these hooks you should be able to record -// the latency metrics of the respective steps of estargz open operation. To be used with estargz.OpenWithTelemetry(...) -type Telemetry struct { - GetFooterLatency MeasureLatencyHook // measure time to get stargz footer (in milliseconds) - GetTocLatency MeasureLatencyHook // measure time to GET TOC JSON (in milliseconds) - DeserializeTocLatency MeasureLatencyHook // measure time to deserialize TOC JSON (in milliseconds) -} - -// Open opens a stargz file for reading. -// The behavior is configurable using options. -// -// Note that each entry name is normalized as the path that is relative to root. -func Open(sr *io.SectionReader, opt ...OpenOption) (*Reader, error) { - var opts openOpts - for _, o := range opt { - if err := o(&opts); err != nil { - return nil, err - } - } - - gzipCompressors := []Decompressor{new(GzipDecompressor), new(LegacyGzipDecompressor)} - decompressors := append(gzipCompressors, opts.decompressors...) - - // Determine the size to fetch. Try to fetch as many bytes as possible. - fetchSize := maxFooterSize(sr.Size(), decompressors...) - if maybeTocOffset := opts.tocOffset; maybeTocOffset > fetchSize { - if maybeTocOffset > sr.Size() { - return nil, fmt.Errorf("blob size %d is smaller than the toc offset", sr.Size()) - } - fetchSize = sr.Size() - maybeTocOffset - } - - start := time.Now() // before getting layer footer - footer := make([]byte, fetchSize) - if _, err := sr.ReadAt(footer, sr.Size()-fetchSize); err != nil { - return nil, fmt.Errorf("error reading footer: %v", err) - } - if opts.telemetry != nil && opts.telemetry.GetFooterLatency != nil { - opts.telemetry.GetFooterLatency(start) - } - - var allErr []error - var found bool - var r *Reader - for _, d := range decompressors { - fSize := d.FooterSize() - fOffset := positive(int64(len(footer)) - fSize) - maybeTocBytes := footer[:fOffset] - _, tocOffset, tocSize, err := d.ParseFooter(footer[fOffset:]) - if err != nil { - allErr = append(allErr, err) - continue - } - if tocOffset >= 0 && tocSize <= 0 { - tocSize = sr.Size() - tocOffset - fSize - } - if tocOffset >= 0 && tocSize < int64(len(maybeTocBytes)) { - maybeTocBytes = maybeTocBytes[:tocSize] - } - r, err = parseTOC(d, sr, tocOffset, tocSize, maybeTocBytes, opts) - if err == nil { - found = true - break - } - allErr = append(allErr, err) - } - if !found { - return nil, errorutil.Aggregate(allErr) - } - if err := r.initFields(); err != nil { - return nil, fmt.Errorf("failed to initialize fields of entries: %v", err) - } - return r, nil -} - -// OpenFooter extracts and parses footer from the given blob. -// only supports gzip-based eStargz. -func OpenFooter(sr *io.SectionReader) (tocOffset int64, footerSize int64, rErr error) { - if sr.Size() < FooterSize && sr.Size() < legacyFooterSize { - return 0, 0, fmt.Errorf("blob size %d is smaller than the footer size", sr.Size()) - } - var footer [FooterSize]byte - if _, err := sr.ReadAt(footer[:], sr.Size()-FooterSize); err != nil { - return 0, 0, fmt.Errorf("error reading footer: %v", err) - } - var allErr []error - for _, d := range []Decompressor{new(GzipDecompressor), new(LegacyGzipDecompressor)} { - fSize := d.FooterSize() - fOffset := positive(int64(len(footer)) - fSize) - _, tocOffset, _, err := d.ParseFooter(footer[fOffset:]) - if err == nil { - return tocOffset, fSize, err - } - allErr = append(allErr, err) - } - return 0, 0, errorutil.Aggregate(allErr) -} - -// initFields populates the Reader from r.toc after decoding it from -// JSON. -// -// Unexported fields are populated and TOCEntry fields that were -// implicit in the JSON are populated. -func (r *Reader) initFields() error { - r.m = make(map[string]*TOCEntry, len(r.toc.Entries)) - r.chunks = make(map[string][]*TOCEntry) - var lastPath string - uname := map[int]string{} - gname := map[int]string{} - var lastRegEnt *TOCEntry - var chunkTopIndex int - for i, ent := range r.toc.Entries { - ent.Name = cleanEntryName(ent.Name) - switch ent.Type { - case "reg", "chunk": - if ent.Offset != r.toc.Entries[chunkTopIndex].Offset { - chunkTopIndex = i - } - ent.chunkTopIndex = chunkTopIndex - } - if ent.Type == "reg" { - lastRegEnt = ent - } - if ent.Type == "chunk" { - ent.Name = lastPath - r.chunks[ent.Name] = append(r.chunks[ent.Name], ent) - if ent.ChunkSize == 0 && lastRegEnt != nil { - ent.ChunkSize = lastRegEnt.Size - ent.ChunkOffset - } - } else { - lastPath = ent.Name - - if ent.Uname != "" { - uname[ent.UID] = ent.Uname - } else { - ent.Uname = uname[ent.UID] - } - if ent.Gname != "" { - gname[ent.GID] = ent.Gname - } else { - ent.Gname = gname[ent.GID] - } - - ent.modTime, _ = time.Parse(time.RFC3339, ent.ModTime3339) - - if ent.Type == "dir" { - ent.NumLink++ // Parent dir links to this directory - } - r.m[ent.Name] = ent - } - if ent.Type == "reg" && ent.ChunkSize > 0 && ent.ChunkSize < ent.Size { - r.chunks[ent.Name] = make([]*TOCEntry, 0, ent.Size/ent.ChunkSize+1) - r.chunks[ent.Name] = append(r.chunks[ent.Name], ent) - } - if ent.ChunkSize == 0 && ent.Size != 0 { - ent.ChunkSize = ent.Size - } - } - - // Populate children, add implicit directories: - for _, ent := range r.toc.Entries { - if ent.Type == "chunk" { - continue - } - // add "foo/": - // add "foo" child to "" (creating "" if necessary) - // - // add "foo/bar/": - // add "bar" child to "foo" (creating "foo" if necessary) - // - // add "foo/bar.txt": - // add "bar.txt" child to "foo" (creating "foo" if necessary) - // - // add "a/b/c/d/e/f.txt": - // create "a/b/c/d/e" node - // add "f.txt" child to "e" - - name := ent.Name - pdirName := parentDir(name) - if name == pdirName { - // This entry and its parent are the same. - // Ignore this for avoiding infinite loop of the reference. - // The example case where this can occur is when tar contains the root - // directory itself (e.g. "./", "/"). - continue - } - pdir := r.getOrCreateDir(pdirName) - ent.NumLink++ // at least one name(ent.Name) references this entry. - if ent.Type == "hardlink" { - org, err := r.getSource(ent) - if err != nil { - return err - } - org.NumLink++ // original entry is referenced by this ent.Name. - ent = org - } - pdir.addChild(path.Base(name), ent) - } - - lastOffset := r.sr.Size() - for i := len(r.toc.Entries) - 1; i >= 0; i-- { - e := r.toc.Entries[i] - if e.isDataType() { - e.nextOffset = lastOffset - } - if e.Offset != 0 && e.InnerOffset == 0 { - lastOffset = e.Offset - } - } - - if len(r.m) == 0 { - r.m[""] = &TOCEntry{ - Name: "", - Type: "dir", - Mode: 0755, - NumLink: 1, - } - } - - return nil -} - -func (r *Reader) getSource(ent *TOCEntry) (_ *TOCEntry, err error) { - if ent.Type == "hardlink" { - org, ok := r.m[cleanEntryName(ent.LinkName)] - if !ok { - return nil, fmt.Errorf("%q is a hardlink but the linkname %q isn't found", ent.Name, ent.LinkName) - } - ent, err = r.getSource(org) - if err != nil { - return nil, err - } - } - return ent, nil -} - -func parentDir(p string) string { - dir, _ := path.Split(p) - return strings.TrimSuffix(dir, "/") -} - -func (r *Reader) getOrCreateDir(d string) *TOCEntry { - e, ok := r.m[d] - if !ok { - e = &TOCEntry{ - Name: d, - Type: "dir", - Mode: 0755, - NumLink: 2, // The directory itself(.) and the parent link to this directory. - } - r.m[d] = e - if d != "" { - pdir := r.getOrCreateDir(parentDir(d)) - pdir.addChild(path.Base(d), e) - } - } - return e -} - -func (r *Reader) TOCDigest() digest.Digest { - return r.tocDigest -} - -// VerifyTOC checks that the TOC JSON in the passed blob matches the -// passed digests and that the TOC JSON contains digests for all chunks -// contained in the blob. If the verification succceeds, this function -// returns TOCEntryVerifier which holds all chunk digests in the stargz blob. -func (r *Reader) VerifyTOC(tocDigest digest.Digest) (TOCEntryVerifier, error) { - // Verify the digest of TOC JSON - if r.tocDigest != tocDigest { - return nil, fmt.Errorf("invalid TOC JSON %q; want %q", r.tocDigest, tocDigest) - } - return r.Verifiers() -} - -// Verifiers returns TOCEntryVerifier of this chunk. Use VerifyTOC instead in most cases -// because this doesn't verify TOC. -func (r *Reader) Verifiers() (TOCEntryVerifier, error) { - chunkDigestMap := make(map[int64]digest.Digest) // map from chunk offset to the chunk digest - regDigestMap := make(map[int64]digest.Digest) // map from chunk offset to the reg file digest - var chunkDigestMapIncomplete bool - var regDigestMapIncomplete bool - var containsChunk bool - for _, e := range r.toc.Entries { - if e.Type != "reg" && e.Type != "chunk" { - continue - } - - // offset must be unique in stargz blob - _, dOK := chunkDigestMap[e.Offset] - _, rOK := regDigestMap[e.Offset] - if dOK || rOK { - return nil, fmt.Errorf("offset %d found twice", e.Offset) - } - - if e.Type == "reg" { - if e.Size == 0 { - continue // ignores empty file - } - - // record the digest of regular file payload - if e.Digest != "" { - d, err := digest.Parse(e.Digest) - if err != nil { - return nil, fmt.Errorf("failed to parse regular file digest %q: %w", e.Digest, err) - } - regDigestMap[e.Offset] = d - } else { - regDigestMapIncomplete = true - } - } else { - containsChunk = true // this layer contains "chunk" entries. - } - - // "reg" also can contain ChunkDigest (e.g. when "reg" is the first entry of - // chunked file) - if e.ChunkDigest != "" { - d, err := digest.Parse(e.ChunkDigest) - if err != nil { - return nil, fmt.Errorf("failed to parse chunk digest %q: %w", e.ChunkDigest, err) - } - chunkDigestMap[e.Offset] = d - } else { - chunkDigestMapIncomplete = true - } - } - - if chunkDigestMapIncomplete { - // Though some chunk digests are not found, if this layer doesn't contain - // "chunk"s and all digest of "reg" files are recorded, we can use them instead. - if !containsChunk && !regDigestMapIncomplete { - return &verifier{digestMap: regDigestMap}, nil - } - return nil, fmt.Errorf("some ChunkDigest not found in TOC JSON") - } - - return &verifier{digestMap: chunkDigestMap}, nil -} - -// verifier is an implementation of TOCEntryVerifier which holds verifiers keyed by -// offset of the chunk. -type verifier struct { - digestMap map[int64]digest.Digest - digestMapMu sync.Mutex -} - -// Verifier returns a content verifier specified by TOCEntry. -func (v *verifier) Verifier(ce *TOCEntry) (digest.Verifier, error) { - v.digestMapMu.Lock() - defer v.digestMapMu.Unlock() - d, ok := v.digestMap[ce.Offset] - if !ok { - return nil, fmt.Errorf("verifier for offset=%d,size=%d hasn't been registered", - ce.Offset, ce.ChunkSize) - } - return d.Verifier(), nil -} - -// ChunkEntryForOffset returns the TOCEntry containing the byte of the -// named file at the given offset within the file. -// Name must be absolute path or one that is relative to root. -func (r *Reader) ChunkEntryForOffset(name string, offset int64) (e *TOCEntry, ok bool) { - name = cleanEntryName(name) - e, ok = r.Lookup(name) - if !ok || !e.isDataType() { - return nil, false - } - ents := r.chunks[name] - if len(ents) < 2 { - if offset >= e.ChunkSize { - return nil, false - } - return e, true - } - i := sort.Search(len(ents), func(i int) bool { - e := ents[i] - return e.ChunkOffset >= offset || (offset > e.ChunkOffset && offset < e.ChunkOffset+e.ChunkSize) - }) - if i == len(ents) { - return nil, false - } - return ents[i], true -} - -// Lookup returns the Table of Contents entry for the given path. -// -// To get the root directory, use the empty string. -// Path must be absolute path or one that is relative to root. -func (r *Reader) Lookup(path string) (e *TOCEntry, ok bool) { - path = cleanEntryName(path) - if r == nil { - return - } - e, ok = r.m[path] - if ok && e.Type == "hardlink" { - var err error - e, err = r.getSource(e) - if err != nil { - return nil, false - } - } - return -} - -// OpenFile returns the reader of the specified file payload. -// -// Name must be absolute path or one that is relative to root. -func (r *Reader) OpenFile(name string) (*io.SectionReader, error) { - fr, err := r.newFileReader(name) - if err != nil { - return nil, err - } - return io.NewSectionReader(fr, 0, fr.size), nil -} - -func (r *Reader) newFileReader(name string) (*fileReader, error) { - name = cleanEntryName(name) - ent, ok := r.Lookup(name) - if !ok { - // TODO: come up with some error plan. This is lazy: - return nil, &os.PathError{ - Path: name, - Op: "OpenFile", - Err: os.ErrNotExist, - } - } - if ent.Type != "reg" { - return nil, &os.PathError{ - Path: name, - Op: "OpenFile", - Err: errors.New("not a regular file"), - } - } - return &fileReader{ - r: r, - size: ent.Size, - ents: r.getChunks(ent), - }, nil -} - -func (r *Reader) OpenFileWithPreReader(name string, preRead func(*TOCEntry, io.Reader) error) (*io.SectionReader, error) { - fr, err := r.newFileReader(name) - if err != nil { - return nil, err - } - fr.preRead = preRead - return io.NewSectionReader(fr, 0, fr.size), nil -} - -func (r *Reader) getChunks(ent *TOCEntry) []*TOCEntry { - if ents, ok := r.chunks[ent.Name]; ok { - return ents - } - return []*TOCEntry{ent} -} - -type fileReader struct { - r *Reader - size int64 - ents []*TOCEntry // 1 or more reg/chunk entries - preRead func(*TOCEntry, io.Reader) error -} - -func (fr *fileReader) ReadAt(p []byte, off int64) (n int, err error) { - if off >= fr.size { - return 0, io.EOF - } - if off < 0 { - return 0, errors.New("invalid offset") - } - var i int - if len(fr.ents) > 1 { - i = sort.Search(len(fr.ents), func(i int) bool { - return fr.ents[i].ChunkOffset >= off - }) - if i == len(fr.ents) { - i = len(fr.ents) - 1 - } - } - ent := fr.ents[i] - if ent.ChunkOffset > off { - if i == 0 { - return 0, errors.New("internal error; first chunk offset is non-zero") - } - ent = fr.ents[i-1] - } - - // If ent is a chunk of a large file, adjust the ReadAt - // offset by the chunk's offset. - off -= ent.ChunkOffset - - finalEnt := fr.ents[len(fr.ents)-1] - compressedOff := ent.Offset - // compressedBytesRemain is the number of compressed bytes in this - // file remaining, over 1+ chunks. - compressedBytesRemain := finalEnt.NextOffset() - compressedOff - - sr := io.NewSectionReader(fr.r.sr, compressedOff, compressedBytesRemain) - - const maxRead = 2 << 20 - var bufSize = maxRead - if compressedBytesRemain < maxRead { - bufSize = int(compressedBytesRemain) - } - - br := bufio.NewReaderSize(sr, bufSize) - if _, err := br.Peek(bufSize); err != nil { - return 0, fmt.Errorf("fileReader.ReadAt.peek: %v", err) - } - - dr, err := fr.r.decompressor.Reader(br) - if err != nil { - return 0, fmt.Errorf("fileReader.ReadAt.decompressor.Reader: %v", err) - } - defer dr.Close() - - if fr.preRead == nil { - if n, err := io.CopyN(io.Discard, dr, ent.InnerOffset+off); n != ent.InnerOffset+off || err != nil { - return 0, fmt.Errorf("discard of %d bytes != %v, %v", ent.InnerOffset+off, n, err) - } - return io.ReadFull(dr, p) - } - - var retN int - var retErr error - var found bool - var nr int64 - for _, e := range fr.r.toc.Entries[ent.chunkTopIndex:] { - if !e.isDataType() { - continue - } - if e.Offset != fr.r.toc.Entries[ent.chunkTopIndex].Offset { - break - } - if in, err := io.CopyN(io.Discard, dr, e.InnerOffset-nr); err != nil || in != e.InnerOffset-nr { - return 0, fmt.Errorf("discard of remaining %d bytes != %v, %v", e.InnerOffset-nr, in, err) - } - nr = e.InnerOffset - if e == ent { - found = true - if n, err := io.CopyN(io.Discard, dr, off); n != off || err != nil { - return 0, fmt.Errorf("discard of offset %d bytes != %v, %v", off, n, err) - } - retN, retErr = io.ReadFull(dr, p) - nr += off + int64(retN) - continue - } - cr := &countReader{r: io.LimitReader(dr, e.ChunkSize)} - if err := fr.preRead(e, cr); err != nil { - return 0, fmt.Errorf("failed to pre read: %w", err) - } - nr += cr.n - } - if !found { - return 0, fmt.Errorf("fileReader.ReadAt: target entry not found") - } - return retN, retErr -} - -// A Writer writes stargz files. -// -// Use NewWriter to create a new Writer. -type Writer struct { - bw *bufio.Writer - cw *countWriter - toc *JTOC - diffHash hash.Hash // SHA-256 of uncompressed tar - - closed bool - gz io.WriteCloser - lastUsername map[int]string - lastGroupname map[int]string - compressor Compressor - - uncompressedCounter *countWriteFlusher - - // ChunkSize optionally controls the maximum number of bytes - // of data of a regular file that can be written in one gzip - // stream before a new gzip stream is started. - // Zero means to use a default, currently 4 MiB. - ChunkSize int - - // MinChunkSize optionally controls the minimum number of bytes - // of data must be written in one gzip stream before a new gzip - // NOTE: This adds a TOC property that stargz snapshotter < v0.13.0 doesn't understand. - MinChunkSize int - - needsOpenGzEntries map[string]struct{} -} - -// currentCompressionWriter writes to the current w.gz field, which can -// change throughout writing a tar entry. -// -// Additionally, it updates w's SHA-256 of the uncompressed bytes -// of the tar file. -type currentCompressionWriter struct{ w *Writer } - -func (ccw currentCompressionWriter) Write(p []byte) (int, error) { - ccw.w.diffHash.Write(p) - if ccw.w.gz == nil { - if err := ccw.w.condOpenGz(); err != nil { - return 0, err - } - } - return ccw.w.gz.Write(p) -} - -func (w *Writer) chunkSize() int { - if w.ChunkSize <= 0 { - return 4 << 20 - } - return w.ChunkSize -} - -// Unpack decompresses the given estargz blob and returns a ReadCloser of the tar blob. -// TOC JSON and footer are removed. -func Unpack(sr *io.SectionReader, c Decompressor) (io.ReadCloser, error) { - footerSize := c.FooterSize() - if sr.Size() < footerSize { - return nil, fmt.Errorf("blob is too small; %d < %d", sr.Size(), footerSize) - } - footerOffset := sr.Size() - footerSize - footer := make([]byte, footerSize) - if _, err := sr.ReadAt(footer, footerOffset); err != nil { - return nil, err - } - blobPayloadSize, _, _, err := c.ParseFooter(footer) - if err != nil { - return nil, fmt.Errorf("failed to parse footer: %w", err) - } - if blobPayloadSize < 0 { - blobPayloadSize = sr.Size() - } - return c.Reader(io.LimitReader(sr, blobPayloadSize)) -} - -// NewWriter returns a new stargz writer (gzip-based) writing to w. -// -// The writer must be closed to write its trailing table of contents. -func NewWriter(w io.Writer) *Writer { - return NewWriterLevel(w, gzip.BestCompression) -} - -// NewWriterLevel returns a new stargz writer (gzip-based) writing to w. -// The compression level is configurable. -// -// The writer must be closed to write its trailing table of contents. -func NewWriterLevel(w io.Writer, compressionLevel int) *Writer { - return NewWriterWithCompressor(w, NewGzipCompressorWithLevel(compressionLevel)) -} - -// NewWriterWithCompressor returns a new stargz writer writing to w. -// The compression method is configurable. -// -// The writer must be closed to write its trailing table of contents. -func NewWriterWithCompressor(w io.Writer, c Compressor) *Writer { - bw := bufio.NewWriter(w) - cw := &countWriter{w: bw} - return &Writer{ - bw: bw, - cw: cw, - toc: &JTOC{Version: 1}, - diffHash: sha256.New(), - compressor: c, - uncompressedCounter: &countWriteFlusher{}, - } -} - -// Close writes the stargz's table of contents and flushes all the -// buffers, returning any error. -func (w *Writer) Close() (digest.Digest, error) { - if w.closed { - return "", nil - } - defer func() { w.closed = true }() - - if err := w.closeGz(); err != nil { - return "", err - } - - // Write the TOC index and footer. - tocDigest, err := w.compressor.WriteTOCAndFooter(w.cw, w.cw.n, w.toc, w.diffHash) - if err != nil { - return "", err - } - if err := w.bw.Flush(); err != nil { - return "", err - } - - return tocDigest, nil -} - -func (w *Writer) closeGz() error { - if w.closed { - return errors.New("write on closed Writer") - } - if w.gz != nil { - if err := w.gz.Close(); err != nil { - return err - } - w.gz = nil - } - return nil -} - -func (w *Writer) flushGz() error { - if w.closed { - return errors.New("flush on closed Writer") - } - if w.gz != nil { - if f, ok := w.gz.(interface { - Flush() error - }); ok { - return f.Flush() - } - } - return nil -} - -// nameIfChanged returns name, unless it was the already the value of (*mp)[id], -// in which case it returns the empty string. -func (w *Writer) nameIfChanged(mp *map[int]string, id int, name string) string { - if name == "" { - return "" - } - if *mp == nil { - *mp = make(map[int]string) - } - if (*mp)[id] == name { - return "" - } - (*mp)[id] = name - return name -} - -func (w *Writer) condOpenGz() (err error) { - if w.gz == nil { - w.gz, err = w.compressor.Writer(w.cw) - if w.gz != nil { - w.gz = w.uncompressedCounter.register(w.gz) - } - } - return -} - -// AppendTar reads the tar or tar.gz file from r and appends -// each of its contents to w. -// -// The input r can optionally be gzip compressed but the output will -// always be compressed by the specified compressor. -func (w *Writer) AppendTar(r io.Reader) error { - return w.appendTar(r, false) -} - -// AppendTarLossLess reads the tar or tar.gz file from r and appends -// each of its contents to w. -// -// The input r can optionally be gzip compressed but the output will -// always be compressed by the specified compressor. -// -// The difference of this func with AppendTar is that this writes -// the input tar stream into w without any modification (e.g. to header bytes). -// -// Note that if the input tar stream already contains TOC JSON, this returns -// error because w cannot overwrite the TOC JSON to the one generated by w without -// lossy modification. To avoid this error, if the input stream is known to be stargz/estargz, -// you shoud decompress it and remove TOC JSON in advance. -func (w *Writer) AppendTarLossLess(r io.Reader) error { - return w.appendTar(r, true) -} - -func (w *Writer) appendTar(r io.Reader, lossless bool) error { - var src io.Reader - br := bufio.NewReader(r) - if isGzip(br) { - zr, _ := gzip.NewReader(br) - src = zr - } else { - src = io.Reader(br) - } - dst := currentCompressionWriter{w} - var tw *tar.Writer - if !lossless { - tw = tar.NewWriter(dst) // use tar writer only when this isn't lossless mode. - } - tr := tar.NewReader(src) - if lossless { - tr.RawAccounting = true - } - prevOffset := w.cw.n - var prevOffsetUncompressed int64 - for { - h, err := tr.Next() - if err == io.EOF { - if lossless { - if remain := tr.RawBytes(); len(remain) > 0 { - // Collect the remaining null bytes. - // https://github.com/vbatts/tar-split/blob/80a436fd6164c557b131f7c59ed69bd81af69761/concept/main.go#L49-L53 - if _, err := dst.Write(remain); err != nil { - return err - } - } - } - break - } - if err != nil { - return fmt.Errorf("error reading from source tar: tar.Reader.Next: %v", err) - } - if cleanEntryName(h.Name) == TOCTarName { - // It is possible for a layer to be "stargzified" twice during the - // distribution lifecycle. So we reserve "TOCTarName" here to avoid - // duplicated entries in the resulting layer. - if lossless { - // We cannot handle this in lossless way. - return fmt.Errorf("existing TOC JSON is not allowed; decompress layer before append") - } - continue - } - - xattrs := make(map[string][]byte) - const xattrPAXRecordsPrefix = "SCHILY.xattr." - if h.PAXRecords != nil { - for k, v := range h.PAXRecords { - if strings.HasPrefix(k, xattrPAXRecordsPrefix) { - xattrs[k[len(xattrPAXRecordsPrefix):]] = []byte(v) - } - } - } - ent := &TOCEntry{ - Name: h.Name, - Mode: h.Mode, - UID: h.Uid, - GID: h.Gid, - Uname: w.nameIfChanged(&w.lastUsername, h.Uid, h.Uname), - Gname: w.nameIfChanged(&w.lastGroupname, h.Gid, h.Gname), - ModTime3339: formatModtime(h.ModTime), - Xattrs: xattrs, - } - if err := w.condOpenGz(); err != nil { - return err - } - if tw != nil { - if err := tw.WriteHeader(h); err != nil { - return err - } - } else { - if _, err := dst.Write(tr.RawBytes()); err != nil { - return err - } - } - switch h.Typeflag { - case tar.TypeLink: - ent.Type = "hardlink" - ent.LinkName = h.Linkname - case tar.TypeSymlink: - ent.Type = "symlink" - ent.LinkName = h.Linkname - case tar.TypeDir: - ent.Type = "dir" - case tar.TypeReg: - ent.Type = "reg" - ent.Size = h.Size - case tar.TypeChar: - ent.Type = "char" - ent.DevMajor = int(h.Devmajor) - ent.DevMinor = int(h.Devminor) - case tar.TypeBlock: - ent.Type = "block" - ent.DevMajor = int(h.Devmajor) - ent.DevMinor = int(h.Devminor) - case tar.TypeFifo: - ent.Type = "fifo" - default: - return fmt.Errorf("unsupported input tar entry %q", h.Typeflag) - } - - // We need to keep a reference to the TOC entry for regular files, so that we - // can fill the digest later. - var regFileEntry *TOCEntry - var payloadDigest digest.Digester - if h.Typeflag == tar.TypeReg { - regFileEntry = ent - payloadDigest = digest.Canonical.Digester() - } - - if h.Typeflag == tar.TypeReg && ent.Size > 0 { - var written int64 - totalSize := ent.Size // save it before we destroy ent - tee := io.TeeReader(tr, payloadDigest.Hash()) - for written < totalSize { - chunkSize := int64(w.chunkSize()) - remain := totalSize - written - if remain < chunkSize { - chunkSize = remain - } else { - ent.ChunkSize = chunkSize - } - - // We flush the underlying compression writer here to correctly calculate "w.cw.n". - if err := w.flushGz(); err != nil { - return err - } - if w.needsOpenGz(ent) || w.cw.n-prevOffset >= int64(w.MinChunkSize) { - if err := w.closeGz(); err != nil { - return err - } - ent.Offset = w.cw.n - prevOffset = ent.Offset - prevOffsetUncompressed = w.uncompressedCounter.n - } else { - ent.Offset = prevOffset - ent.InnerOffset = w.uncompressedCounter.n - prevOffsetUncompressed - } - - ent.ChunkOffset = written - chunkDigest := digest.Canonical.Digester() - - if err := w.condOpenGz(); err != nil { - return err - } - - teeChunk := io.TeeReader(tee, chunkDigest.Hash()) - var out io.Writer - if tw != nil { - out = tw - } else { - out = dst - } - if _, err := io.CopyN(out, teeChunk, chunkSize); err != nil { - return fmt.Errorf("error copying %q: %v", h.Name, err) - } - ent.ChunkDigest = chunkDigest.Digest().String() - w.toc.Entries = append(w.toc.Entries, ent) - written += chunkSize - ent = &TOCEntry{ - Name: h.Name, - Type: "chunk", - } - } - } else { - w.toc.Entries = append(w.toc.Entries, ent) - } - if payloadDigest != nil { - regFileEntry.Digest = payloadDigest.Digest().String() - } - if tw != nil { - if err := tw.Flush(); err != nil { - return err - } - } - } - remainDest := io.Discard - if lossless { - remainDest = dst // Preserve the remaining bytes in lossless mode - } - _, err := io.Copy(remainDest, src) - return err -} - -func (w *Writer) needsOpenGz(ent *TOCEntry) bool { - if ent.Type != "reg" { - return false - } - if w.needsOpenGzEntries == nil { - return false - } - _, ok := w.needsOpenGzEntries[ent.Name] - return ok -} - -// DiffID returns the SHA-256 of the uncompressed tar bytes. -// It is only valid to call DiffID after Close. -func (w *Writer) DiffID() string { - return fmt.Sprintf("sha256:%x", w.diffHash.Sum(nil)) -} - -func maxFooterSize(blobSize int64, decompressors ...Decompressor) (res int64) { - for _, d := range decompressors { - if s := d.FooterSize(); res < s && s <= blobSize { - res = s - } - } - return -} - -func parseTOC(d Decompressor, sr *io.SectionReader, tocOff, tocSize int64, tocBytes []byte, opts openOpts) (*Reader, error) { - if tocOff < 0 { - // This means that TOC isn't contained in the blob. - // We pass nil reader to ParseTOC and expect that ParseTOC acquire TOC from - // the external location. - start := time.Now() - toc, tocDgst, err := d.ParseTOC(nil) - if err != nil { - return nil, err - } - if opts.telemetry != nil && opts.telemetry.GetTocLatency != nil { - opts.telemetry.GetTocLatency(start) - } - if opts.telemetry != nil && opts.telemetry.DeserializeTocLatency != nil { - opts.telemetry.DeserializeTocLatency(start) - } - return &Reader{ - sr: sr, - toc: toc, - tocDigest: tocDgst, - decompressor: d, - }, nil - } - if len(tocBytes) > 0 { - start := time.Now() - toc, tocDgst, err := d.ParseTOC(bytes.NewReader(tocBytes)) - if err == nil { - if opts.telemetry != nil && opts.telemetry.DeserializeTocLatency != nil { - opts.telemetry.DeserializeTocLatency(start) - } - return &Reader{ - sr: sr, - toc: toc, - tocDigest: tocDgst, - decompressor: d, - }, nil - } - } - - start := time.Now() - tocBytes = make([]byte, tocSize) - if _, err := sr.ReadAt(tocBytes, tocOff); err != nil { - return nil, fmt.Errorf("error reading %d byte TOC targz: %v", len(tocBytes), err) - } - if opts.telemetry != nil && opts.telemetry.GetTocLatency != nil { - opts.telemetry.GetTocLatency(start) - } - start = time.Now() - toc, tocDgst, err := d.ParseTOC(bytes.NewReader(tocBytes)) - if err != nil { - return nil, err - } - if opts.telemetry != nil && opts.telemetry.DeserializeTocLatency != nil { - opts.telemetry.DeserializeTocLatency(start) - } - return &Reader{ - sr: sr, - toc: toc, - tocDigest: tocDgst, - decompressor: d, - }, nil -} - -func formatModtime(t time.Time) string { - if t.IsZero() || t.Unix() == 0 { - return "" - } - return t.UTC().Round(time.Second).Format(time.RFC3339) -} - -func cleanEntryName(name string) string { - // Use path.Clean to consistently deal with path separators across platforms. - return strings.TrimPrefix(path.Clean("/"+name), "/") -} - -// countWriter counts how many bytes have been written to its wrapped -// io.Writer. -type countWriter struct { - w io.Writer - n int64 -} - -func (cw *countWriter) Write(p []byte) (n int, err error) { - n, err = cw.w.Write(p) - cw.n += int64(n) - return -} - -type countWriteFlusher struct { - io.WriteCloser - n int64 -} - -func (wc *countWriteFlusher) register(w io.WriteCloser) io.WriteCloser { - wc.WriteCloser = w - return wc -} - -func (wc *countWriteFlusher) Write(p []byte) (n int, err error) { - n, err = wc.WriteCloser.Write(p) - wc.n += int64(n) - return -} - -func (wc *countWriteFlusher) Flush() error { - if f, ok := wc.WriteCloser.(interface { - Flush() error - }); ok { - return f.Flush() - } - return nil -} - -func (wc *countWriteFlusher) Close() error { - err := wc.WriteCloser.Close() - wc.WriteCloser = nil - return err -} - -// isGzip reports whether br is positioned right before an upcoming gzip stream. -// It does not consume any bytes from br. -func isGzip(br *bufio.Reader) bool { - const ( - gzipID1 = 0x1f - gzipID2 = 0x8b - gzipDeflate = 8 - ) - peek, _ := br.Peek(3) - return len(peek) >= 3 && peek[0] == gzipID1 && peek[1] == gzipID2 && peek[2] == gzipDeflate -} - -func positive(n int64) int64 { - if n < 0 { - return 0 - } - return n -} - -type countReader struct { - r io.Reader - n int64 -} - -func (cr *countReader) Read(p []byte) (n int, err error) { - n, err = cr.r.Read(p) - cr.n += int64(n) - return -} diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go deleted file mode 100644 index 88fa13b191..0000000000 --- a/vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go +++ /dev/null @@ -1,237 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -/* - Copyright 2019 The Go Authors. All rights reserved. - Use of this source code is governed by a BSD-style - license that can be found in the LICENSE file. -*/ - -package estargz - -import ( - "archive/tar" - "bytes" - "compress/gzip" - "encoding/binary" - "encoding/json" - "fmt" - "hash" - "io" - "strconv" - - digest "github.com/opencontainers/go-digest" -) - -type gzipCompression struct { - *GzipCompressor - *GzipDecompressor -} - -func newGzipCompressionWithLevel(level int) Compression { - return &gzipCompression{ - &GzipCompressor{level}, - &GzipDecompressor{}, - } -} - -func NewGzipCompressor() *GzipCompressor { - return &GzipCompressor{gzip.BestCompression} -} - -func NewGzipCompressorWithLevel(level int) *GzipCompressor { - return &GzipCompressor{level} -} - -type GzipCompressor struct { - compressionLevel int -} - -func (gc *GzipCompressor) Writer(w io.Writer) (WriteFlushCloser, error) { - return gzip.NewWriterLevel(w, gc.compressionLevel) -} - -func (gc *GzipCompressor) WriteTOCAndFooter(w io.Writer, off int64, toc *JTOC, diffHash hash.Hash) (digest.Digest, error) { - tocJSON, err := json.MarshalIndent(toc, "", "\t") - if err != nil { - return "", err - } - gz, _ := gzip.NewWriterLevel(w, gc.compressionLevel) - gw := io.Writer(gz) - if diffHash != nil { - gw = io.MultiWriter(gz, diffHash) - } - tw := tar.NewWriter(gw) - if err := tw.WriteHeader(&tar.Header{ - Typeflag: tar.TypeReg, - Name: TOCTarName, - Size: int64(len(tocJSON)), - }); err != nil { - return "", err - } - if _, err := tw.Write(tocJSON); err != nil { - return "", err - } - - if err := tw.Close(); err != nil { - return "", err - } - if err := gz.Close(); err != nil { - return "", err - } - if _, err := w.Write(gzipFooterBytes(off)); err != nil { - return "", err - } - return digest.FromBytes(tocJSON), nil -} - -// gzipFooterBytes returns the 51 bytes footer. -func gzipFooterBytes(tocOff int64) []byte { - buf := bytes.NewBuffer(make([]byte, 0, FooterSize)) - gz, _ := gzip.NewWriterLevel(buf, gzip.NoCompression) // MUST be NoCompression to keep 51 bytes - - // Extra header indicating the offset of TOCJSON - // https://tools.ietf.org/html/rfc1952#section-2.3.1.1 - header := make([]byte, 4) - header[0], header[1] = 'S', 'G' - subfield := fmt.Sprintf("%016xSTARGZ", tocOff) - binary.LittleEndian.PutUint16(header[2:4], uint16(len(subfield))) // little-endian per RFC1952 - gz.Extra = append(header, []byte(subfield)...) - gz.Close() - if buf.Len() != FooterSize { - panic(fmt.Sprintf("footer buffer = %d, not %d", buf.Len(), FooterSize)) - } - return buf.Bytes() -} - -type GzipDecompressor struct{} - -func (gz *GzipDecompressor) Reader(r io.Reader) (io.ReadCloser, error) { - return gzip.NewReader(r) -} - -func (gz *GzipDecompressor) ParseTOC(r io.Reader) (toc *JTOC, tocDgst digest.Digest, err error) { - return parseTOCEStargz(r) -} - -func (gz *GzipDecompressor) ParseFooter(p []byte) (blobPayloadSize, tocOffset, tocSize int64, err error) { - if len(p) != FooterSize { - return 0, 0, 0, fmt.Errorf("invalid length %d cannot be parsed", len(p)) - } - zr, err := gzip.NewReader(bytes.NewReader(p)) - if err != nil { - return 0, 0, 0, err - } - defer zr.Close() - extra := zr.Extra - si1, si2, subfieldlen, subfield := extra[0], extra[1], extra[2:4], extra[4:] - if si1 != 'S' || si2 != 'G' { - return 0, 0, 0, fmt.Errorf("invalid subfield IDs: %q, %q; want E, S", si1, si2) - } - if slen := binary.LittleEndian.Uint16(subfieldlen); slen != uint16(16+len("STARGZ")) { - return 0, 0, 0, fmt.Errorf("invalid length of subfield %d; want %d", slen, 16+len("STARGZ")) - } - if string(subfield[16:]) != "STARGZ" { - return 0, 0, 0, fmt.Errorf("STARGZ magic string must be included in the footer subfield") - } - tocOffset, err = strconv.ParseInt(string(subfield[:16]), 16, 64) - if err != nil { - return 0, 0, 0, fmt.Errorf("legacy: failed to parse toc offset: %w", err) - } - return tocOffset, tocOffset, 0, nil -} - -func (gz *GzipDecompressor) FooterSize() int64 { - return FooterSize -} - -func (gz *GzipDecompressor) DecompressTOC(r io.Reader) (tocJSON io.ReadCloser, err error) { - return decompressTOCEStargz(r) -} - -type LegacyGzipDecompressor struct{} - -func (gz *LegacyGzipDecompressor) Reader(r io.Reader) (io.ReadCloser, error) { - return gzip.NewReader(r) -} - -func (gz *LegacyGzipDecompressor) ParseTOC(r io.Reader) (toc *JTOC, tocDgst digest.Digest, err error) { - return parseTOCEStargz(r) -} - -func (gz *LegacyGzipDecompressor) ParseFooter(p []byte) (blobPayloadSize, tocOffset, tocSize int64, err error) { - if len(p) != legacyFooterSize { - return 0, 0, 0, fmt.Errorf("legacy: invalid length %d cannot be parsed", len(p)) - } - zr, err := gzip.NewReader(bytes.NewReader(p)) - if err != nil { - return 0, 0, 0, fmt.Errorf("legacy: failed to get footer gzip reader: %w", err) - } - defer zr.Close() - extra := zr.Extra - if len(extra) != 16+len("STARGZ") { - return 0, 0, 0, fmt.Errorf("legacy: invalid stargz's extra field size") - } - if string(extra[16:]) != "STARGZ" { - return 0, 0, 0, fmt.Errorf("legacy: magic string STARGZ not found") - } - tocOffset, err = strconv.ParseInt(string(extra[:16]), 16, 64) - if err != nil { - return 0, 0, 0, fmt.Errorf("legacy: failed to parse toc offset: %w", err) - } - return tocOffset, tocOffset, 0, nil -} - -func (gz *LegacyGzipDecompressor) FooterSize() int64 { - return legacyFooterSize -} - -func (gz *LegacyGzipDecompressor) DecompressTOC(r io.Reader) (tocJSON io.ReadCloser, err error) { - return decompressTOCEStargz(r) -} - -func parseTOCEStargz(r io.Reader) (toc *JTOC, tocDgst digest.Digest, err error) { - tr, err := decompressTOCEStargz(r) - if err != nil { - return nil, "", err - } - dgstr := digest.Canonical.Digester() - toc = new(JTOC) - if err := json.NewDecoder(io.TeeReader(tr, dgstr.Hash())).Decode(&toc); err != nil { - return nil, "", fmt.Errorf("error decoding TOC JSON: %v", err) - } - if err := tr.Close(); err != nil { - return nil, "", err - } - return toc, dgstr.Digest(), nil -} - -func decompressTOCEStargz(r io.Reader) (tocJSON io.ReadCloser, err error) { - zr, err := gzip.NewReader(r) - if err != nil { - return nil, fmt.Errorf("malformed TOC gzip header: %v", err) - } - zr.Multistream(false) - tr := tar.NewReader(zr) - h, err := tr.Next() - if err != nil { - return nil, fmt.Errorf("failed to find tar header in TOC gzip stream: %v", err) - } - if h.Name != TOCTarName { - return nil, fmt.Errorf("TOC tar entry had name %q; expected %q", h.Name, TOCTarName) - } - return readCloser{tr, zr.Close}, nil -} diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go deleted file mode 100644 index ff165e090e..0000000000 --- a/vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go +++ /dev/null @@ -1,2403 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -/* - Copyright 2019 The Go Authors. All rights reserved. - Use of this source code is governed by a BSD-style - license that can be found in the LICENSE file. -*/ - -package estargz - -import ( - "archive/tar" - "bytes" - "compress/gzip" - "crypto/rand" - "crypto/sha256" - "encoding/json" - "errors" - "fmt" - "io" - "math/big" - "os" - "path/filepath" - "reflect" - "sort" - "strings" - "time" - - "github.com/containerd/stargz-snapshotter/estargz/errorutil" - "github.com/klauspost/compress/zstd" - digest "github.com/opencontainers/go-digest" -) - -// TestingController is Compression with some helper methods necessary for testing. -type TestingController interface { - Compression - TestStreams(t TestingT, b []byte, streams []int64) - DiffIDOf(TestingT, []byte) string - String() string -} - -// TestingT is the minimal set of testing.T required to run the -// tests defined in CompressionTestSuite. This interface exists to prevent -// leaking the testing package from being exposed outside tests. -type TestingT interface { - Errorf(format string, args ...any) - FailNow() - Failed() bool - Fatal(args ...any) - Fatalf(format string, args ...any) - Logf(format string, args ...any) - Parallel() -} - -// Runner allows running subtests of TestingT. This exists instead of adding -// a Run method to TestingT interface because the Run implementation of -// testing.T would not satisfy the interface. -type Runner func(t TestingT, name string, fn func(t TestingT)) - -type TestRunner struct { - TestingT - Runner Runner -} - -func (r *TestRunner) Run(name string, run func(*TestRunner)) { - r.Runner(r.TestingT, name, func(t TestingT) { - run(&TestRunner{TestingT: t, Runner: r.Runner}) - }) -} - -// CompressionTestSuite tests this pkg with controllers can build valid eStargz blobs and parse them. -func CompressionTestSuite(t *TestRunner, controllers ...TestingControllerFactory) { - t.Run("testBuild", func(t *TestRunner) { t.Parallel(); testBuild(t, controllers...) }) - t.Run("testDigestAndVerify", func(t *TestRunner) { - t.Parallel() - testDigestAndVerify(t, controllers...) - }) - t.Run("testWriteAndOpen", func(t *TestRunner) { t.Parallel(); testWriteAndOpen(t, controllers...) }) -} - -type TestingControllerFactory func() TestingController - -const ( - uncompressedType int = iota - gzipType - zstdType -) - -var srcCompressions = []int{ - uncompressedType, - gzipType, - zstdType, -} - -var allowedPrefix = [4]string{"", "./", "/", "../"} - -// testBuild tests the resulting stargz blob built by this pkg has the same -// contents as the normal stargz blob. -func testBuild(t *TestRunner, controllers ...TestingControllerFactory) { - tests := []struct { - name string - chunkSize int - minChunkSize []int - in []tarEntry - }{ - { - name: "regfiles and directories", - chunkSize: 4, - in: tarOf( - file("foo", "test1"), - dir("foo2/"), - file("foo2/bar", "test2", xAttr(map[string]string{"test": "sample"})), - ), - }, - { - name: "empty files", - chunkSize: 4, - in: tarOf( - file("foo", "tttttt"), - file("foo_empty", ""), - file("foo2", "tttttt"), - file("foo_empty2", ""), - file("foo3", "tttttt"), - file("foo_empty3", ""), - file("foo4", "tttttt"), - file("foo_empty4", ""), - file("foo5", "tttttt"), - file("foo_empty5", ""), - file("foo6", "tttttt"), - ), - }, - { - name: "various files", - chunkSize: 4, - minChunkSize: []int{0, 64000}, - in: tarOf( - file("baz.txt", "bazbazbazbazbazbazbaz"), - file("foo1.txt", "a"), - file("bar/foo2.txt", "b"), - file("foo3.txt", "c"), - symlink("barlink", "test/bar.txt"), - dir("test/"), - dir("dev/"), - blockdev("dev/testblock", 3, 4), - fifo("dev/testfifo"), - chardev("dev/testchar1", 5, 6), - file("test/bar.txt", "testbartestbar", xAttr(map[string]string{"test2": "sample2"})), - dir("test2/"), - link("test2/bazlink", "baz.txt"), - chardev("dev/testchar2", 1, 2), - ), - }, - { - name: "no contents", - chunkSize: 4, - in: tarOf( - file("baz.txt", ""), - symlink("barlink", "test/bar.txt"), - dir("test/"), - dir("dev/"), - blockdev("dev/testblock", 3, 4), - fifo("dev/testfifo"), - chardev("dev/testchar1", 5, 6), - file("test/bar.txt", "", xAttr(map[string]string{"test2": "sample2"})), - dir("test2/"), - link("test2/bazlink", "baz.txt"), - chardev("dev/testchar2", 1, 2), - ), - }, - } - for _, tt := range tests { - if len(tt.minChunkSize) == 0 { - tt.minChunkSize = []int{0} - } - for _, srcCompression := range srcCompressions { - srcCompression := srcCompression - for _, newCL := range controllers { - newCL := newCL - for _, srcTarFormat := range []tar.Format{tar.FormatUSTAR, tar.FormatPAX, tar.FormatGNU} { - srcTarFormat := srcTarFormat - for _, prefix := range allowedPrefix { - prefix := prefix - for _, minChunkSize := range tt.minChunkSize { - minChunkSize := minChunkSize - t.Run(tt.name+"-"+fmt.Sprintf("compression=%v,prefix=%q,src=%d,format=%s,minChunkSize=%d", newCL(), prefix, srcCompression, srcTarFormat, minChunkSize), func(t *TestRunner) { - tarBlob := buildTar(t, tt.in, prefix, srcTarFormat) - // Test divideEntries() - entries, err := sortEntries(tarBlob, nil, nil) // identical order - if err != nil { - t.Fatalf("failed to parse tar: %v", err) - } - var merged []*entry - for _, part := range divideEntries(entries, 4) { - merged = append(merged, part...) - } - if !reflect.DeepEqual(entries, merged) { - for _, e := range entries { - t.Logf("Original: %v", e.header) - } - for _, e := range merged { - t.Logf("Merged: %v", e.header) - } - t.Errorf("divided entries couldn't be merged") - return - } - - // Prepare sample data - cl1 := newCL() - wantBuf := new(bytes.Buffer) - sw := NewWriterWithCompressor(wantBuf, cl1) - sw.MinChunkSize = minChunkSize - sw.ChunkSize = tt.chunkSize - if err := sw.AppendTar(tarBlob); err != nil { - t.Fatalf("failed to append tar to want stargz: %v", err) - } - if _, err := sw.Close(); err != nil { - t.Fatalf("failed to prepare want stargz: %v", err) - } - wantData := wantBuf.Bytes() - want, err := Open(io.NewSectionReader( - bytes.NewReader(wantData), 0, int64(len(wantData))), - WithDecompressors(cl1), - ) - if err != nil { - t.Fatalf("failed to parse the want stargz: %v", err) - } - - // Prepare testing data - var opts []Option - if minChunkSize > 0 { - opts = append(opts, WithMinChunkSize(minChunkSize)) - } - cl2 := newCL() - rc, err := Build(compressBlob(t, tarBlob, srcCompression), - append(opts, WithChunkSize(tt.chunkSize), WithCompression(cl2))...) - if err != nil { - t.Fatalf("failed to build stargz: %v", err) - } - defer rc.Close() - gotBuf := new(bytes.Buffer) - if _, err := io.Copy(gotBuf, rc); err != nil { - t.Fatalf("failed to copy built stargz blob: %v", err) - } - gotData := gotBuf.Bytes() - got, err := Open(io.NewSectionReader( - bytes.NewReader(gotBuf.Bytes()), 0, int64(len(gotData))), - WithDecompressors(cl2), - ) - if err != nil { - t.Fatalf("failed to parse the got stargz: %v", err) - } - - // Check DiffID is properly calculated - rc.Close() - diffID := rc.DiffID() - wantDiffID := cl2.DiffIDOf(t, gotData) - if diffID.String() != wantDiffID { - t.Errorf("DiffID = %q; want %q", diffID, wantDiffID) - } - - // Compare as stargz - if !isSameVersion(t, cl1, wantData, cl2, gotData) { - t.Errorf("built stargz hasn't same json") - return - } - if !isSameEntries(t, want, got) { - t.Errorf("built stargz isn't same as the original") - return - } - - // Compare as tar.gz - if !isSameTarGz(t, cl1, wantData, cl2, gotData) { - t.Errorf("built stargz isn't same tar.gz") - return - } - }) - } - } - } - } - } - } -} - -func isSameTarGz(t TestingT, cla TestingController, a []byte, clb TestingController, b []byte) bool { - aGz, err := cla.Reader(bytes.NewReader(a)) - if err != nil { - t.Fatalf("failed to read A") - } - defer aGz.Close() - bGz, err := clb.Reader(bytes.NewReader(b)) - if err != nil { - t.Fatalf("failed to read B") - } - defer bGz.Close() - - // Same as tar's Next() method but ignores landmarks and TOCJSON file - next := func(r *tar.Reader) (h *tar.Header, err error) { - for { - if h, err = r.Next(); err != nil { - return - } - if h.Name != PrefetchLandmark && - h.Name != NoPrefetchLandmark && - h.Name != TOCTarName { - return - } - } - } - - aTar := tar.NewReader(aGz) - bTar := tar.NewReader(bGz) - for { - // Fetch and parse next header. - aH, aErr := next(aTar) - bH, bErr := next(bTar) - if aErr != nil || bErr != nil { - if aErr == io.EOF && bErr == io.EOF { - break - } - t.Fatalf("Failed to parse tar file: A: %v, B: %v", aErr, bErr) - } - if !reflect.DeepEqual(aH, bH) { - t.Logf("different header (A = %v; B = %v)", aH, bH) - return false - - } - aFile, err := io.ReadAll(aTar) - if err != nil { - t.Fatal("failed to read tar payload of A") - } - bFile, err := io.ReadAll(bTar) - if err != nil { - t.Fatal("failed to read tar payload of B") - } - if !bytes.Equal(aFile, bFile) { - t.Logf("different tar payload (A = %q; B = %q)", string(a), string(b)) - return false - } - } - - return true -} - -func isSameVersion(t TestingT, cla TestingController, a []byte, clb TestingController, b []byte) bool { - aJTOC, _, err := parseStargz(io.NewSectionReader(bytes.NewReader(a), 0, int64(len(a))), cla) - if err != nil { - t.Fatalf("failed to parse A: %v", err) - } - bJTOC, _, err := parseStargz(io.NewSectionReader(bytes.NewReader(b), 0, int64(len(b))), clb) - if err != nil { - t.Fatalf("failed to parse B: %v", err) - } - t.Logf("A: TOCJSON: %v", dumpTOCJSON(t, aJTOC)) - t.Logf("B: TOCJSON: %v", dumpTOCJSON(t, bJTOC)) - return aJTOC.Version == bJTOC.Version -} - -func isSameEntries(t TestingT, a, b *Reader) bool { - aroot, ok := a.Lookup("") - if !ok { - t.Fatalf("failed to get root of A") - } - broot, ok := b.Lookup("") - if !ok { - t.Fatalf("failed to get root of B") - } - aEntry := stargzEntry{aroot, a} - bEntry := stargzEntry{broot, b} - return contains(t, aEntry, bEntry) && contains(t, bEntry, aEntry) -} - -func compressBlob(t TestingT, src *io.SectionReader, srcCompression int) *io.SectionReader { - buf := new(bytes.Buffer) - var w io.WriteCloser - var err error - switch srcCompression { - case gzipType: - w = gzip.NewWriter(buf) - case zstdType: - w, err = zstd.NewWriter(buf) - if err != nil { - t.Fatalf("failed to init zstd writer: %v", err) - } - default: - return src - } - src.Seek(0, io.SeekStart) - if _, err := io.Copy(w, src); err != nil { - t.Fatalf("failed to compress source") - } - if err := w.Close(); err != nil { - t.Fatalf("failed to finalize compress source") - } - data := buf.Bytes() - return io.NewSectionReader(bytes.NewReader(data), 0, int64(len(data))) - -} - -type stargzEntry struct { - e *TOCEntry - r *Reader -} - -// contains checks if all child entries in "b" are also contained in "a". -// This function also checks if the files/chunks contain the same contents among "a" and "b". -func contains(t TestingT, a, b stargzEntry) bool { - ae, ar := a.e, a.r - be, br := b.e, b.r - t.Logf("Comparing: %q vs %q", ae.Name, be.Name) - if !equalEntry(ae, be) { - t.Logf("%q != %q: entry: a: %v, b: %v", ae.Name, be.Name, ae, be) - return false - } - if ae.Type == "dir" { - t.Logf("Directory: %q vs %q: %v vs %v", ae.Name, be.Name, - allChildrenName(ae), allChildrenName(be)) - iscontain := true - ae.ForeachChild(func(aBaseName string, aChild *TOCEntry) bool { - // Walk through all files on this stargz file. - - if aChild.Name == PrefetchLandmark || - aChild.Name == NoPrefetchLandmark { - return true // Ignore landmarks - } - - // Ignore a TOCEntry of "./" (formated as "" by stargz lib) on root directory - // because this points to the root directory itself. - if aChild.Name == "" && ae.Name == "" { - return true - } - - bChild, ok := be.LookupChild(aBaseName) - if !ok { - t.Logf("%q (base: %q): not found in b: %v", - ae.Name, aBaseName, allChildrenName(be)) - iscontain = false - return false - } - - childcontain := contains(t, stargzEntry{aChild, a.r}, stargzEntry{bChild, b.r}) - if !childcontain { - t.Logf("%q != %q: non-equal dir", ae.Name, be.Name) - iscontain = false - return false - } - return true - }) - return iscontain - } else if ae.Type == "reg" { - af, err := ar.OpenFile(ae.Name) - if err != nil { - t.Fatalf("failed to open file %q on A: %v", ae.Name, err) - } - bf, err := br.OpenFile(be.Name) - if err != nil { - t.Fatalf("failed to open file %q on B: %v", be.Name, err) - } - - var nr int64 - for nr < ae.Size { - abytes, anext, aok := readOffset(t, af, nr, a) - bbytes, bnext, bok := readOffset(t, bf, nr, b) - if !aok && !bok { - break - } else if !aok || !bok || anext != bnext { - t.Logf("%q != %q (offset=%d): chunk existence a=%v vs b=%v, anext=%v vs bnext=%v", - ae.Name, be.Name, nr, aok, bok, anext, bnext) - return false - } - nr = anext - if !bytes.Equal(abytes, bbytes) { - t.Logf("%q != %q: different contents %v vs %v", - ae.Name, be.Name, string(abytes), string(bbytes)) - return false - } - } - return true - } - - return true -} - -func allChildrenName(e *TOCEntry) (children []string) { - e.ForeachChild(func(baseName string, _ *TOCEntry) bool { - children = append(children, baseName) - return true - }) - return -} - -func equalEntry(a, b *TOCEntry) bool { - // Here, we selectively compare fileds that we are interested in. - return a.Name == b.Name && - a.Type == b.Type && - a.Size == b.Size && - a.ModTime3339 == b.ModTime3339 && - a.Stat().ModTime().Equal(b.Stat().ModTime()) && // modTime time.Time - a.LinkName == b.LinkName && - a.Mode == b.Mode && - a.UID == b.UID && - a.GID == b.GID && - a.Uname == b.Uname && - a.Gname == b.Gname && - (a.Offset >= 0) == (b.Offset >= 0) && - (a.NextOffset() > 0) == (b.NextOffset() > 0) && - a.DevMajor == b.DevMajor && - a.DevMinor == b.DevMinor && - a.NumLink == b.NumLink && - reflect.DeepEqual(a.Xattrs, b.Xattrs) && - // chunk-related infomations aren't compared in this function. - // ChunkOffset int64 `json:"chunkOffset,omitempty"` - // ChunkSize int64 `json:"chunkSize,omitempty"` - // children map[string]*TOCEntry - a.Digest == b.Digest -} - -func readOffset(t TestingT, r *io.SectionReader, offset int64, e stargzEntry) ([]byte, int64, bool) { - ce, ok := e.r.ChunkEntryForOffset(e.e.Name, offset) - if !ok { - return nil, 0, false - } - data := make([]byte, ce.ChunkSize) - t.Logf("Offset: %v, NextOffset: %v", ce.Offset, ce.NextOffset()) - n, err := r.ReadAt(data, ce.ChunkOffset) - if err != nil { - t.Fatalf("failed to read file payload of %q (offset:%d,size:%d): %v", - e.e.Name, ce.ChunkOffset, ce.ChunkSize, err) - } - if int64(n) != ce.ChunkSize { - t.Fatalf("unexpected copied data size %d; want %d", - n, ce.ChunkSize) - } - return data[:n], offset + ce.ChunkSize, true -} - -func dumpTOCJSON(t TestingT, tocJSON *JTOC) string { - jtocData, err := json.Marshal(*tocJSON) - if err != nil { - t.Fatalf("failed to marshal TOC JSON: %v", err) - } - buf := new(bytes.Buffer) - if _, err := io.Copy(buf, bytes.NewReader(jtocData)); err != nil { - t.Fatalf("failed to read toc json blob: %v", err) - } - return buf.String() -} - -const chunkSize = 3 - -type check func(t *TestRunner, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) - -// testDigestAndVerify runs specified checks against sample stargz blobs. -func testDigestAndVerify(t *TestRunner, controllers ...TestingControllerFactory) { - tests := []struct { - name string - tarInit func(t TestingT, dgstMap map[string]digest.Digest) (blob []tarEntry) - checks []check - minChunkSize []int - }{ - { - name: "no-regfile", - tarInit: func(t TestingT, dgstMap map[string]digest.Digest) (blob []tarEntry) { - return tarOf( - dir("test/"), - ) - }, - checks: []check{ - checkStargzTOC, - checkVerifyTOC, - checkVerifyInvalidStargzFail(buildTar(t, tarOf( - dir("test2/"), // modified - ), allowedPrefix[0])), - }, - }, - { - name: "small-files", - tarInit: func(t TestingT, dgstMap map[string]digest.Digest) (blob []tarEntry) { - return tarOf( - regDigest(t, "baz.txt", "", dgstMap), - regDigest(t, "foo.txt", "a", dgstMap), - dir("test/"), - regDigest(t, "test/bar.txt", "bbb", dgstMap), - ) - }, - minChunkSize: []int{0, 64000}, - checks: []check{ - checkStargzTOC, - checkVerifyTOC, - checkVerifyInvalidStargzFail(buildTar(t, tarOf( - file("baz.txt", ""), - file("foo.txt", "M"), // modified - dir("test/"), - file("test/bar.txt", "bbb"), - ), allowedPrefix[0])), - // checkVerifyInvalidTOCEntryFail("foo.txt"), // TODO - checkVerifyBrokenContentFail("foo.txt"), - }, - }, - { - name: "big-files", - tarInit: func(t TestingT, dgstMap map[string]digest.Digest) (blob []tarEntry) { - return tarOf( - regDigest(t, "baz.txt", "bazbazbazbazbazbazbaz", dgstMap), - regDigest(t, "foo.txt", "a", dgstMap), - dir("test/"), - regDigest(t, "test/bar.txt", "testbartestbar", dgstMap), - ) - }, - checks: []check{ - checkStargzTOC, - checkVerifyTOC, - checkVerifyInvalidStargzFail(buildTar(t, tarOf( - file("baz.txt", "bazbazbazMMMbazbazbaz"), // modified - file("foo.txt", "a"), - dir("test/"), - file("test/bar.txt", "testbartestbar"), - ), allowedPrefix[0])), - checkVerifyInvalidTOCEntryFail("test/bar.txt"), - checkVerifyBrokenContentFail("test/bar.txt"), - }, - }, - { - name: "with-non-regfiles", - minChunkSize: []int{0, 64000}, - tarInit: func(t TestingT, dgstMap map[string]digest.Digest) (blob []tarEntry) { - return tarOf( - regDigest(t, "baz.txt", "bazbazbazbazbazbazbaz", dgstMap), - regDigest(t, "foo.txt", "a", dgstMap), - regDigest(t, "bar/foo2.txt", "b", dgstMap), - regDigest(t, "foo3.txt", "c", dgstMap), - symlink("barlink", "test/bar.txt"), - dir("test/"), - regDigest(t, "test/bar.txt", "testbartestbar", dgstMap), - dir("test2/"), - link("test2/bazlink", "baz.txt"), - ) - }, - checks: []check{ - checkStargzTOC, - checkVerifyTOC, - checkVerifyInvalidStargzFail(buildTar(t, tarOf( - file("baz.txt", "bazbazbazbazbazbazbaz"), - file("foo.txt", "a"), - file("bar/foo2.txt", "b"), - file("foo3.txt", "c"), - symlink("barlink", "test/bar.txt"), - dir("test/"), - file("test/bar.txt", "testbartestbar"), - dir("test2/"), - link("test2/bazlink", "foo.txt"), // modified - ), allowedPrefix[0])), - checkVerifyInvalidTOCEntryFail("test/bar.txt"), - checkVerifyBrokenContentFail("test/bar.txt"), - }, - }, - } - - for _, tt := range tests { - if len(tt.minChunkSize) == 0 { - tt.minChunkSize = []int{0} - } - for _, srcCompression := range srcCompressions { - srcCompression := srcCompression - for _, newCL := range controllers { - newCL := newCL - for _, prefix := range allowedPrefix { - prefix := prefix - for _, srcTarFormat := range []tar.Format{tar.FormatUSTAR, tar.FormatPAX, tar.FormatGNU} { - srcTarFormat := srcTarFormat - for _, minChunkSize := range tt.minChunkSize { - minChunkSize := minChunkSize - t.Run(tt.name+"-"+fmt.Sprintf("compression=%v,prefix=%q,format=%s,minChunkSize=%d", newCL(), prefix, srcTarFormat, minChunkSize), func(t *TestRunner) { - // Get original tar file and chunk digests - dgstMap := make(map[string]digest.Digest) - tarBlob := buildTar(t, tt.tarInit(t, dgstMap), prefix, srcTarFormat) - - cl := newCL() - rc, err := Build(compressBlob(t, tarBlob, srcCompression), - WithChunkSize(chunkSize), WithCompression(cl)) - if err != nil { - t.Fatalf("failed to convert stargz: %v", err) - } - tocDigest := rc.TOCDigest() - defer rc.Close() - buf := new(bytes.Buffer) - if _, err := io.Copy(buf, rc); err != nil { - t.Fatalf("failed to copy built stargz blob: %v", err) - } - newStargz := buf.Bytes() - // NoPrefetchLandmark is added during `Bulid`, which is expected behaviour. - dgstMap[chunkID(NoPrefetchLandmark, 0, int64(len([]byte{landmarkContents})))] = digest.FromBytes([]byte{landmarkContents}) - - for _, check := range tt.checks { - check(t, newStargz, tocDigest, dgstMap, cl, newCL) - } - }) - } - } - } - } - } - } -} - -// checkStargzTOC checks the TOC JSON of the passed stargz has the expected -// digest and contains valid chunks. It walks all entries in the stargz and -// checks all chunk digests stored to the TOC JSON match the actual contents. -func checkStargzTOC(t *TestRunner, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) { - sgz, err := Open( - io.NewSectionReader(bytes.NewReader(sgzData), 0, int64(len(sgzData))), - WithDecompressors(controller), - ) - if err != nil { - t.Errorf("failed to parse converted stargz: %v", err) - return - } - digestMapTOC, err := listDigests(io.NewSectionReader( - bytes.NewReader(sgzData), 0, int64(len(sgzData))), - controller, - ) - if err != nil { - t.Fatalf("failed to list digest: %v", err) - } - found := make(map[string]bool) - for id := range dgstMap { - found[id] = false - } - zr, err := controller.Reader(bytes.NewReader(sgzData)) - if err != nil { - t.Fatalf("failed to decompress converted stargz: %v", err) - } - defer zr.Close() - tr := tar.NewReader(zr) - for { - h, err := tr.Next() - if err != nil { - if err != io.EOF { - t.Errorf("failed to read tar entry: %v", err) - return - } - break - } - if h.Name == TOCTarName { - // Check the digest of TOC JSON based on the actual contents - // It's sure that TOC JSON exists in this archive because - // Open succeeded. - dgstr := digest.Canonical.Digester() - if _, err := io.Copy(dgstr.Hash(), tr); err != nil { - t.Fatalf("failed to calculate digest of TOC JSON: %v", - err) - } - if dgstr.Digest() != tocDigest { - t.Errorf("invalid TOC JSON %q; want %q", tocDigest, dgstr.Digest()) - } - continue - } - if _, ok := sgz.Lookup(h.Name); !ok { - t.Errorf("lost stargz entry %q in the converted TOC", h.Name) - return - } - var n int64 - for n < h.Size { - ce, ok := sgz.ChunkEntryForOffset(h.Name, n) - if !ok { - t.Errorf("lost chunk %q(offset=%d) in the converted TOC", - h.Name, n) - return - } - - // Get the original digest to make sure the file contents are kept unchanged - // from the original tar, during the whole conversion steps. - id := chunkID(h.Name, n, ce.ChunkSize) - want, ok := dgstMap[id] - if !ok { - t.Errorf("Unexpected chunk %q(offset=%d,size=%d): %v", - h.Name, n, ce.ChunkSize, dgstMap) - return - } - found[id] = true - - // Check the file contents - dgstr := digest.Canonical.Digester() - if _, err := io.CopyN(dgstr.Hash(), tr, ce.ChunkSize); err != nil { - t.Fatalf("failed to calculate digest of %q (offset=%d,size=%d)", - h.Name, n, ce.ChunkSize) - } - if want != dgstr.Digest() { - t.Errorf("Invalid contents in converted stargz %q: %q; want %q", - h.Name, dgstr.Digest(), want) - return - } - - // Check the digest stored in TOC JSON - dgstTOC, ok := digestMapTOC[ce.Offset] - if !ok { - t.Errorf("digest of %q(offset=%d,size=%d,chunkOffset=%d) isn't registered", - h.Name, ce.Offset, ce.ChunkSize, ce.ChunkOffset) - } - if want != dgstTOC { - t.Errorf("Invalid digest in TOCEntry %q: %q; want %q", - h.Name, dgstTOC, want) - return - } - - n += ce.ChunkSize - } - } - - for id, ok := range found { - if !ok { - t.Errorf("required chunk %q not found in the converted stargz: %v", id, found) - } - } -} - -// checkVerifyTOC checks the verification works for the TOC JSON of the passed -// stargz. It walks all entries in the stargz and checks the verifications for -// all chunks work. -func checkVerifyTOC(t *TestRunner, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) { - sgz, err := Open( - io.NewSectionReader(bytes.NewReader(sgzData), 0, int64(len(sgzData))), - WithDecompressors(controller), - ) - if err != nil { - t.Errorf("failed to parse converted stargz: %v", err) - return - } - ev, err := sgz.VerifyTOC(tocDigest) - if err != nil { - t.Errorf("failed to verify stargz: %v", err) - return - } - - found := make(map[string]bool) - for id := range dgstMap { - found[id] = false - } - zr, err := controller.Reader(bytes.NewReader(sgzData)) - if err != nil { - t.Fatalf("failed to decompress converted stargz: %v", err) - } - defer zr.Close() - tr := tar.NewReader(zr) - for { - h, err := tr.Next() - if err != nil { - if err != io.EOF { - t.Errorf("failed to read tar entry: %v", err) - return - } - break - } - if h.Name == TOCTarName { - continue - } - if _, ok := sgz.Lookup(h.Name); !ok { - t.Errorf("lost stargz entry %q in the converted TOC", h.Name) - return - } - var n int64 - for n < h.Size { - ce, ok := sgz.ChunkEntryForOffset(h.Name, n) - if !ok { - t.Errorf("lost chunk %q(offset=%d) in the converted TOC", - h.Name, n) - return - } - - v, err := ev.Verifier(ce) - if err != nil { - t.Errorf("failed to get verifier for %q(offset=%d)", h.Name, n) - } - - found[chunkID(h.Name, n, ce.ChunkSize)] = true - - // Check the file contents - if _, err := io.CopyN(v, tr, ce.ChunkSize); err != nil { - t.Fatalf("failed to get chunk of %q (offset=%d,size=%d)", - h.Name, n, ce.ChunkSize) - } - if !v.Verified() { - t.Errorf("Invalid contents in converted stargz %q (should be succeeded)", - h.Name) - return - } - n += ce.ChunkSize - } - } - - for id, ok := range found { - if !ok { - t.Errorf("required chunk %q not found in the converted stargz: %v", id, found) - } - } -} - -// checkVerifyInvalidTOCEntryFail checks if misconfigured TOC JSON can be -// detected during the verification and the verification returns an error. -func checkVerifyInvalidTOCEntryFail(filename string) check { - return func(t *TestRunner, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) { - funcs := map[string]rewriteFunc{ - "lost digest in a entry": func(t TestingT, toc *JTOC, sgz *io.SectionReader) { - var found bool - for _, e := range toc.Entries { - if cleanEntryName(e.Name) == filename { - if e.Type != "reg" && e.Type != "chunk" { - t.Fatalf("entry %q to break must be regfile or chunk", filename) - } - if e.ChunkDigest == "" { - t.Fatalf("entry %q is already invalid", filename) - } - e.ChunkDigest = "" - found = true - } - } - if !found { - t.Fatalf("rewrite target not found") - } - }, - "duplicated entry offset": func(t TestingT, toc *JTOC, sgz *io.SectionReader) { - var ( - sampleEntry *TOCEntry - targetEntry *TOCEntry - ) - for _, e := range toc.Entries { - if e.Type == "reg" || e.Type == "chunk" { - if cleanEntryName(e.Name) == filename { - targetEntry = e - } else { - sampleEntry = e - } - } - } - if sampleEntry == nil { - t.Fatalf("TOC must contain at least one regfile or chunk entry other than the rewrite target") - return - } - if targetEntry == nil { - t.Fatalf("rewrite target not found") - return - } - targetEntry.Offset = sampleEntry.Offset - }, - } - - for name, rFunc := range funcs { - t.Run(name, func(t *TestRunner) { - newSgz, newTocDigest := rewriteTOCJSON(t, io.NewSectionReader(bytes.NewReader(sgzData), 0, int64(len(sgzData))), rFunc, controller) - buf := new(bytes.Buffer) - if _, err := io.Copy(buf, newSgz); err != nil { - t.Fatalf("failed to get converted stargz") - } - isgz := buf.Bytes() - - sgz, err := Open( - io.NewSectionReader(bytes.NewReader(isgz), 0, int64(len(isgz))), - WithDecompressors(controller), - ) - if err != nil { - t.Fatalf("failed to parse converted stargz: %v", err) - return - } - _, err = sgz.VerifyTOC(newTocDigest) - if err == nil { - t.Errorf("must fail for invalid TOC") - return - } - }) - } - } -} - -// checkVerifyInvalidStargzFail checks if the verification detects that the -// given stargz file doesn't match to the expected digest and returns error. -func checkVerifyInvalidStargzFail(invalid *io.SectionReader) check { - return func(t *TestRunner, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) { - cl := newController() - rc, err := Build(invalid, WithChunkSize(chunkSize), WithCompression(cl)) - if err != nil { - t.Fatalf("failed to convert stargz: %v", err) - } - defer rc.Close() - buf := new(bytes.Buffer) - if _, err := io.Copy(buf, rc); err != nil { - t.Fatalf("failed to copy built stargz blob: %v", err) - } - mStargz := buf.Bytes() - - sgz, err := Open( - io.NewSectionReader(bytes.NewReader(mStargz), 0, int64(len(mStargz))), - WithDecompressors(cl), - ) - if err != nil { - t.Fatalf("failed to parse converted stargz: %v", err) - return - } - _, err = sgz.VerifyTOC(tocDigest) - if err == nil { - t.Errorf("must fail for invalid TOC") - return - } - } -} - -// checkVerifyBrokenContentFail checks if the verifier detects broken contents -// that doesn't match to the expected digest and returns error. -func checkVerifyBrokenContentFail(filename string) check { - return func(t *TestRunner, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) { - // Parse stargz file - sgz, err := Open( - io.NewSectionReader(bytes.NewReader(sgzData), 0, int64(len(sgzData))), - WithDecompressors(controller), - ) - if err != nil { - t.Fatalf("failed to parse converted stargz: %v", err) - return - } - ev, err := sgz.VerifyTOC(tocDigest) - if err != nil { - t.Fatalf("failed to verify stargz: %v", err) - return - } - - // Open the target file - sr, err := sgz.OpenFile(filename) - if err != nil { - t.Fatalf("failed to open file %q", filename) - } - ce, ok := sgz.ChunkEntryForOffset(filename, 0) - if !ok { - t.Fatalf("lost chunk %q(offset=%d) in the converted TOC", filename, 0) - return - } - if ce.ChunkSize == 0 { - t.Fatalf("file mustn't be empty") - return - } - data := make([]byte, ce.ChunkSize) - if _, err := sr.ReadAt(data, ce.ChunkOffset); err != nil { - t.Errorf("failed to get data of a chunk of %q(offset=%q)", - filename, ce.ChunkOffset) - } - - // Check the broken chunk (must fail) - v, err := ev.Verifier(ce) - if err != nil { - t.Fatalf("failed to get verifier for %q", filename) - } - broken := append([]byte{^data[0]}, data[1:]...) - if _, err := io.CopyN(v, bytes.NewReader(broken), ce.ChunkSize); err != nil { - t.Fatalf("failed to get chunk of %q (offset=%d,size=%d)", - filename, ce.ChunkOffset, ce.ChunkSize) - } - if v.Verified() { - t.Errorf("verification must fail for broken file chunk %q(org:%q,broken:%q)", - filename, data, broken) - } - } -} - -func chunkID(name string, offset, size int64) string { - return fmt.Sprintf("%s-%d-%d", cleanEntryName(name), offset, size) -} - -type rewriteFunc func(t TestingT, toc *JTOC, sgz *io.SectionReader) - -func rewriteTOCJSON(t TestingT, sgz *io.SectionReader, rewrite rewriteFunc, controller TestingController) (newSgz io.Reader, tocDigest digest.Digest) { - decodedJTOC, jtocOffset, err := parseStargz(sgz, controller) - if err != nil { - t.Fatalf("failed to extract TOC JSON: %v", err) - } - - rewrite(t, decodedJTOC, sgz) - - tocFooter, tocDigest, err := tocAndFooter(controller, decodedJTOC, jtocOffset) - if err != nil { - t.Fatalf("failed to create toc and footer: %v", err) - } - - // Reconstruct stargz file with the modified TOC JSON - if _, err := sgz.Seek(0, io.SeekStart); err != nil { - t.Fatalf("failed to reset the seek position of stargz: %v", err) - } - return io.MultiReader( - io.LimitReader(sgz, jtocOffset), // Original stargz (before TOC JSON) - tocFooter, // Rewritten TOC and footer - ), tocDigest -} - -func listDigests(sgz *io.SectionReader, controller TestingController) (map[int64]digest.Digest, error) { - decodedJTOC, _, err := parseStargz(sgz, controller) - if err != nil { - return nil, err - } - digestMap := make(map[int64]digest.Digest) - for _, e := range decodedJTOC.Entries { - if e.Type == "reg" || e.Type == "chunk" { - if e.Type == "reg" && e.Size == 0 { - continue // ignores empty file - } - if e.ChunkDigest == "" { - return nil, fmt.Errorf("ChunkDigest of %q(off=%d) not found in TOC JSON", - e.Name, e.Offset) - } - d, err := digest.Parse(e.ChunkDigest) - if err != nil { - return nil, err - } - digestMap[e.Offset] = d - } - } - return digestMap, nil -} - -func parseStargz(sgz *io.SectionReader, controller TestingController) (decodedJTOC *JTOC, jtocOffset int64, err error) { - fSize := controller.FooterSize() - footer := make([]byte, fSize) - if _, err := sgz.ReadAt(footer, sgz.Size()-fSize); err != nil { - return nil, 0, fmt.Errorf("error reading footer: %w", err) - } - _, tocOffset, _, err := controller.ParseFooter(footer[positive(int64(len(footer))-fSize):]) - if err != nil { - return nil, 0, fmt.Errorf("failed to parse footer: %w", err) - } - - // Decode the TOC JSON - var tocReader io.Reader - if tocOffset >= 0 { - tocReader = io.NewSectionReader(sgz, tocOffset, sgz.Size()-tocOffset-fSize) - } - decodedJTOC, _, err = controller.ParseTOC(tocReader) - if err != nil { - return nil, 0, fmt.Errorf("failed to parse TOC: %w", err) - } - return decodedJTOC, tocOffset, nil -} - -func testWriteAndOpen(t *TestRunner, controllers ...TestingControllerFactory) { - const content = "Some contents" - invalidUtf8 := "\xff\xfe\xfd" - - xAttrFile := xAttr{"foo": "bar", "invalid-utf8": invalidUtf8} - sampleOwner := owner{uid: 50, gid: 100} - - data64KB := randomContents(64000) - - tests := []struct { - name string - chunkSize int - minChunkSize int - in []tarEntry - want []stargzCheck - wantNumGz int // expected number of streams - - wantNumGzLossLess int // expected number of streams (> 0) in lossless mode if it's different from wantNumGz - wantFailOnLossLess bool - wantTOCVersion int // default = 1 - }{ - { - name: "empty", - in: tarOf(), - wantNumGz: 2, // (empty tar) + TOC + footer - want: checks( - numTOCEntries(0), - ), - }, - { - name: "1dir_1empty_file", - in: tarOf( - dir("foo/"), - file("foo/bar.txt", ""), - ), - wantNumGz: 3, // dir, TOC, footer - want: checks( - numTOCEntries(2), - hasDir("foo/"), - hasFileLen("foo/bar.txt", 0), - entryHasChildren("foo", "bar.txt"), - hasFileDigest("foo/bar.txt", digestFor("")), - ), - }, - { - name: "1dir_1file", - in: tarOf( - dir("foo/"), - file("foo/bar.txt", content, xAttrFile), - ), - wantNumGz: 4, // var dir, foo.txt alone, TOC, footer - want: checks( - numTOCEntries(2), - hasDir("foo/"), - hasFileLen("foo/bar.txt", len(content)), - hasFileDigest("foo/bar.txt", digestFor(content)), - hasFileContentsRange("foo/bar.txt", 0, content), - hasFileContentsRange("foo/bar.txt", 1, content[1:]), - entryHasChildren("", "foo"), - entryHasChildren("foo", "bar.txt"), - hasFileXattrs("foo/bar.txt", "foo", "bar"), - hasFileXattrs("foo/bar.txt", "invalid-utf8", invalidUtf8), - ), - }, - { - name: "2meta_2file", - in: tarOf( - dir("bar/", sampleOwner), - dir("foo/", sampleOwner), - file("foo/bar.txt", content, sampleOwner), - ), - wantNumGz: 4, // both dirs, foo.txt alone, TOC, footer - want: checks( - numTOCEntries(3), - hasDir("bar/"), - hasDir("foo/"), - hasFileLen("foo/bar.txt", len(content)), - entryHasChildren("", "bar", "foo"), - entryHasChildren("foo", "bar.txt"), - hasChunkEntries("foo/bar.txt", 1), - hasEntryOwner("bar/", sampleOwner), - hasEntryOwner("foo/", sampleOwner), - hasEntryOwner("foo/bar.txt", sampleOwner), - ), - }, - { - name: "3dir", - in: tarOf( - dir("bar/"), - dir("foo/"), - dir("foo/bar/"), - ), - wantNumGz: 3, // 3 dirs, TOC, footer - want: checks( - hasDirLinkCount("bar/", 2), - hasDirLinkCount("foo/", 3), - hasDirLinkCount("foo/bar/", 2), - ), - }, - { - name: "symlink", - in: tarOf( - dir("foo/"), - symlink("foo/bar", "../../x"), - ), - wantNumGz: 3, // metas + TOC + footer - want: checks( - numTOCEntries(2), - hasSymlink("foo/bar", "../../x"), - entryHasChildren("", "foo"), - entryHasChildren("foo", "bar"), - ), - }, - { - name: "chunked_file", - chunkSize: 4, - in: tarOf( - dir("foo/"), - file("foo/big.txt", "This "+"is s"+"uch "+"a bi"+"g fi"+"le"), - ), - wantNumGz: 9, // dir + big.txt(6 chunks) + TOC + footer - want: checks( - numTOCEntries(7), // 1 for foo dir, 6 for the foo/big.txt file - hasDir("foo/"), - hasFileLen("foo/big.txt", len("This is such a big file")), - hasFileDigest("foo/big.txt", digestFor("This is such a big file")), - hasFileContentsRange("foo/big.txt", 0, "This is such a big file"), - hasFileContentsRange("foo/big.txt", 1, "his is such a big file"), - hasFileContentsRange("foo/big.txt", 2, "is is such a big file"), - hasFileContentsRange("foo/big.txt", 3, "s is such a big file"), - hasFileContentsRange("foo/big.txt", 4, " is such a big file"), - hasFileContentsRange("foo/big.txt", 5, "is such a big file"), - hasFileContentsRange("foo/big.txt", 6, "s such a big file"), - hasFileContentsRange("foo/big.txt", 7, " such a big file"), - hasFileContentsRange("foo/big.txt", 8, "such a big file"), - hasFileContentsRange("foo/big.txt", 9, "uch a big file"), - hasFileContentsRange("foo/big.txt", 10, "ch a big file"), - hasFileContentsRange("foo/big.txt", 11, "h a big file"), - hasFileContentsRange("foo/big.txt", 12, " a big file"), - hasFileContentsRange("foo/big.txt", len("This is such a big file")-1, ""), - hasChunkEntries("foo/big.txt", 6), - ), - }, - { - name: "recursive", - in: tarOf( - dir("/", sampleOwner), - dir("bar/", sampleOwner), - dir("foo/", sampleOwner), - file("foo/bar.txt", content, sampleOwner), - ), - wantNumGz: 4, // dirs, bar.txt alone, TOC, footer - want: checks( - maxDepth(2), // 0: root directory, 1: "foo/", 2: "bar.txt" - ), - }, - { - name: "block_char_fifo", - in: tarOf( - tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - return w.WriteHeader(&tar.Header{ - Name: prefix + "b", - Typeflag: tar.TypeBlock, - Devmajor: 123, - Devminor: 456, - Format: format, - }) - }), - tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - return w.WriteHeader(&tar.Header{ - Name: prefix + "c", - Typeflag: tar.TypeChar, - Devmajor: 111, - Devminor: 222, - Format: format, - }) - }), - tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - return w.WriteHeader(&tar.Header{ - Name: prefix + "f", - Typeflag: tar.TypeFifo, - Format: format, - }) - }), - ), - wantNumGz: 3, - want: checks( - lookupMatch("b", &TOCEntry{Name: "b", Type: "block", DevMajor: 123, DevMinor: 456, NumLink: 1}), - lookupMatch("c", &TOCEntry{Name: "c", Type: "char", DevMajor: 111, DevMinor: 222, NumLink: 1}), - lookupMatch("f", &TOCEntry{Name: "f", Type: "fifo", NumLink: 1}), - ), - }, - { - name: "modes", - in: tarOf( - dir("foo1/", 0755|os.ModeDir|os.ModeSetgid), - file("foo1/bar1", content, 0700|os.ModeSetuid), - file("foo1/bar2", content, 0755|os.ModeSetgid), - dir("foo2/", 0755|os.ModeDir|os.ModeSticky), - file("foo2/bar3", content, 0755|os.ModeSticky), - dir("foo3/", 0755|os.ModeDir), - file("foo3/bar4", content, os.FileMode(0700)), - file("foo3/bar5", content, os.FileMode(0755)), - ), - wantNumGz: 8, // dir, bar1 alone, bar2 alone + dir, bar3 alone + dir, bar4 alone, bar5 alone, TOC, footer - want: checks( - hasMode("foo1/", 0755|os.ModeDir|os.ModeSetgid), - hasMode("foo1/bar1", 0700|os.ModeSetuid), - hasMode("foo1/bar2", 0755|os.ModeSetgid), - hasMode("foo2/", 0755|os.ModeDir|os.ModeSticky), - hasMode("foo2/bar3", 0755|os.ModeSticky), - hasMode("foo3/", 0755|os.ModeDir), - hasMode("foo3/bar4", os.FileMode(0700)), - hasMode("foo3/bar5", os.FileMode(0755)), - ), - }, - { - name: "lossy", - in: tarOf( - dir("bar/", sampleOwner), - dir("foo/", sampleOwner), - file("foo/bar.txt", content, sampleOwner), - file(TOCTarName, "dummy"), // ignored by the writer. (lossless write returns error) - ), - wantNumGz: 4, // both dirs, foo.txt alone, TOC, footer - want: checks( - numTOCEntries(3), - hasDir("bar/"), - hasDir("foo/"), - hasFileLen("foo/bar.txt", len(content)), - entryHasChildren("", "bar", "foo"), - entryHasChildren("foo", "bar.txt"), - hasChunkEntries("foo/bar.txt", 1), - hasEntryOwner("bar/", sampleOwner), - hasEntryOwner("foo/", sampleOwner), - hasEntryOwner("foo/bar.txt", sampleOwner), - ), - wantFailOnLossLess: true, - }, - { - name: "hardlink should be replaced to the destination entry", - in: tarOf( - dir("foo/"), - file("foo/foo1", "test"), - link("foolink", "foo/foo1"), - ), - wantNumGz: 4, // dir, foo1 + link, TOC, footer - want: checks( - mustSameEntry("foo/foo1", "foolink"), - ), - }, - { - name: "several_files_in_chunk", - minChunkSize: 8000, - in: tarOf( - dir("foo/"), - file("foo/foo1", data64KB), - file("foo2", "bb"), - file("foo22", "ccc"), - dir("bar/"), - file("bar/bar.txt", "aaa"), - file("foo3", data64KB), - ), - // NOTE: we assume that the compressed "data64KB" is still larger than 8KB - wantNumGz: 4, // dir+foo1, foo2+foo22+dir+bar.txt+foo3, TOC, footer - want: checks( - numTOCEntries(7), // dir, foo1, foo2, foo22, dir, bar.txt, foo3 - hasDir("foo/"), - hasDir("bar/"), - hasFileLen("foo/foo1", len(data64KB)), - hasFileLen("foo2", len("bb")), - hasFileLen("foo22", len("ccc")), - hasFileLen("bar/bar.txt", len("aaa")), - hasFileLen("foo3", len(data64KB)), - hasFileDigest("foo/foo1", digestFor(data64KB)), - hasFileDigest("foo2", digestFor("bb")), - hasFileDigest("foo22", digestFor("ccc")), - hasFileDigest("bar/bar.txt", digestFor("aaa")), - hasFileDigest("foo3", digestFor(data64KB)), - hasFileContentsWithPreRead("foo22", 0, "ccc", chunkInfo{"foo2", "bb"}, chunkInfo{"bar/bar.txt", "aaa"}, chunkInfo{"foo3", data64KB}), - hasFileContentsRange("foo/foo1", 0, data64KB), - hasFileContentsRange("foo2", 0, "bb"), - hasFileContentsRange("foo2", 1, "b"), - hasFileContentsRange("foo22", 0, "ccc"), - hasFileContentsRange("foo22", 1, "cc"), - hasFileContentsRange("foo22", 2, "c"), - hasFileContentsRange("bar/bar.txt", 0, "aaa"), - hasFileContentsRange("bar/bar.txt", 1, "aa"), - hasFileContentsRange("bar/bar.txt", 2, "a"), - hasFileContentsRange("foo3", 0, data64KB), - hasFileContentsRange("foo3", 1, data64KB[1:]), - hasFileContentsRange("foo3", 2, data64KB[2:]), - hasFileContentsRange("foo3", len(data64KB)/2, data64KB[len(data64KB)/2:]), - hasFileContentsRange("foo3", len(data64KB)-1, data64KB[len(data64KB)-1:]), - ), - }, - { - name: "several_files_in_chunk_chunked", - minChunkSize: 8000, - chunkSize: 32000, - in: tarOf( - dir("foo/"), - file("foo/foo1", data64KB), - file("foo2", "bb"), - dir("bar/"), - file("foo3", data64KB), - ), - // NOTE: we assume that the compressed chunk of "data64KB" is still larger than 8KB - wantNumGz: 6, // dir+foo1(1), foo1(2), foo2+dir+foo3(1), foo3(2), TOC, footer - want: checks( - numTOCEntries(7), // dir, foo1(2 chunks), foo2, dir, foo3(2 chunks) - hasDir("foo/"), - hasDir("bar/"), - hasFileLen("foo/foo1", len(data64KB)), - hasFileLen("foo2", len("bb")), - hasFileLen("foo3", len(data64KB)), - hasFileDigest("foo/foo1", digestFor(data64KB)), - hasFileDigest("foo2", digestFor("bb")), - hasFileDigest("foo3", digestFor(data64KB)), - hasFileContentsWithPreRead("foo2", 0, "bb", chunkInfo{"foo3", data64KB[:32000]}), - hasFileContentsRange("foo/foo1", 0, data64KB), - hasFileContentsRange("foo/foo1", 1, data64KB[1:]), - hasFileContentsRange("foo/foo1", 2, data64KB[2:]), - hasFileContentsRange("foo/foo1", len(data64KB)/2, data64KB[len(data64KB)/2:]), - hasFileContentsRange("foo/foo1", len(data64KB)-1, data64KB[len(data64KB)-1:]), - hasFileContentsRange("foo2", 0, "bb"), - hasFileContentsRange("foo2", 1, "b"), - hasFileContentsRange("foo3", 0, data64KB), - hasFileContentsRange("foo3", 1, data64KB[1:]), - hasFileContentsRange("foo3", 2, data64KB[2:]), - hasFileContentsRange("foo3", len(data64KB)/2, data64KB[len(data64KB)/2:]), - hasFileContentsRange("foo3", len(data64KB)-1, data64KB[len(data64KB)-1:]), - ), - }, - } - - for _, tt := range tests { - for _, newCL := range controllers { - newCL := newCL - for _, prefix := range allowedPrefix { - prefix := prefix - for _, srcTarFormat := range []tar.Format{tar.FormatUSTAR, tar.FormatPAX, tar.FormatGNU} { - srcTarFormat := srcTarFormat - for _, lossless := range []bool{true, false} { - t.Run(tt.name+"-"+fmt.Sprintf("compression=%v,prefix=%q,lossless=%v,format=%s", newCL(), prefix, lossless, srcTarFormat), func(t *TestRunner) { - var tr io.Reader = buildTar(t, tt.in, prefix, srcTarFormat) - origTarDgstr := digest.Canonical.Digester() - tr = io.TeeReader(tr, origTarDgstr.Hash()) - var stargzBuf bytes.Buffer - cl1 := newCL() - w := NewWriterWithCompressor(&stargzBuf, cl1) - w.ChunkSize = tt.chunkSize - w.MinChunkSize = tt.minChunkSize - if lossless { - err := w.AppendTarLossLess(tr) - if tt.wantFailOnLossLess { - if err != nil { - return // expected to fail - } - t.Fatalf("Append wanted to fail on lossless") - } - if err != nil { - t.Fatalf("Append(lossless): %v", err) - } - } else { - if err := w.AppendTar(tr); err != nil { - t.Fatalf("Append: %v", err) - } - } - if _, err := w.Close(); err != nil { - t.Fatalf("Writer.Close: %v", err) - } - b := stargzBuf.Bytes() - - if lossless { - // Check if the result blob reserves original tar metadata - rc, err := Unpack(io.NewSectionReader(bytes.NewReader(b), 0, int64(len(b))), cl1) - if err != nil { - t.Errorf("failed to decompress blob: %v", err) - return - } - defer rc.Close() - resultDgstr := digest.Canonical.Digester() - if _, err := io.Copy(resultDgstr.Hash(), rc); err != nil { - t.Errorf("failed to read result decompressed blob: %v", err) - return - } - if resultDgstr.Digest() != origTarDgstr.Digest() { - t.Errorf("lossy compression occurred: digest=%v; want %v", - resultDgstr.Digest(), origTarDgstr.Digest()) - return - } - } - - diffID := w.DiffID() - wantDiffID := cl1.DiffIDOf(t, b) - if diffID != wantDiffID { - t.Errorf("DiffID = %q; want %q", diffID, wantDiffID) - } - - telemetry, checkCalled := newCalledTelemetry() - sr := io.NewSectionReader(bytes.NewReader(b), 0, int64(len(b))) - r, err := Open( - sr, - WithDecompressors(cl1), - WithTelemetry(telemetry), - ) - if err != nil { - t.Fatalf("stargz.Open: %v", err) - } - if _, ok := r.Lookup(""); !ok { - t.Fatalf("failed to lookup rootdir: %v", err) - } - wantTOCVersion := 1 - if tt.wantTOCVersion > 0 { - wantTOCVersion = tt.wantTOCVersion - } - if r.toc.Version != wantTOCVersion { - t.Fatalf("invalid TOC Version %d; wanted %d", r.toc.Version, wantTOCVersion) - } - - footerSize := cl1.FooterSize() - footerOffset := sr.Size() - footerSize - footer := make([]byte, footerSize) - if _, err := sr.ReadAt(footer, footerOffset); err != nil { - t.Errorf("failed to read footer: %v", err) - } - _, tocOffset, _, err := cl1.ParseFooter(footer) - if err != nil { - t.Errorf("failed to parse footer: %v", err) - } - if err := checkCalled(tocOffset >= 0); err != nil { - t.Errorf("telemetry failure: %v", err) - } - - wantNumGz := tt.wantNumGz - if lossless && tt.wantNumGzLossLess > 0 { - wantNumGz = tt.wantNumGzLossLess - } - streamOffsets := []int64{0} - prevOffset := int64(-1) - streams := 0 - for _, e := range r.toc.Entries { - if e.Offset > prevOffset { - streamOffsets = append(streamOffsets, e.Offset) - prevOffset = e.Offset - streams++ - } - } - streams++ // TOC - if tocOffset >= 0 { - // toc is in the blob - streamOffsets = append(streamOffsets, tocOffset) - } - streams++ // footer - streamOffsets = append(streamOffsets, footerOffset) - if streams != wantNumGz { - t.Errorf("number of streams in TOC = %d; want %d", streams, wantNumGz) - } - - t.Logf("testing streams: %+v", streamOffsets) - cl1.TestStreams(t, b, streamOffsets) - - for _, want := range tt.want { - want.check(t, r) - } - }) - } - } - } - } - } -} - -type chunkInfo struct { - name string - data string -} - -func newCalledTelemetry() (telemetry *Telemetry, check func(needsGetTOC bool) error) { - var getFooterLatencyCalled bool - var getTocLatencyCalled bool - var deserializeTocLatencyCalled bool - return &Telemetry{ - func(time.Time) { getFooterLatencyCalled = true }, - func(time.Time) { getTocLatencyCalled = true }, - func(time.Time) { deserializeTocLatencyCalled = true }, - }, func(needsGetTOC bool) error { - var allErr []error - if !getFooterLatencyCalled { - allErr = append(allErr, fmt.Errorf("metrics GetFooterLatency isn't called")) - } - if needsGetTOC { - if !getTocLatencyCalled { - allErr = append(allErr, fmt.Errorf("metrics GetTocLatency isn't called")) - } - } - if !deserializeTocLatencyCalled { - allErr = append(allErr, fmt.Errorf("metrics DeserializeTocLatency isn't called")) - } - return errorutil.Aggregate(allErr) - } -} - -func digestFor(content string) string { - sum := sha256.Sum256([]byte(content)) - return fmt.Sprintf("sha256:%x", sum) -} - -type numTOCEntries int - -func (n numTOCEntries) check(t TestingT, r *Reader) { - if r.toc == nil { - t.Fatal("nil TOC") - } - if got, want := len(r.toc.Entries), int(n); got != want { - t.Errorf("got %d TOC entries; want %d", got, want) - } - t.Logf("got TOC entries:") - for i, ent := range r.toc.Entries { - entj, _ := json.Marshal(ent) - t.Logf(" [%d]: %s\n", i, entj) - } - if t.Failed() { - t.FailNow() - } -} - -func checks(s ...stargzCheck) []stargzCheck { return s } - -type stargzCheck interface { - check(t TestingT, r *Reader) -} - -type stargzCheckFn func(TestingT, *Reader) - -func (f stargzCheckFn) check(t TestingT, r *Reader) { f(t, r) } - -func maxDepth(max int) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - e, ok := r.Lookup("") - if !ok { - t.Fatal("root directory not found") - } - d, err := getMaxDepth(t, e, 0, 10*max) - if err != nil { - t.Errorf("failed to get max depth (wanted %d): %v", max, err) - return - } - if d != max { - t.Errorf("invalid depth %d; want %d", d, max) - return - } - }) -} - -func getMaxDepth(t TestingT, e *TOCEntry, current, limit int) (max int, rErr error) { - if current > limit { - return -1, fmt.Errorf("walkMaxDepth: exceeds limit: current:%d > limit:%d", - current, limit) - } - max = current - e.ForeachChild(func(baseName string, ent *TOCEntry) bool { - t.Logf("%q(basename:%q) is child of %q\n", ent.Name, baseName, e.Name) - d, err := getMaxDepth(t, ent, current+1, limit) - if err != nil { - rErr = err - return false - } - if d > max { - max = d - } - return true - }) - return -} - -func hasFileLen(file string, wantLen int) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - for _, ent := range r.toc.Entries { - if ent.Name == file { - if ent.Type != "reg" { - t.Errorf("file type of %q is %q; want \"reg\"", file, ent.Type) - } else if ent.Size != int64(wantLen) { - t.Errorf("file size of %q = %d; want %d", file, ent.Size, wantLen) - } - return - } - } - t.Errorf("file %q not found", file) - }) -} - -func hasFileXattrs(file, name, value string) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - for _, ent := range r.toc.Entries { - if ent.Name == file { - if ent.Type != "reg" { - t.Errorf("file type of %q is %q; want \"reg\"", file, ent.Type) - } - if ent.Xattrs == nil { - t.Errorf("file %q has no xattrs", file) - return - } - valueFound, found := ent.Xattrs[name] - if !found { - t.Errorf("file %q has no xattr %q", file, name) - return - } - if string(valueFound) != value { - t.Errorf("file %q has xattr %q with value %q instead of %q", file, name, valueFound, value) - } - - return - } - } - t.Errorf("file %q not found", file) - }) -} - -func hasFileDigest(file string, digest string) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - ent, ok := r.Lookup(file) - if !ok { - t.Fatalf("didn't find TOCEntry for file %q", file) - } - if ent.Digest != digest { - t.Fatalf("Digest(%q) = %q, want %q", file, ent.Digest, digest) - } - }) -} - -func hasFileContentsWithPreRead(file string, offset int, want string, extra ...chunkInfo) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - extraMap := make(map[string]chunkInfo) - for _, e := range extra { - extraMap[e.name] = e - } - var extraNames []string - for n := range extraMap { - extraNames = append(extraNames, n) - } - f, err := r.OpenFileWithPreReader(file, func(e *TOCEntry, cr io.Reader) error { - t.Logf("On %q: got preread of %q", file, e.Name) - ex, ok := extraMap[e.Name] - if !ok { - t.Fatalf("fail on %q: unexpected entry %q: %+v, %+v", file, e.Name, e, extraNames) - } - got, err := io.ReadAll(cr) - if err != nil { - t.Fatalf("fail on %q: failed to read %q: %v", file, e.Name, err) - } - if ex.data != string(got) { - t.Fatalf("fail on %q: unexpected contents of %q: len=%d; want=%d", file, e.Name, len(got), len(ex.data)) - } - delete(extraMap, e.Name) - return nil - }) - if err != nil { - t.Fatal(err) - } - got := make([]byte, len(want)) - n, err := f.ReadAt(got, int64(offset)) - if err != nil { - t.Fatalf("ReadAt(len %d, offset %d, size %d) = %v, %v", len(got), offset, f.Size(), n, err) - } - if string(got) != want { - t.Fatalf("ReadAt(len %d, offset %d) = %q, want %q", len(got), offset, viewContent(got), viewContent([]byte(want))) - } - if len(extraMap) != 0 { - var exNames []string - for _, ex := range extraMap { - exNames = append(exNames, ex.name) - } - t.Fatalf("fail on %q: some entries aren't read: %+v", file, exNames) - } - }) -} - -func hasFileContentsRange(file string, offset int, want string) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - f, err := r.OpenFile(file) - if err != nil { - t.Fatal(err) - } - got := make([]byte, len(want)) - n, err := f.ReadAt(got, int64(offset)) - if err != nil { - t.Fatalf("ReadAt(len %d, offset %d) = %v, %v", len(got), offset, n, err) - } - if string(got) != want { - t.Fatalf("ReadAt(len %d, offset %d) = %q, want %q", len(got), offset, viewContent(got), viewContent([]byte(want))) - } - }) -} - -func hasChunkEntries(file string, wantChunks int) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - ent, ok := r.Lookup(file) - if !ok { - t.Fatalf("no file for %q", file) - } - if ent.Type != "reg" { - t.Fatalf("file %q has unexpected type %q; want reg", file, ent.Type) - } - chunks := r.getChunks(ent) - if len(chunks) != wantChunks { - t.Errorf("len(r.getChunks(%q)) = %d; want %d", file, len(chunks), wantChunks) - return - } - f := chunks[0] - - var gotChunks []*TOCEntry - var last *TOCEntry - for off := int64(0); off < f.Size; off++ { - e, ok := r.ChunkEntryForOffset(file, off) - if !ok { - t.Errorf("no ChunkEntryForOffset at %d", off) - return - } - if last != e { - gotChunks = append(gotChunks, e) - last = e - } - } - if !reflect.DeepEqual(chunks, gotChunks) { - t.Errorf("gotChunks=%d, want=%d; contents mismatch", len(gotChunks), wantChunks) - } - - // And verify the NextOffset - for i := 0; i < len(gotChunks)-1; i++ { - ci := gotChunks[i] - cnext := gotChunks[i+1] - if ci.NextOffset() != cnext.Offset { - t.Errorf("chunk %d NextOffset %d != next chunk's Offset of %d", i, ci.NextOffset(), cnext.Offset) - } - } - }) -} - -func entryHasChildren(dir string, want ...string) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - want := append([]string(nil), want...) - var got []string - ent, ok := r.Lookup(dir) - if !ok { - t.Fatalf("didn't find TOCEntry for dir node %q", dir) - } - for baseName := range ent.children { - got = append(got, baseName) - } - sort.Strings(got) - sort.Strings(want) - if !reflect.DeepEqual(got, want) { - t.Errorf("children of %q = %q; want %q", dir, got, want) - } - }) -} - -func hasDir(file string) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - for _, ent := range r.toc.Entries { - if ent.Name == cleanEntryName(file) { - if ent.Type != "dir" { - t.Errorf("file type of %q is %q; want \"dir\"", file, ent.Type) - } - return - } - } - t.Errorf("directory %q not found", file) - }) -} - -func hasDirLinkCount(file string, count int) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - for _, ent := range r.toc.Entries { - if ent.Name == cleanEntryName(file) { - if ent.Type != "dir" { - t.Errorf("file type of %q is %q; want \"dir\"", file, ent.Type) - return - } - if ent.NumLink != count { - t.Errorf("link count of %q = %d; want %d", file, ent.NumLink, count) - } - return - } - } - t.Errorf("directory %q not found", file) - }) -} - -func hasMode(file string, mode os.FileMode) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - for _, ent := range r.toc.Entries { - if ent.Name == cleanEntryName(file) { - if ent.Stat().Mode() != mode { - t.Errorf("invalid mode: got %v; want %v", ent.Stat().Mode(), mode) - return - } - return - } - } - t.Errorf("file %q not found", file) - }) -} - -func hasSymlink(file, target string) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - for _, ent := range r.toc.Entries { - if ent.Name == file { - if ent.Type != "symlink" { - t.Errorf("file type of %q is %q; want \"symlink\"", file, ent.Type) - } else if ent.LinkName != target { - t.Errorf("link target of symlink %q is %q; want %q", file, ent.LinkName, target) - } - return - } - } - t.Errorf("symlink %q not found", file) - }) -} - -func lookupMatch(name string, want *TOCEntry) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - e, ok := r.Lookup(name) - if !ok { - t.Fatalf("failed to Lookup entry %q", name) - } - if !reflect.DeepEqual(e, want) { - t.Errorf("entry %q mismatch.\n got: %+v\nwant: %+v\n", name, e, want) - } - - }) -} - -func hasEntryOwner(entry string, owner owner) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - ent, ok := r.Lookup(strings.TrimSuffix(entry, "/")) - if !ok { - t.Errorf("entry %q not found", entry) - return - } - if ent.UID != owner.uid || ent.GID != owner.gid { - t.Errorf("entry %q has invalid owner (uid:%d, gid:%d) instead of (uid:%d, gid:%d)", entry, ent.UID, ent.GID, owner.uid, owner.gid) - return - } - }) -} - -func mustSameEntry(files ...string) stargzCheck { - return stargzCheckFn(func(t TestingT, r *Reader) { - var first *TOCEntry - for _, f := range files { - if first == nil { - var ok bool - first, ok = r.Lookup(f) - if !ok { - t.Errorf("unknown first file on Lookup: %q", f) - return - } - } - - // Test Lookup - e, ok := r.Lookup(f) - if !ok { - t.Errorf("unknown file on Lookup: %q", f) - return - } - if e != first { - t.Errorf("Lookup: %+v(%p) != %+v(%p)", e, e, first, first) - return - } - - // Test LookupChild - pe, ok := r.Lookup(filepath.Dir(filepath.Clean(f))) - if !ok { - t.Errorf("failed to get parent of %q", f) - return - } - e, ok = pe.LookupChild(filepath.Base(filepath.Clean(f))) - if !ok { - t.Errorf("failed to get %q as the child of %+v", f, pe) - return - } - if e != first { - t.Errorf("LookupChild: %+v(%p) != %+v(%p)", e, e, first, first) - return - } - - // Test ForeachChild - pe.ForeachChild(func(baseName string, e *TOCEntry) bool { - if baseName == filepath.Base(filepath.Clean(f)) { - if e != first { - t.Errorf("ForeachChild: %+v(%p) != %+v(%p)", e, e, first, first) - return false - } - } - return true - }) - } - }) -} - -func viewContent(c []byte) string { - if len(c) < 100 { - return string(c) - } - return string(c[:50]) + "...(omit)..." + string(c[50:100]) -} - -func tarOf(s ...tarEntry) []tarEntry { return s } - -type tarEntry interface { - appendTar(tw *tar.Writer, prefix string, format tar.Format) error -} - -type tarEntryFunc func(*tar.Writer, string, tar.Format) error - -func (f tarEntryFunc) appendTar(tw *tar.Writer, prefix string, format tar.Format) error { - return f(tw, prefix, format) -} - -func buildTar(t TestingT, ents []tarEntry, prefix string, opts ...interface{}) *io.SectionReader { - format := tar.FormatUnknown - for _, opt := range opts { - switch v := opt.(type) { - case tar.Format: - format = v - default: - panic(fmt.Errorf("unsupported opt for buildTar: %v", opt)) - } - } - buf := new(bytes.Buffer) - tw := tar.NewWriter(buf) - for _, ent := range ents { - if err := ent.appendTar(tw, prefix, format); err != nil { - t.Fatalf("building input tar: %v", err) - } - } - if err := tw.Close(); err != nil { - t.Errorf("closing write of input tar: %v", err) - } - data := append(buf.Bytes(), make([]byte, 100)...) // append empty bytes at the tail to see lossless works - return io.NewSectionReader(bytes.NewReader(data), 0, int64(len(data))) -} - -func dir(name string, opts ...interface{}) tarEntry { - return tarEntryFunc(func(tw *tar.Writer, prefix string, format tar.Format) error { - var o owner - mode := os.FileMode(0755) - for _, opt := range opts { - switch v := opt.(type) { - case owner: - o = v - case os.FileMode: - mode = v - default: - return errors.New("unsupported opt") - } - } - if !strings.HasSuffix(name, "/") { - panic(fmt.Sprintf("missing trailing slash in dir %q ", name)) - } - tm, err := fileModeToTarMode(mode) - if err != nil { - return err - } - return tw.WriteHeader(&tar.Header{ - Typeflag: tar.TypeDir, - Name: prefix + name, - Mode: tm, - Uid: o.uid, - Gid: o.gid, - Format: format, - }) - }) -} - -// xAttr are extended attributes to set on test files created with the file func. -type xAttr map[string]string - -// owner is owner ot set on test files and directories with the file and dir functions. -type owner struct { - uid int - gid int -} - -func file(name, contents string, opts ...interface{}) tarEntry { - return tarEntryFunc(func(tw *tar.Writer, prefix string, format tar.Format) error { - var xattrs xAttr - var o owner - mode := os.FileMode(0644) - for _, opt := range opts { - switch v := opt.(type) { - case xAttr: - xattrs = v - case owner: - o = v - case os.FileMode: - mode = v - default: - return errors.New("unsupported opt") - } - } - if strings.HasSuffix(name, "/") { - return fmt.Errorf("bogus trailing slash in file %q", name) - } - tm, err := fileModeToTarMode(mode) - if err != nil { - return err - } - if len(xattrs) > 0 { - format = tar.FormatPAX // only PAX supports xattrs - } - if err := tw.WriteHeader(&tar.Header{ - Typeflag: tar.TypeReg, - Name: prefix + name, - Mode: tm, - Xattrs: xattrs, - Size: int64(len(contents)), - Uid: o.uid, - Gid: o.gid, - Format: format, - }); err != nil { - return err - } - _, err = io.WriteString(tw, contents) - return err - }) -} - -func symlink(name, target string) tarEntry { - return tarEntryFunc(func(tw *tar.Writer, prefix string, format tar.Format) error { - return tw.WriteHeader(&tar.Header{ - Typeflag: tar.TypeSymlink, - Name: prefix + name, - Linkname: target, - Mode: 0644, - Format: format, - }) - }) -} - -func link(name string, linkname string) tarEntry { - now := time.Now() - return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - return w.WriteHeader(&tar.Header{ - Typeflag: tar.TypeLink, - Name: prefix + name, - Linkname: linkname, - ModTime: now, - Format: format, - }) - }) -} - -func chardev(name string, major, minor int64) tarEntry { - now := time.Now() - return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - return w.WriteHeader(&tar.Header{ - Typeflag: tar.TypeChar, - Name: prefix + name, - Devmajor: major, - Devminor: minor, - ModTime: now, - Format: format, - }) - }) -} - -func blockdev(name string, major, minor int64) tarEntry { - now := time.Now() - return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - return w.WriteHeader(&tar.Header{ - Typeflag: tar.TypeBlock, - Name: prefix + name, - Devmajor: major, - Devminor: minor, - ModTime: now, - Format: format, - }) - }) -} -func fifo(name string) tarEntry { - now := time.Now() - return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - return w.WriteHeader(&tar.Header{ - Typeflag: tar.TypeFifo, - Name: prefix + name, - ModTime: now, - Format: format, - }) - }) -} - -func prefetchLandmark() tarEntry { - return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - if err := w.WriteHeader(&tar.Header{ - Name: PrefetchLandmark, - Typeflag: tar.TypeReg, - Size: int64(len([]byte{landmarkContents})), - Format: format, - }); err != nil { - return err - } - contents := []byte{landmarkContents} - if _, err := io.CopyN(w, bytes.NewReader(contents), int64(len(contents))); err != nil { - return err - } - return nil - }) -} - -func noPrefetchLandmark() tarEntry { - return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - if err := w.WriteHeader(&tar.Header{ - Name: NoPrefetchLandmark, - Typeflag: tar.TypeReg, - Size: int64(len([]byte{landmarkContents})), - Format: format, - }); err != nil { - return err - } - contents := []byte{landmarkContents} - if _, err := io.CopyN(w, bytes.NewReader(contents), int64(len(contents))); err != nil { - return err - } - return nil - }) -} - -func regDigest(t TestingT, name string, contentStr string, digestMap map[string]digest.Digest) tarEntry { - if digestMap == nil { - t.Fatalf("digest map mustn't be nil") - } - content := []byte(contentStr) - - var n int64 - for n < int64(len(content)) { - size := int64(chunkSize) - remain := int64(len(content)) - n - if remain < size { - size = remain - } - dgstr := digest.Canonical.Digester() - if _, err := io.CopyN(dgstr.Hash(), bytes.NewReader(content[n:n+size]), size); err != nil { - t.Fatalf("failed to calculate digest of %q (name=%q,offset=%d,size=%d)", - string(content[n:n+size]), name, n, size) - } - digestMap[chunkID(name, n, size)] = dgstr.Digest() - n += size - } - - return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error { - if err := w.WriteHeader(&tar.Header{ - Typeflag: tar.TypeReg, - Name: prefix + name, - Size: int64(len(content)), - Format: format, - }); err != nil { - return err - } - if _, err := io.CopyN(w, bytes.NewReader(content), int64(len(content))); err != nil { - return err - } - return nil - }) -} - -var runes = []rune("1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") - -func randomContents(n int) string { - b := make([]rune, n) - for i := range b { - bi, err := rand.Int(rand.Reader, big.NewInt(int64(len(runes)))) - if err != nil { - panic(err) - } - b[i] = runes[int(bi.Int64())] - } - return string(b) -} - -func fileModeToTarMode(mode os.FileMode) (int64, error) { - h, err := tar.FileInfoHeader(fileInfoOnlyMode(mode), "") - if err != nil { - return 0, err - } - return h.Mode, nil -} - -// fileInfoOnlyMode is os.FileMode that populates only file mode. -type fileInfoOnlyMode os.FileMode - -func (f fileInfoOnlyMode) Name() string { return "" } -func (f fileInfoOnlyMode) Size() int64 { return 0 } -func (f fileInfoOnlyMode) Mode() os.FileMode { return os.FileMode(f) } -func (f fileInfoOnlyMode) ModTime() time.Time { return time.Now() } -func (f fileInfoOnlyMode) IsDir() bool { return os.FileMode(f).IsDir() } -func (f fileInfoOnlyMode) Sys() interface{} { return nil } - -func CheckGzipHasStreams(t TestingT, b []byte, streams []int64) { - if len(streams) == 0 { - return // nop - } - - wants := map[int64]struct{}{} - for _, s := range streams { - wants[s] = struct{}{} - } - - len0 := len(b) - br := bytes.NewReader(b) - zr := new(gzip.Reader) - t.Logf("got gzip streams:") - numStreams := 0 - for { - zoff := len0 - br.Len() - if err := zr.Reset(br); err != nil { - if err == io.EOF { - return - } - t.Fatalf("countStreams(gzip), Reset: %v", err) - } - zr.Multistream(false) - n, err := io.Copy(io.Discard, zr) - if err != nil { - t.Fatalf("countStreams(gzip), Copy: %v", err) - } - var extra string - if len(zr.Extra) > 0 { - extra = fmt.Sprintf("; extra=%q", zr.Extra) - } - t.Logf(" [%d] at %d in stargz, uncompressed length %d%s", numStreams, zoff, n, extra) - delete(wants, int64(zoff)) - numStreams++ - } -} - -func GzipDiffIDOf(t TestingT, b []byte) string { - h := sha256.New() - zr, err := gzip.NewReader(bytes.NewReader(b)) - if err != nil { - t.Fatalf("diffIDOf(gzip): %v", err) - } - defer zr.Close() - if _, err := io.Copy(h, zr); err != nil { - t.Fatalf("diffIDOf(gzip).Copy: %v", err) - } - return fmt.Sprintf("sha256:%x", h.Sum(nil)) -} diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/types.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/types.go deleted file mode 100644 index 57e0aa614e..0000000000 --- a/vendor/github.com/containerd/stargz-snapshotter/estargz/types.go +++ /dev/null @@ -1,342 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -/* - Copyright 2019 The Go Authors. All rights reserved. - Use of this source code is governed by a BSD-style - license that can be found in the LICENSE file. -*/ - -package estargz - -import ( - "archive/tar" - "hash" - "io" - "os" - "path" - "time" - - digest "github.com/opencontainers/go-digest" -) - -const ( - // TOCTarName is the name of the JSON file in the tar archive in the - // table of contents gzip stream. - TOCTarName = "stargz.index.json" - - // FooterSize is the number of bytes in the footer - // - // The footer is an empty gzip stream with no compression and an Extra - // header of the form "%016xSTARGZ", where the 64 bit hex-encoded - // number is the offset to the gzip stream of JSON TOC. - // - // 51 comes from: - // - // 10 bytes gzip header - // 2 bytes XLEN (length of Extra field) = 26 (4 bytes header + 16 hex digits + len("STARGZ")) - // 2 bytes Extra: SI1 = 'S', SI2 = 'G' - // 2 bytes Extra: LEN = 22 (16 hex digits + len("STARGZ")) - // 22 bytes Extra: subfield = fmt.Sprintf("%016xSTARGZ", offsetOfTOC) - // 5 bytes flate header - // 8 bytes gzip footer - // (End of the eStargz blob) - // - // NOTE: For Extra fields, subfield IDs SI1='S' SI2='G' is used for eStargz. - FooterSize = 51 - - // legacyFooterSize is the number of bytes in the legacy stargz footer. - // - // 47 comes from: - // - // 10 byte gzip header + - // 2 byte (LE16) length of extra, encoding 22 (16 hex digits + len("STARGZ")) == "\x16\x00" + - // 22 bytes of extra (fmt.Sprintf("%016xSTARGZ", tocGzipOffset)) - // 5 byte flate header - // 8 byte gzip footer (two little endian uint32s: digest, size) - legacyFooterSize = 47 - - // TOCJSONDigestAnnotation is an annotation for an image layer. This stores the - // digest of the TOC JSON. - // This annotation is valid only when it is specified in `.[]layers.annotations` - // of an image manifest. - TOCJSONDigestAnnotation = "containerd.io/snapshot/stargz/toc.digest" - - // StoreUncompressedSizeAnnotation is an additional annotation key for eStargz to enable lazy - // pulling on containers/storage. Stargz Store is required to expose the layer's uncompressed size - // to the runtime but current OCI image doesn't ship this information by default. So we store this - // to the special annotation. - StoreUncompressedSizeAnnotation = "io.containers.estargz.uncompressed-size" - - // PrefetchLandmark is a file entry which indicates the end position of - // prefetch in the stargz file. - PrefetchLandmark = ".prefetch.landmark" - - // NoPrefetchLandmark is a file entry which indicates that no prefetch should - // occur in the stargz file. - NoPrefetchLandmark = ".no.prefetch.landmark" - - landmarkContents = 0xf -) - -// JTOC is the JSON-serialized table of contents index of the files in the stargz file. -type JTOC struct { - Version int `json:"version"` - Entries []*TOCEntry `json:"entries"` -} - -// TOCEntry is an entry in the stargz file's TOC (Table of Contents). -type TOCEntry struct { - // Name is the tar entry's name. It is the complete path - // stored in the tar file, not just the base name. - Name string `json:"name"` - - // Type is one of "dir", "reg", "symlink", "hardlink", "char", - // "block", "fifo", or "chunk". - // The "chunk" type is used for regular file data chunks past the first - // TOCEntry; the 2nd chunk and on have only Type ("chunk"), Offset, - // ChunkOffset, and ChunkSize populated. - Type string `json:"type"` - - // Size, for regular files, is the logical size of the file. - Size int64 `json:"size,omitempty"` - - // ModTime3339 is the modification time of the tar entry. Empty - // means zero or unknown. Otherwise it's in UTC RFC3339 - // format. Use the ModTime method to access the time.Time value. - ModTime3339 string `json:"modtime,omitempty"` - modTime time.Time - - // LinkName, for symlinks and hardlinks, is the link target. - LinkName string `json:"linkName,omitempty"` - - // Mode is the permission and mode bits. - Mode int64 `json:"mode,omitempty"` - - // UID is the user ID of the owner. - UID int `json:"uid,omitempty"` - - // GID is the group ID of the owner. - GID int `json:"gid,omitempty"` - - // Uname is the username of the owner. - // - // In the serialized JSON, this field may only be present for - // the first entry with the same UID. - Uname string `json:"userName,omitempty"` - - // Gname is the group name of the owner. - // - // In the serialized JSON, this field may only be present for - // the first entry with the same GID. - Gname string `json:"groupName,omitempty"` - - // Offset, for regular files, provides the offset in the - // stargz file to the file's data bytes. See ChunkOffset and - // ChunkSize. - Offset int64 `json:"offset,omitempty"` - - // InnerOffset is an optional field indicates uncompressed offset - // of this "reg" or "chunk" payload in a stream starts from Offset. - // This field enables to put multiple "reg" or "chunk" payloads - // in one chunk with having the same Offset but different InnerOffset. - InnerOffset int64 `json:"innerOffset,omitempty"` - - nextOffset int64 // the Offset of the next entry with a non-zero Offset - - // DevMajor is the major device number for "char" and "block" types. - DevMajor int `json:"devMajor,omitempty"` - - // DevMinor is the major device number for "char" and "block" types. - DevMinor int `json:"devMinor,omitempty"` - - // NumLink is the number of entry names pointing to this entry. - // Zero means one name references this entry. - // This field is calculated during runtime and not recorded in TOC JSON. - NumLink int `json:"-"` - - // Xattrs are the extended attribute for the entry. - Xattrs map[string][]byte `json:"xattrs,omitempty"` - - // Digest stores the OCI checksum for regular files payload. - // It has the form "sha256:abcdef01234....". - Digest string `json:"digest,omitempty"` - - // ChunkOffset is non-zero if this is a chunk of a large, - // regular file. If so, the Offset is where the gzip header of - // ChunkSize bytes at ChunkOffset in Name begin. - // - // In serialized form, a "chunkSize" JSON field of zero means - // that the chunk goes to the end of the file. After reading - // from the stargz TOC, though, the ChunkSize is initialized - // to a non-zero file for when Type is either "reg" or - // "chunk". - ChunkOffset int64 `json:"chunkOffset,omitempty"` - ChunkSize int64 `json:"chunkSize,omitempty"` - - // ChunkDigest stores an OCI digest of the chunk. This must be formed - // as "sha256:0123abcd...". - ChunkDigest string `json:"chunkDigest,omitempty"` - - children map[string]*TOCEntry - - // chunkTopIndex is index of the entry where Offset starts in the blob. - chunkTopIndex int -} - -// ModTime returns the entry's modification time. -func (e *TOCEntry) ModTime() time.Time { return e.modTime } - -// NextOffset returns the position (relative to the start of the -// stargz file) of the next gzip boundary after e.Offset. -func (e *TOCEntry) NextOffset() int64 { return e.nextOffset } - -func (e *TOCEntry) addChild(baseName string, child *TOCEntry) { - if e.children == nil { - e.children = make(map[string]*TOCEntry) - } - if child.Type == "dir" { - e.NumLink++ // Entry ".." in the subdirectory links to this directory - } - e.children[baseName] = child -} - -// isDataType reports whether TOCEntry is a regular file or chunk (something that -// contains regular file data). -func (e *TOCEntry) isDataType() bool { return e.Type == "reg" || e.Type == "chunk" } - -// Stat returns a FileInfo value representing e. -func (e *TOCEntry) Stat() os.FileInfo { return fileInfo{e} } - -// ForeachChild calls f for each child item. If f returns false, iteration ends. -// If e is not a directory, f is not called. -func (e *TOCEntry) ForeachChild(f func(baseName string, ent *TOCEntry) bool) { - for name, ent := range e.children { - if !f(name, ent) { - return - } - } -} - -// LookupChild returns the directory e's child by its base name. -func (e *TOCEntry) LookupChild(baseName string) (child *TOCEntry, ok bool) { - child, ok = e.children[baseName] - return -} - -// fileInfo implements os.FileInfo using the wrapped *TOCEntry. -type fileInfo struct{ e *TOCEntry } - -var _ os.FileInfo = fileInfo{} - -func (fi fileInfo) Name() string { return path.Base(fi.e.Name) } -func (fi fileInfo) IsDir() bool { return fi.e.Type == "dir" } -func (fi fileInfo) Size() int64 { return fi.e.Size } -func (fi fileInfo) ModTime() time.Time { return fi.e.ModTime() } -func (fi fileInfo) Sys() interface{} { return fi.e } -func (fi fileInfo) Mode() (m os.FileMode) { - // TOCEntry.Mode is tar.Header.Mode so we can understand the these bits using `tar` pkg. - m = (&tar.Header{Mode: fi.e.Mode}).FileInfo().Mode() & - (os.ModePerm | os.ModeSetuid | os.ModeSetgid | os.ModeSticky) - switch fi.e.Type { - case "dir": - m |= os.ModeDir - case "symlink": - m |= os.ModeSymlink - case "char": - m |= os.ModeDevice | os.ModeCharDevice - case "block": - m |= os.ModeDevice - case "fifo": - m |= os.ModeNamedPipe - } - return m -} - -// TOCEntryVerifier holds verifiers that are usable for verifying chunks contained -// in a eStargz blob. -type TOCEntryVerifier interface { - - // Verifier provides a content verifier that can be used for verifying the - // contents of the specified TOCEntry. - Verifier(ce *TOCEntry) (digest.Verifier, error) -} - -// Compression provides the compression helper to be used creating and parsing eStargz. -// This package provides gzip-based Compression by default, but any compression -// algorithm (e.g. zstd) can be used as long as it implements Compression. -type Compression interface { - Compressor - Decompressor -} - -// Compressor represents the helper mothods to be used for creating eStargz. -type Compressor interface { - // Writer returns WriteCloser to be used for writing a chunk to eStargz. - // Everytime a chunk is written, the WriteCloser is closed and Writer is - // called again for writing the next chunk. - // - // The returned writer should implement "Flush() error" function that flushes - // any pending compressed data to the underlying writer. - Writer(w io.Writer) (WriteFlushCloser, error) - - // WriteTOCAndFooter is called to write JTOC to the passed Writer. - // diffHash calculates the DiffID (uncompressed sha256 hash) of the blob - // WriteTOCAndFooter can optionally write anything that affects DiffID calculation - // (e.g. uncompressed TOC JSON). - // - // This function returns tocDgst that represents the digest of TOC that will be used - // to verify this blob when it's parsed. - WriteTOCAndFooter(w io.Writer, off int64, toc *JTOC, diffHash hash.Hash) (tocDgst digest.Digest, err error) -} - -// Decompressor represents the helper mothods to be used for parsing eStargz. -type Decompressor interface { - // Reader returns ReadCloser to be used for decompressing file payload. - Reader(r io.Reader) (io.ReadCloser, error) - - // FooterSize returns the size of the footer of this blob. - FooterSize() int64 - - // ParseFooter parses the footer and returns the offset and (compressed) size of TOC. - // payloadBlobSize is the (compressed) size of the blob payload (i.e. the size between - // the top until the TOC JSON). - // - // If tocOffset < 0, we assume that TOC isn't contained in the blob and pass nil reader - // to ParseTOC. We expect that ParseTOC acquire TOC from the external location and return it. - // - // tocSize is optional. If tocSize <= 0, it's by default the size of the range from tocOffset until the beginning of the - // footer (blob size - tocOff - FooterSize). - // If blobPayloadSize < 0, blobPayloadSize become the blob size. - ParseFooter(p []byte) (blobPayloadSize, tocOffset, tocSize int64, err error) - - // ParseTOC parses TOC from the passed reader. The reader provides the partial contents - // of the underlying blob that has the range specified by ParseFooter method. - // - // This function returns tocDgst that represents the digest of TOC that will be used - // to verify this blob. This must match to the value returned from - // Compressor.WriteTOCAndFooter that is used when creating this blob. - // - // If tocOffset returned by ParseFooter is < 0, we assume that TOC isn't contained in the blob. - // Pass nil reader to ParseTOC then we expect that ParseTOC acquire TOC from the external location - // and return it. - ParseTOC(r io.Reader) (toc *JTOC, tocDgst digest.Digest, err error) -} - -type WriteFlushCloser interface { - io.WriteCloser - Flush() error -} diff --git a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md index 6d016d05c0..f8fbb6b62f 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md +++ b/vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md @@ -6,6 +6,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.7.0] - 2025-06-17 ## + +> You talk of times of peace for all, and then prepare for war. + +### Changed ### +- Update to `cyphar.com/go-pathrs@0.2.5`, which included a build-time API + breakage that we needed to work around. The API of this library is unchanged + by this, but users should make sure to update to `v0.7.0` of + `filepath-securejoin` if they use the `libpathrs` built tag and have update + to `libpathrs` `v0.2.5`. + ## [0.6.1] - 2025-11-19 ## > At last up jumped the cunning spider, and fiercely held her fast. diff --git a/vendor/github.com/cyphar/filepath-securejoin/VERSION b/vendor/github.com/cyphar/filepath-securejoin/VERSION index ee6cdce3c2..faef31a435 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/VERSION +++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION @@ -1 +1 @@ -0.6.1 +0.7.0 diff --git a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go index 53352000e6..15205d1344 100644 --- a/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go +++ b/vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go @@ -53,5 +53,5 @@ func Reopen(file *os.File, flags int) (*os.File, error) { } defer handle.Close() //nolint:errcheck // close failures aren't critical here - return handle.OpenFile(flags) + return handle.OpenFile(uint64(flags)) } diff --git a/vendor/github.com/docker/cli/AUTHORS b/vendor/github.com/docker/cli/AUTHORS index 57af08b204..accbf6c52b 100644 --- a/vendor/github.com/docker/cli/AUTHORS +++ b/vendor/github.com/docker/cli/AUTHORS @@ -2,6 +2,7 @@ # This file lists all contributors to the repository. # See scripts/docs/generate-authors.sh to make modifications. +4RH1T3CT0R7 A. Lester Buck III Aanand Prasad Aaron L. Xu @@ -42,6 +43,7 @@ Alexander Larsson Alexander Morozov Alexander Ryabov Alexandre González +Alexandre Vallières-Lagacé Alexey Igrychev Alexis Couvreur Alfred Landrum @@ -64,6 +66,7 @@ Andres G. Aragoneses Andres Leon Rangel Andrew France Andrew He +Andrew Hopp Andrew Hsu Andrew Macpherson Andrew McDonnell @@ -127,6 +130,7 @@ Brian Goff Brian Tracy Brian Wieder Bruno Sousa +Bruno Verachten Bryan Bess Bryan Boreham Bryan Murphy @@ -178,6 +182,7 @@ Christopher Svensson Christy Norman Chun Chen Clinton Kitson +Codex Coenraad Loubser Colin Hebert Collin Guarino @@ -234,6 +239,7 @@ David Sheets David Williamson David Xia David Young +Davlat Davydov Deng Guangxing Denis Defreyne Denis Gladkikh @@ -241,6 +247,7 @@ Denis Ollier Dennis Docter dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Derek McGowan +Derek Misler Des Preston Deshi Xiao Dharmit Shah @@ -260,6 +267,7 @@ Dominik Braun Don Kjer Dong Chen DongGeon Lee +Dorin Geman Doug Davis Drew Erny Ed Costello @@ -358,7 +366,7 @@ Hugo Gabriel Eyherabide huqun Huu Nguyen Hyzhou Zhy -Iain MacDonald +Iain MacDonald Iain Samuel McLean Elder Ian Campbell Ian Philpot @@ -471,6 +479,7 @@ Justyn Temme Jyrki Puttonen Jérémie Drouet Jérôme Petazzoni +Jörg Sommer Jörg Thalheim Kai Blin Kai Qiang Wu (Kennan) @@ -539,10 +548,12 @@ Lovekesh Kumar Luca Favatella Luca Marturana Lucas Chan +Ludovic Temgoua Abanda Luis Henrique Mulinari Luka Hartwig Lukas Heeren Lukasz Zajaczkowski +Luo Jiyin Lydell Manganti Lénaïc Huard Ma Shimiao @@ -603,6 +614,7 @@ Michael Spetsiotis Michael Steinert Michael Tews Michael West +Michael Zampani Michal Minář Michał Czeraszkiewicz Miguel Angel Alvarez Cabrerizo @@ -617,6 +629,7 @@ Mike Goelzer Mike MacCana mikelinjie <294893458@qq.com> Mikhail Vasin +Milas Bowman Milind Chawre Mindaugas Rukas Miroslav Gula @@ -887,6 +900,7 @@ Vincent Batts Vincent Bernat Vincent Demeester Vincent Woo +Vineet Kumar Vishnu Kannan Vivek Goyal Wang Jie @@ -916,6 +930,7 @@ Yanqiang Miao Yassine Tijani Yi EungJun Ying Li +Yoan Wainmann Yong Tang Yosef Fertel Yu Peng diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file.go b/vendor/github.com/docker/cli/cli/config/configfile/file.go index 246f23e983..26e148f059 100644 --- a/vendor/github.com/docker/cli/cli/config/configfile/file.go +++ b/vendor/github.com/docker/cli/cli/config/configfile/file.go @@ -1,5 +1,5 @@ // FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16: -//go:build go1.24 +//go:build go1.25 package configfile @@ -20,6 +20,34 @@ import ( "github.com/sirupsen/logrus" ) +// authConfigKey is the key used to store credentials for Docker Hub. It is +// a copy of [registry.IndexServer]. +// +// [registry.IndexServer]: https://pkg.go.dev/github.com/docker/docker@v28.5.1+incompatible/registry#IndexServer +const authConfigKey = "https://index.docker.io/v1/" + +// getAuthConfigKey returns the canonical key used to look up stored +// registry credentials for the given registry domain. +// +// For the official Docker Hub registry ("docker.io"), credentials are stored +// under the historical full index address ("https://index.docker.io/v1/"). +// +// For all other registries, the input is domainName to already be a normalized +// hostname (optionally including ":port") and is returned unchanged. +// +// This function performs key normalization only; it does not validate or parse +// the input. +// +// It is similar to [registry.GetAuthConfigKey] in the daemon. +// +// [registry.GetAuthConfigKey]: https://pkg.go.dev/github.com/docker/docker@v28.5.1+incompatible/registry#GetAuthConfigKey +func getAuthConfigKey(domainName string) string { + if domainName == "docker.io" || domainName == "index.docker.io" { + return authConfigKey + } + return domainName +} + // ConfigFile ~/.docker/config.json file info type ConfigFile struct { AuthConfigs map[string]types.AuthConfig `json:"auths"` @@ -96,12 +124,12 @@ func New(fn string) *ConfigFile { // LoadFromReader reads the configuration data given and sets up the auth config // information with given directory and populates the receiver object -func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error { - if err := json.NewDecoder(configData).Decode(configFile); err != nil && !errors.Is(err, io.EOF) { +func (c *ConfigFile) LoadFromReader(configData io.Reader) error { + if err := json.NewDecoder(configData).Decode(c); err != nil && !errors.Is(err, io.EOF) { return err } var err error - for addr, ac := range configFile.AuthConfigs { + for addr, ac := range c.AuthConfigs { if ac.Auth != "" { ac.Username, ac.Password, err = decodeAuth(ac.Auth) if err != nil { @@ -110,33 +138,33 @@ func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error { } ac.Auth = "" ac.ServerAddress = addr - configFile.AuthConfigs[addr] = ac + c.AuthConfigs[addr] = ac } return nil } // ContainsAuth returns whether there is authentication configured // in this file or not. -func (configFile *ConfigFile) ContainsAuth() bool { - return configFile.CredentialsStore != "" || - len(configFile.CredentialHelpers) > 0 || - len(configFile.AuthConfigs) > 0 +func (c *ConfigFile) ContainsAuth() bool { + return c.CredentialsStore != "" || + len(c.CredentialHelpers) > 0 || + len(c.AuthConfigs) > 0 } // GetAuthConfigs returns the mapping of repo to auth configuration -func (configFile *ConfigFile) GetAuthConfigs() map[string]types.AuthConfig { - if configFile.AuthConfigs == nil { - configFile.AuthConfigs = make(map[string]types.AuthConfig) +func (c *ConfigFile) GetAuthConfigs() map[string]types.AuthConfig { + if c.AuthConfigs == nil { + c.AuthConfigs = make(map[string]types.AuthConfig) } - return configFile.AuthConfigs + return c.AuthConfigs } // SaveToWriter encodes and writes out all the authorization information to // the given writer -func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error { +func (c *ConfigFile) SaveToWriter(writer io.Writer) error { // Encode sensitive data into a new/temp struct - tmpAuthConfigs := make(map[string]types.AuthConfig, len(configFile.AuthConfigs)) - for k, authConfig := range configFile.AuthConfigs { + tmpAuthConfigs := make(map[string]types.AuthConfig, len(c.AuthConfigs)) + for k, authConfig := range c.AuthConfigs { authCopy := authConfig // encode and save the authstring, while blanking out the original fields authCopy.Auth = encodeAuth(&authCopy) @@ -146,18 +174,18 @@ func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error { tmpAuthConfigs[k] = authCopy } - saveAuthConfigs := configFile.AuthConfigs - configFile.AuthConfigs = tmpAuthConfigs - defer func() { configFile.AuthConfigs = saveAuthConfigs }() + saveAuthConfigs := c.AuthConfigs + c.AuthConfigs = tmpAuthConfigs + defer func() { c.AuthConfigs = saveAuthConfigs }() // User-Agent header is automatically set, and should not be stored in the configuration - for v := range configFile.HTTPHeaders { + for v := range c.HTTPHeaders { if strings.EqualFold(v, "User-Agent") { - delete(configFile.HTTPHeaders, v) + delete(c.HTTPHeaders, v) } } - data, err := json.MarshalIndent(configFile, "", "\t") + data, err := json.MarshalIndent(c, "", "\t") if err != nil { return err } @@ -166,16 +194,16 @@ func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error { } // Save encodes and writes out all the authorization information -func (configFile *ConfigFile) Save() (retErr error) { - if configFile.Filename == "" { +func (c *ConfigFile) Save() (retErr error) { + if c.Filename == "" { return errors.New("can't save config with empty filename") } - dir := filepath.Dir(configFile.Filename) + dir := filepath.Dir(c.Filename) if err := os.MkdirAll(dir, 0o700); err != nil { return err } - temp, err := os.CreateTemp(dir, filepath.Base(configFile.Filename)) + temp, err := os.CreateTemp(dir, filepath.Base(c.Filename)) if err != nil { return err } @@ -189,7 +217,7 @@ func (configFile *ConfigFile) Save() (retErr error) { } }() - err = configFile.SaveToWriter(temp) + err = c.SaveToWriter(temp) if err != nil { return err } @@ -199,7 +227,7 @@ func (configFile *ConfigFile) Save() (retErr error) { } // Handle situation where the configfile is a symlink, and allow for dangling symlinks - cfgFile := configFile.Filename + cfgFile := c.Filename if f, err := filepath.EvalSymlinks(cfgFile); err == nil { cfgFile = f } else if os.IsNotExist(err) { @@ -217,16 +245,16 @@ func (configFile *ConfigFile) Save() (retErr error) { // ParseProxyConfig computes proxy configuration by retrieving the config for the provided host and // then checking this against any environment variables provided to the container -func (configFile *ConfigFile) ParseProxyConfig(host string, runOpts map[string]*string) map[string]*string { +func (c *ConfigFile) ParseProxyConfig(host string, runOpts map[string]*string) map[string]*string { var cfgKey string - if _, ok := configFile.Proxies[host]; !ok { + if _, ok := c.Proxies[host]; !ok { cfgKey = "default" } else { cfgKey = host } - config := configFile.Proxies[cfgKey] + config := c.Proxies[cfgKey] permitted := map[string]*string{ "HTTP_PROXY": &config.HTTPProxy, "HTTPS_PROXY": &config.HTTPSProxy, @@ -290,11 +318,11 @@ func decodeAuth(authStr string) (string, string, error) { // GetCredentialsStore returns a new credentials store from the settings in the // configuration file -func (configFile *ConfigFile) GetCredentialsStore(registryHostname string) credentials.Store { - store := credentials.NewFileStore(configFile) +func (c *ConfigFile) GetCredentialsStore(registryHostname string) credentials.Store { + store := credentials.NewFileStore(c) - if helper := getConfiguredCredentialStore(configFile, registryHostname); helper != "" { - store = newNativeStore(configFile, helper) + if helper := getConfiguredCredentialStore(c, getAuthConfigKey(registryHostname)); helper != "" { + store = newNativeStore(c, helper) } envConfig := os.Getenv(DockerEnvConfigKey) @@ -357,8 +385,9 @@ var newNativeStore = func(configFile *ConfigFile, helperSuffix string) credentia } // GetAuthConfig for a repository from the credential store -func (configFile *ConfigFile) GetAuthConfig(registryHostname string) (types.AuthConfig, error) { - return configFile.GetCredentialsStore(registryHostname).Get(registryHostname) +func (c *ConfigFile) GetAuthConfig(registryHostname string) (types.AuthConfig, error) { + acKey := getAuthConfigKey(registryHostname) + return c.GetCredentialsStore(acKey).Get(acKey) } // getConfiguredCredentialStore returns the credential helper configured for the @@ -375,13 +404,13 @@ func getConfiguredCredentialStore(c *ConfigFile, registryHostname string) string // GetAllCredentials returns all of the credentials stored in all of the // configured credential stores. -func (configFile *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig, error) { +func (c *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig, error) { auths := make(map[string]types.AuthConfig) addAll := func(from map[string]types.AuthConfig) { maps.Copy(auths, from) } - defaultStore := configFile.GetCredentialsStore("") + defaultStore := c.GetCredentialsStore("") newAuths, err := defaultStore.GetAll() if err != nil { return nil, err @@ -389,8 +418,8 @@ func (configFile *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig, addAll(newAuths) // Auth configs from a registry-specific helper should override those from the default store. - for registryHostname := range configFile.CredentialHelpers { - newAuth, err := configFile.GetAuthConfig(registryHostname) + for registryHostname := range c.CredentialHelpers { + newAuth, err := c.GetAuthConfig(registryHostname) if err != nil { // TODO(thaJeztah): use context-logger, so that this output can be suppressed (in tests). logrus.WithError(err).Warnf("Failed to get credentials for registry: %s", registryHostname) @@ -402,16 +431,16 @@ func (configFile *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig, } // GetFilename returns the file name that this config file is based on. -func (configFile *ConfigFile) GetFilename() string { - return configFile.Filename +func (c *ConfigFile) GetFilename() string { + return c.Filename } // PluginConfig retrieves the requested option for the given plugin. -func (configFile *ConfigFile) PluginConfig(pluginname, option string) (string, bool) { - if configFile.Plugins == nil { +func (c *ConfigFile) PluginConfig(pluginname, option string) (string, bool) { + if c.Plugins == nil { return "", false } - pluginConfig, ok := configFile.Plugins[pluginname] + pluginConfig, ok := c.Plugins[pluginname] if !ok { return "", false } @@ -423,14 +452,14 @@ func (configFile *ConfigFile) PluginConfig(pluginname, option string) (string, b // plugin. Passing a value of "" will remove the option. If removing // the final config item for a given plugin then also cleans up the // overall plugin entry. -func (configFile *ConfigFile) SetPluginConfig(pluginname, option, value string) { - if configFile.Plugins == nil { - configFile.Plugins = make(map[string]map[string]string) +func (c *ConfigFile) SetPluginConfig(pluginname, option, value string) { + if c.Plugins == nil { + c.Plugins = make(map[string]map[string]string) } - pluginConfig, ok := configFile.Plugins[pluginname] + pluginConfig, ok := c.Plugins[pluginname] if !ok { pluginConfig = make(map[string]string) - configFile.Plugins[pluginname] = pluginConfig + c.Plugins[pluginname] = pluginConfig } if value != "" { pluginConfig[option] = value @@ -438,6 +467,6 @@ func (configFile *ConfigFile) SetPluginConfig(pluginname, option, value string) delete(pluginConfig, option) } if len(pluginConfig) == 0 { - delete(configFile.Plugins, pluginname) + delete(c.Plugins, pluginname) } } diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store.go index a36afc41f4..35b9ae4f53 100644 --- a/vendor/github.com/docker/cli/cli/config/credentials/default_store.go +++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store.go @@ -2,12 +2,19 @@ package credentials import "os/exec" -// DetectDefaultStore return the default credentials store for the platform if -// no user-defined store is passed, and the store executable is available. -func DetectDefaultStore(store string) string { - if store != "" { +// DetectDefaultStore returns the credentials store to use if no user-defined +// custom helper is passed. +// +// Some platforms define a preferred helper, in which case it attempts to look +// up the helper binary before falling back to the platform's default. +// +// If no user-defined helper is passed, and no helper is found, it returns an +// empty string, which means credentials are stored unencrypted in the CLI's +// config-file without the use of a credentials store. +func DetectDefaultStore(customStore string) string { + if customStore != "" { // use user-defined - return store + return customStore } platformDefault := defaultCredentialsStore() diff --git a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go index c69312b014..e3ef8e25ed 100644 --- a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go +++ b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go @@ -99,9 +99,14 @@ func (c *fileStore) Store(authConfig types.AuthConfig) error { return nil } -// ConvertToHostname converts a registry url which has http|https prepended -// to just an hostname. -// Copied from github.com/docker/docker/registry.ConvertToHostname to reduce dependencies. +// ConvertToHostname normalizes a registry URL which has http|https prepended +// to just its hostname. It is used to match credentials, which may be either +// stored as hostname or as hostname including scheme (in legacy configuration +// files). +// +// It's the equivalent to [registry.ConvertToHostname] in the daemon. +// +// [registry.ConvertToHostname]: https://pkg.go.dev/github.com/moby/moby/v2@v2.0.0-beta.7/daemon/pkg/registry#ConvertToHostname func ConvertToHostname(maybeURL string) string { stripped := maybeURL if strings.Contains(stripped, "://") { diff --git a/vendor/github.com/docker/cli/cli/config/memorystore/store.go b/vendor/github.com/docker/cli/cli/config/memorystore/store.go index f8ec62b95a..44523d392b 100644 --- a/vendor/github.com/docker/cli/cli/config/memorystore/store.go +++ b/vendor/github.com/docker/cli/cli/config/memorystore/store.go @@ -1,5 +1,5 @@ // FIXME(thaJeztah): remove once we are a module; the go:build directive prevents go from downgrading language version to go1.16: -//go:build go1.24 +//go:build go1.25 package memorystore diff --git a/vendor/github.com/docker/distribution/LICENSE b/vendor/github.com/docker/distribution/LICENSE deleted file mode 100644 index e06d208186..0000000000 --- a/vendor/github.com/docker/distribution/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ -Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go b/vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go deleted file mode 100644 index 2c3ebe1653..0000000000 --- a/vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go +++ /dev/null @@ -1,27 +0,0 @@ -package challenge - -import ( - "net/url" - "strings" -) - -// FROM: https://golang.org/src/net/http/http.go -// Given a string of the form "host", "host:port", or "[ipv6::address]:port", -// return true if the string includes a port. -func hasPort(s string) bool { return strings.LastIndex(s, ":") > strings.LastIndex(s, "]") } - -// FROM: http://golang.org/src/net/http/transport.go -var portMap = map[string]string{ - "http": "80", - "https": "443", -} - -// canonicalAddr returns url.Host but always with a ":port" suffix -// FROM: http://golang.org/src/net/http/transport.go -func canonicalAddr(url *url.URL) string { - addr := url.Host - if !hasPort(addr) { - return addr + ":" + portMap[url.Scheme] - } - return addr -} diff --git a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml deleted file mode 100644 index 7f257e99ac..0000000000 --- a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml +++ /dev/null @@ -1,14 +0,0 @@ -freebsd_task: - name: 'FreeBSD' - freebsd_instance: - image_family: freebsd-14-2 - install_script: - - pkg update -f - - pkg install -y go - test_script: - # run tests as user "cirrus" instead of root - - pw useradd cirrus -m - - chown -R cirrus:cirrus . - - FSNOTIFY_BUFFER=4096 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./... - - sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./... - - FSNOTIFY_DEBUG=1 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race -v ./... diff --git a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md index 6468d2cf40..3027f3c67a 100644 --- a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md +++ b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md @@ -1,5 +1,54 @@ # Changelog +1.10.1 2026-05-04 +----------------- + +### Changes and fixes + +- inotify: don't remove sibling watches sharing a path prefix ([#754]) + +- inotify, windows: don't rename sibling watches sharing a path prefix + ([#755]) + + +[#754]: https://github.com/fsnotify/fsnotify/pull/754 +[#755]: https://github.com/fsnotify/fsnotify/pull/755 + + +1.10.0 2026-04-30 +----------------- +This version of fsnotify needs Go 1.23. + +### Changes and fixes + +- inotify: improve initialization error message ([#731]) + +- inotify: send Rename event if recursive watch is renamed ([#696]) + +- inotify: avoid copying event buffers when reading names ([#741]) + +- kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a + bad entry no longer aborts Watcher.Add for the whole directory ([#748]) + +- kqueue: drop watches directly in Close() to fix a file descriptor leak + when recycling watchers ([#740]) + +- windows: fix nil pointer dereference in remWatch ([#736]) + +- windows: lock watch field updates against concurrent WatchList to fix + a race introduced in v1.9.0 ([#709], [#749]) + + +[#696]: https://github.com/fsnotify/fsnotify/pull/696 +[#709]: https://github.com/fsnotify/fsnotify/pull/709 +[#731]: https://github.com/fsnotify/fsnotify/pull/731 +[#736]: https://github.com/fsnotify/fsnotify/pull/736 +[#740]: https://github.com/fsnotify/fsnotify/pull/740 +[#741]: https://github.com/fsnotify/fsnotify/pull/741 +[#748]: https://github.com/fsnotify/fsnotify/pull/748 +[#749]: https://github.com/fsnotify/fsnotify/pull/749 + + 1.9.0 2024-04-04 ---------------- diff --git a/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md b/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md index 4cc40fa597..cd0ee612da 100644 --- a/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md +++ b/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md @@ -77,6 +77,8 @@ End-of-line escapes with `\` are not supported. debug [yes/no] # Enable/disable FSNOTIFY_DEBUG (tests are run in parallel by default, so -parallel=1 is probably a good idea). + state # Print internal state to stderr (exact output differs + # per backend). print [any strings] # Print text to stdout; for debugging. touch path diff --git a/vendor/github.com/fsnotify/fsnotify/README.md b/vendor/github.com/fsnotify/fsnotify/README.md index 1f4eb583d5..2e56ef4c9a 100644 --- a/vendor/github.com/fsnotify/fsnotify/README.md +++ b/vendor/github.com/fsnotify/fsnotify/README.md @@ -1,7 +1,7 @@ fsnotify is a Go library to provide cross-platform filesystem notifications on Windows, Linux, macOS, BSD, and illumos. -Go 1.17 or newer is required; the full documentation is at +Go 1.23 or newer is required; the full documentation is at https://pkg.go.dev/github.com/fsnotify/fsnotify --- @@ -12,7 +12,7 @@ Platform support: | :-------------------- | :--------- | :------------------------------------------------------------------------ | | inotify | Linux | Supported | | kqueue | BSD, macOS | Supported | -| ReadDirectoryChangesW | Windows | Supported | +| ReadDirectoryChangesW | Windows | Supported ([excluding `Chmod` operations][#487]) | | FEN | illumos | Supported | | fanotify | Linux 5.9+ | [Not yet](https://github.com/fsnotify/fsnotify/issues/114) | | FSEvents | macOS | [Needs support in x/sys/unix][fsevents] | @@ -22,6 +22,7 @@ Platform support: Linux and illumos should include Android and Solaris, but these are currently untested. +[#487]: https://github.com/fsnotify/fsnotify/issues/487 [fsevents]: https://github.com/fsnotify/fsnotify/issues/11#issuecomment-1279133120 [usn]: https://github.com/fsnotify/fsnotify/issues/53#issuecomment-1279829847 @@ -126,7 +127,7 @@ settings* until we have a native FSEvents implementation (see [#11]). ### Watching a file doesn't work well Watching individual files (rather than directories) is generally not recommended as many programs (especially editors) update files atomically: it will write to -a temporary file which is then moved to to destination, overwriting the original +a temporary file which is then moved to a destination, overwriting the original (or some variant thereof). The watcher on the original file is now lost, as that no longer exists. @@ -151,26 +152,57 @@ This is the event that inotify sends, so not much can be changed about this. The `fs.inotify.max_user_watches` sysctl variable specifies the upper limit for the number of watches per user, and `fs.inotify.max_user_instances` specifies the maximum number of inotify instances per user. Every Watcher you create is an -"instance", and every path you add is a "watch". +"instance", and every path you add is a "watch". Reaching the limit will result +in a "no space left on device" or "too many open files" error. These are also exposed in `/proc` as `/proc/sys/fs/inotify/max_user_watches` and -`/proc/sys/fs/inotify/max_user_instances` +`/proc/sys/fs/inotify/max_user_instances`. The default values differ per distro +and available memory. To increase them you can use `sysctl` or write the value to proc file: - # The default values on Linux 5.18 - sysctl fs.inotify.max_user_watches=124983 - sysctl fs.inotify.max_user_instances=128 + sysctl fs.inotify.max_user_watches=200000 + sysctl fs.inotify.max_user_instances=256 To make the changes persist on reboot edit `/etc/sysctl.conf` or `/usr/lib/sysctl.d/50-default.conf` (details differ per Linux distro; check your distro's documentation): - fs.inotify.max_user_watches=124983 - fs.inotify.max_user_instances=128 + fs.inotify.max_user_watches=200000 + fs.inotify.max_user_instances=256 + +### Windows +Recursive watching is not currently enabled through fsnotify's public API +(see the FAQ "Are subdirectories watched?" above). The notes below +describe Windows backend behavior observed when recursive watching is +enabled internally (for example, in fsnotify's own tests). They are kept +here as a reference for maintainers and contributors who encounter the +behavior, since the recursive code path still exists in the backend. + +When recursive watching is enabled and you watch a directory, you may +receive a `Write` event for an intermediate directory whenever a child +entry inside it is created, renamed, or removed. For example, with a +recursive watch on `/a` and a new file `/a/b/c`, you will receive +`Create /a/b/c` and may also receive `Write /a/b`. + +This happens because, on NTFS-backed volumes, modifying the entries of a +directory updates that directory's last-write time, and the Windows +backend requests `FILE_NOTIFY_CHANGE_LAST_WRITE` to support `Write` events +on files. The same `Write` filter therefore picks up the directory's +metadata update. + +kqueue has the same "directory `Write` = directory contents changed" +semantics, so portable code that treats `Write` on a directory as +"something inside it changed" works on Windows and BSD/macOS, but not on +Linux (inotify uses `Write` only for file-content changes). If you only +care about file content, filter out `Write` events whose path refers to a +directory. + +Whether the directory `Write` is actually delivered alongside the child +events is not guaranteed: it depends on `ReadDirectoryChangesW` buffering, +NTFS metadata update timing, and event coalescing, none of which fsnotify +controls. -Reaching the limit will result in a "no space left on device" or "too many open -files" error. ### kqueue (macOS, all BSD systems) kqueue requires opening a file descriptor for every file that's being watched; diff --git a/vendor/github.com/fsnotify/fsnotify/backend_fen.go b/vendor/github.com/fsnotify/fsnotify/backend_fen.go index 57fc692848..e43c6d088c 100644 --- a/vendor/github.com/fsnotify/fsnotify/backend_fen.go +++ b/vendor/github.com/fsnotify/fsnotify/backend_fen.go @@ -158,7 +158,9 @@ func (w *fen) readEvents() { pevents := make([]unix.PortEvent, 8) for { - count, err := w.port.Get(pevents, 1, nil) + count, err := internal.IgnoringEINTR(func() (int, error) { + return w.port.Get(pevents, 1, nil) + }) if err != nil && err != unix.ETIME { // Interrupted system call (count should be 0) ignore and continue if errors.Is(err, unix.EINTR) && count == 0 { diff --git a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go index a36cb89d73..4c3f6f7c28 100644 --- a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go +++ b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go @@ -55,10 +55,10 @@ type ( path map[string]uint32 // pathname → wd } watch struct { - wd uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall) - flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags) - path string // Watch path. - recurse bool // Recursion with ./...? + wd uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall) + flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags) + path string // Watch path. + watchFlags watchFlag } koekje struct { cookie uint32 @@ -66,6 +66,9 @@ type ( } ) +func (w watch) byUser() bool { return w.watchFlags&flagByUser != 0 } +func (w watch) recurse() bool { return w.watchFlags&flagRecurse != 0 } + func newWatches() *watches { return &watches{ wd: make(map[uint32]*watch), @@ -79,6 +82,13 @@ func (w *watches) len() int { return len(w.wd) } func (w *watches) add(ww *watch) { w.wd[ww.wd] = ww; w.path[ww.path] = ww.wd } func (w *watches) remove(watch *watch) { delete(w.path, watch.path); delete(w.wd, watch.wd) } +func isSameOrDescendantPath(path, root string) bool { + if path == root { + return true + } + return strings.HasPrefix(path, root+string(os.PathSeparator)) +} + func (w *watches) removePath(path string) ([]uint32, error) { path, recurse := recursivePath(path) wd, ok := w.path[path] @@ -87,20 +97,20 @@ func (w *watches) removePath(path string) ([]uint32, error) { } watch := w.wd[wd] - if recurse && !watch.recurse { + if recurse && !watch.recurse() { return nil, fmt.Errorf("can't use /... with non-recursive watch %q", path) } delete(w.path, path) delete(w.wd, wd) - if !watch.recurse { + if !watch.recurse() { return []uint32{wd}, nil } wds := make([]uint32, 0, 8) wds = append(wds, wd) for p, rwd := range w.path { - if strings.HasPrefix(p, path) { + if isSameOrDescendantPath(p, path) { delete(w.path, p) delete(w.wd, rwd) wds = append(wds, rwd) @@ -139,7 +149,7 @@ func newBackend(ev chan Event, errs chan error) (backend, error) { // I/O operations won't terminate on close. fd, errno := unix.InotifyInit1(unix.IN_CLOEXEC | unix.IN_NONBLOCK) if fd == -1 { - return nil, errno + return nil, fmt.Errorf("couldn't initialize inotify: %w", errno) } w := &inotify{ @@ -188,11 +198,8 @@ func (w *inotify) AddWith(path string, opts ...addOpt) error { return fmt.Errorf("%w: %s", xErrUnsupported, with.op) } - add := func(path string, with withOpts, recurse bool) error { + add := func(path string, with withOpts, wf watchFlag) error { var flags uint32 - if with.noFollow { - flags |= unix.IN_DONT_FOLLOW - } if with.op.Has(Create) { flags |= unix.IN_CREATE } @@ -220,7 +227,7 @@ func (w *inotify) AddWith(path string, opts ...addOpt) error { if with.op.Has(xUnportableCloseRead) { flags |= unix.IN_CLOSE_NOWRITE } - return w.register(path, flags, recurse) + return w.register(path, flags, wf) } w.mu.Lock() @@ -248,14 +255,18 @@ func (w *inotify) AddWith(path string, opts ...addOpt) error { w.sendEvent(Event{Name: root, Op: Create}) } - return add(root, with, true) + wf := flagRecurse + if root == path { + wf |= flagByUser + } + return add(root, with, wf) }) } - return add(path, with, false) + return add(path, with, 0) } -func (w *inotify) register(path string, flags uint32, recurse bool) error { +func (w *inotify) register(path string, flags uint32, wf watchFlag) error { return w.watches.updatePath(path, func(existing *watch) (*watch, error) { if existing != nil { flags |= existing.flags | unix.IN_MASK_ADD @@ -272,10 +283,10 @@ func (w *inotify) register(path string, flags uint32, recurse bool) error { if existing == nil { return &watch{ - wd: uint32(wd), - path: path, - flags: flags, - recurse: recurse, + wd: uint32(wd), + path: path, + flags: flags, + watchFlags: wf, }, nil } @@ -425,11 +436,7 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs nameLen = uint32(inEvent.Len) ) if nameLen > 0 { - /// Point "bytes" at the first byte of the filename - bb := *buf - bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&bb[offset+unix.SizeofInotifyEvent]))[:nameLen:nameLen] - /// The filename is padded with NULL bytes. TrimRight() gets rid of those. - name += "/" + strings.TrimRight(string(bytes[0:nameLen]), "\x00") + name += "/" + inotifyEventName(buf, offset, nameLen) } if debug { @@ -450,7 +457,9 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs // We can't really update the state when a watched path is moved; only // IN_MOVE_SELF is sent and not IN_MOVED_{FROM,TO}. So remove the watch. if inEvent.Mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF { - if watch.recurse { // Do nothing + // Watch is set up as part of recurse: do nothing as the move gets + // registered from the parent directory. + if watch.recurse() && !watch.byUser() { return Event{}, true } @@ -460,6 +469,10 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs return Event{}, false } } + + if watch.recurse() { + return Event{Name: watch.path, Op: Rename}, true + } } /// Skip if we're watching both this path and the parent; the parent will @@ -473,11 +486,11 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs ev := w.newEvent(name, inEvent.Mask, inEvent.Cookie) // Need to update watch path for recurse. - if watch.recurse { + if watch.recurse() { isDir := inEvent.Mask&unix.IN_ISDIR == unix.IN_ISDIR /// New directory created: set up watch on it. if isDir && ev.Has(Create) { - err := w.register(ev.Name, watch.flags, true) + err := w.register(ev.Name, watch.flags, flagRecurse) if !w.sendError(err) { return Event{}, false } @@ -495,7 +508,7 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs if k == watch.wd || ww.path == ev.Name { continue } - if strings.HasPrefix(ww.path, ev.renamedFrom) { + if isSameOrDescendantPath(ww.path, ev.renamedFrom) { ww.path = strings.Replace(ww.path, ev.renamedFrom, ev.Name, 1) w.watches.wd[k] = ww } @@ -507,12 +520,13 @@ func (w *inotify) handleEvent(inEvent *unix.InotifyEvent, buf *[65536]byte, offs return ev, true } -func (w *inotify) isRecursive(path string) bool { - ww := w.watches.byPath(path) - if ww == nil { // path could be a file, so also check the Dir. - ww = w.watches.byPath(filepath.Dir(path)) +func inotifyEventName(buf *[65536]byte, offset, nameLen uint32) string { + start := int(offset + unix.SizeofInotifyEvent) + bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&buf[start]))[:nameLen:nameLen] + for nameLen > 0 && bytes[nameLen-1] == 0 { + nameLen-- } - return ww != nil && ww.recurse + return string(bytes[:nameLen]) } func (w *inotify) newEvent(name string, mask, cookie uint32) Event { @@ -578,6 +592,6 @@ func (w *inotify) state() { w.mu.Lock() defer w.mu.Unlock() for wd, ww := range w.watches.wd { - fmt.Fprintf(os.Stderr, "%4d: recurse=%t %q\n", wd, ww.recurse, ww.path) + fmt.Fprintf(os.Stderr, "%4d: %q watchFlags=0x%x\n", wd, ww.path, ww.watchFlags) } } diff --git a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go index 340aeec061..d2c8cfb6c6 100644 --- a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go +++ b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go @@ -8,6 +8,7 @@ import ( "os" "path/filepath" "runtime" + "sort" "sync" "time" @@ -245,9 +246,26 @@ func (w *kqueue) Close() error { return nil } + // Snapshot and drop all watches directly. w.Remove -> w.remove + // short-circuits on isClosed() (which is already true after + // w.shared.close() above), so calling Remove here in the happy path + // leaked every watched directory + file descriptor. On macOS a + // single directory watch opens an fd for every file in the dir, so + // long-running processes that recreate watchers (hot-reload dev + // servers, etc.) ran out of fds with EMFILE (#732). pathsToRemove := w.watches.listPaths(false) for _, name := range pathsToRemove { - w.Remove(name) + info, ok := w.watches.byPath(name) + if !ok { + // w.path has an entry for name but w.wd doesn't -- + // drop the stale lookup entry so the map state is + // consistent after Close. + w.watches.remove(0, name) + continue + } + _ = w.register([]int{info.wd}, unix.EV_DELETE, 0) + unix.Close(info.wd) + w.watches.remove(info.wd, name) } unix.Close(w.closepipe[1]) // Send "quit" message to readEvents @@ -376,19 +394,12 @@ func (w *kqueue) addWatch(name string, flags uint32, listDir bool) (string, erro } } - // Retry on EINTR; open() can return EINTR in practice on macOS. - // See #354, and Go issues 11180 and 39237. - for { - info.wd, err = unix.Open(name, openMode, 0) - if err == nil { - break - } - if errors.Is(err, unix.EINTR) { - continue - } + info.wd, err = internal.IgnoringEINTR(func() (int, error) { + return unix.Open(name, openMode, 0) + }) + if err != nil { return "", err } - info.isDir = fi.IsDir() } @@ -436,9 +447,10 @@ func (w *kqueue) readEvents() { eventBuffer := make([]unix.Kevent_t, 10) for { - kevents, err := w.read(eventBuffer) - // EINTR is okay, the syscall was interrupted before timeout expired. - if err != nil && err != unix.EINTR { + kevents, err := internal.IgnoringEINTR(func() ([]unix.Kevent_t, error) { + return w.read(eventBuffer) + }) + if err != nil { if !w.sendError(fmt.Errorf("fsnotify.readEvents: %w", err)) { return } @@ -583,12 +595,14 @@ func (w *kqueue) watchDirectoryFiles(dirPath string) error { cleanPath, err := w.internalWatch(path, fi) if err != nil { - // No permission to read the file; that's not a problem: just skip. - // But do add it to w.fileExists to prevent it from being picked up - // as a "new" file later (it still shows up in the directory + // No permission, or the entry resolved to a missing target + // (e.g. a dangling symlink): not a problem, just skip. But + // do mark it as seen to prevent it from being picked up as + // a "new" file later (it still shows up in the directory // listing). switch { - case errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM): + case errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM) || + errors.Is(err, os.ErrNotExist): cleanPath = filepath.Clean(path) default: return fmt.Errorf("%q: %w", path, err) @@ -703,3 +717,19 @@ func (w *kqueue) xSupports(op Op) bool { } return true } + +func (w *kqueue) state() { + w.watches.mu.Lock() + defer w.watches.mu.Unlock() + + all := make([]int, 0, len(w.watches.wd)) + for wd := range w.watches.wd { + all = append(all, wd) + } + sort.Ints(all) + + for _, wd := range all { + ww := w.watches.wd[wd] + fmt.Fprintf(os.Stderr, "%4d %q linkname=%q\n", wd, ww.name, ww.linkName) + } +} diff --git a/vendor/github.com/fsnotify/fsnotify/backend_windows.go b/vendor/github.com/fsnotify/fsnotify/backend_windows.go index 3433642d64..fb9210f24e 100644 --- a/vendor/github.com/fsnotify/fsnotify/backend_windows.go +++ b/vendor/github.com/fsnotify/fsnotify/backend_windows.go @@ -11,7 +11,6 @@ import ( "fmt" "os" "path/filepath" - "reflect" "runtime" "strings" "sync" @@ -37,6 +36,13 @@ type readDirChangesW struct { var defaultBufferSize = 50 +func isSameOrDescendantPath(path, root string) bool { + if path == root { + return true + } + return strings.HasPrefix(path, root+string(os.PathSeparator)) +} + func newBackend(ev chan Event, errs chan error) (backend, error) { port, err := windows.CreateIoCompletionPort(windows.InvalidHandle, 0, 0, 0) if err != nil { @@ -359,22 +365,26 @@ func (w *readDirChangesW) addWatch(pathname string, flags uint64, bufsize int) e } else { windows.CloseHandle(ino.handle) } + w.mu.Lock() if pathname == dir { watchEntry.mask |= flags } else { watchEntry.names[filepath.Base(pathname)] |= flags } + w.mu.Unlock() err = w.startRead(watchEntry) if err != nil { return err } + w.mu.Lock() if pathname == dir { watchEntry.mask &= ^provisional } else { watchEntry.names[filepath.Base(pathname)] &= ^provisional } + w.mu.Unlock() return nil } @@ -394,8 +404,13 @@ func (w *readDirChangesW) remWatch(pathname string) error { w.mu.Lock() watch := w.watches.get(ino) w.mu.Unlock() + if watch == nil { + windows.CloseHandle(ino.handle) + return fmt.Errorf("%w: %s", ErrNonExistentWatch, pathname) + } if recurse && !watch.recurse { + windows.CloseHandle(ino.handle) return fmt.Errorf("can't use \\... with non-recursive watch %q", pathname) } @@ -403,16 +418,19 @@ func (w *readDirChangesW) remWatch(pathname string) error { if err != nil { w.sendError(os.NewSyscallError("CloseHandle", err)) } - if watch == nil { - return fmt.Errorf("%w: %s", ErrNonExistentWatch, pathname) - } if pathname == dir { - w.sendEvent(watch.path, "", watch.mask&sysFSIGNORED) + w.mu.Lock() + mask := watch.mask watch.mask = 0 + w.mu.Unlock() + w.sendEvent(watch.path, "", mask&sysFSIGNORED) } else { name := filepath.Base(pathname) - w.sendEvent(filepath.Join(watch.path, name), "", watch.names[name]&sysFSIGNORED) + w.mu.Lock() + mask := watch.names[name] delete(watch.names, name) + w.mu.Unlock() + w.sendEvent(filepath.Join(watch.path, name), "", mask&sysFSIGNORED) } return w.startRead(watch) @@ -420,17 +438,23 @@ func (w *readDirChangesW) remWatch(pathname string) error { // Must run within the I/O thread. func (w *readDirChangesW) deleteWatch(watch *watch) { - for name, mask := range watch.names { - if mask&provisional == 0 { - w.sendEvent(filepath.Join(watch.path, name), "", mask&sysFSIGNORED) + // Snapshot+clear under the lock so concurrent WatchList() readers see a + // consistent state. sendEvent must run outside the lock since it can + // block on the user-facing Events channel. + w.mu.Lock() + names := watch.names + watch.names = make(map[string]uint64) + mask := watch.mask + watch.mask = 0 + w.mu.Unlock() + + for name, m := range names { + if m&provisional == 0 { + w.sendEvent(filepath.Join(watch.path, name), "", m&sysFSIGNORED) } - delete(watch.names, name) } - if watch.mask != 0 { - if watch.mask&provisional == 0 { - w.sendEvent(watch.path, "", watch.mask&sysFSIGNORED) - } - watch.mask = 0 + if mask != 0 && mask&provisional == 0 { + w.sendEvent(watch.path, "", mask&sysFSIGNORED) } } @@ -457,9 +481,8 @@ func (w *readDirChangesW) startRead(watch *watch) error { } // We need to pass the array, rather than the slice. - hdr := (*reflect.SliceHeader)(unsafe.Pointer(&watch.buf)) rdErr := windows.ReadDirectoryChanges(watch.ino.handle, - (*byte)(unsafe.Pointer(hdr.Data)), uint32(hdr.Len), + unsafe.SliceData(watch.buf), uint32(len(watch.buf)), watch.recurse, mask, nil, &watch.ov, 0) if rdErr != nil { err := os.NewSyscallError("ReadDirectoryChanges", rdErr) @@ -565,12 +588,7 @@ func (w *readDirChangesW) readEvents() { // Create a buf that is the size of the path name size := int(raw.FileNameLength / 2) - var buf []uint16 - // TODO: Use unsafe.Slice in Go 1.17; https://stackoverflow.com/questions/51187973 - sh := (*reflect.SliceHeader)(unsafe.Pointer(&buf)) - sh.Data = uintptr(unsafe.Pointer(&raw.FileName)) - sh.Len = size - sh.Cap = size + buf := unsafe.Slice(&raw.FileName, size) name := windows.UTF16ToString(buf) fullname := filepath.Join(watch.path, name) @@ -587,31 +605,35 @@ func (w *readDirChangesW) readEvents() { case windows.FILE_ACTION_RENAMED_OLD_NAME: watch.rename = name case windows.FILE_ACTION_RENAMED_NEW_NAME: - // Update saved path of all sub-watches. + // Update saved path of all sub-watches and rename the + // names entry under the lock so WatchList() can't observe + // a torn state. old := filepath.Join(watch.path, watch.rename) w.mu.Lock() for _, watchMap := range w.watches { for _, ww := range watchMap { - if strings.HasPrefix(ww.path, old) { + if isSameOrDescendantPath(ww.path, old) { ww.path = filepath.Join(fullname, strings.TrimPrefix(ww.path, old)) } } } - w.mu.Unlock() - if watch.names[watch.rename] != 0 { watch.names[name] |= watch.names[watch.rename] delete(watch.names, watch.rename) mask = sysFSMOVESELF } + w.mu.Unlock() } if raw.Action != windows.FILE_ACTION_RENAMED_NEW_NAME { w.sendEvent(fullname, "", watch.names[name]&mask) } if raw.Action == windows.FILE_ACTION_REMOVED { - w.sendEvent(fullname, "", watch.names[name]&sysFSIGNORED) + w.mu.Lock() + ignored := watch.names[name] & sysFSIGNORED delete(watch.names, name) + w.mu.Unlock() + w.sendEvent(fullname, "", ignored) } if watch.rename != "" && raw.Action == windows.FILE_ACTION_RENAMED_NEW_NAME { diff --git a/vendor/github.com/fsnotify/fsnotify/fsnotify.go b/vendor/github.com/fsnotify/fsnotify/fsnotify.go index f64be4bf98..38cb4dd481 100644 --- a/vendor/github.com/fsnotify/fsnotify/fsnotify.go +++ b/vendor/github.com/fsnotify/fsnotify/fsnotify.go @@ -51,26 +51,25 @@ import ( // The fs.inotify.max_user_watches sysctl variable specifies the upper limit // for the number of watches per user, and fs.inotify.max_user_instances // specifies the maximum number of inotify instances per user. Every Watcher you -// create is an "instance", and every path you add is a "watch". +// create is an "instance", and every path you add is a "watch". Reaching the +// limit will result in a "no space left on device" or "too many open files" +// error. // // These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and -// /proc/sys/fs/inotify/max_user_instances +// /proc/sys/fs/inotify/max_user_instances. The default values differ per distro +// and available memory. // // To increase them you can use sysctl or write the value to the /proc file: // -// # Default values on Linux 5.18 -// sysctl fs.inotify.max_user_watches=124983 -// sysctl fs.inotify.max_user_instances=128 +// sysctl fs.inotify.max_user_watches=200000 +// sysctl fs.inotify.max_user_instances=256 // // To make the changes persist on reboot edit /etc/sysctl.conf or // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check // your distro's documentation): // -// fs.inotify.max_user_watches=124983 -// fs.inotify.max_user_instances=128 -// -// Reaching the limit will result in a "no space left on device" or "too many open -// files" error. +// fs.inotify.max_user_watches=200000 +// fs.inotify.max_user_instances=256 // // # kqueue notes (macOS, BSD) // @@ -93,6 +92,28 @@ import ( // Sometimes it will send events for all files, sometimes it will send no // events, and often only for some files. // +// Recursive watching is not currently enabled through fsnotify's public +// API; the recursive code path is gated and only exercised by fsnotify's +// own tests. The note below describes backend behavior observed when +// recursive watching is enabled internally, and is kept here as a +// reference for maintainers and contributors who encounter it. +// +// When recursive watching is enabled and you watch a directory, you may +// receive a Write event for an intermediate directory whenever a child +// entry inside it is created, renamed, or removed. For example, with a +// recursive watch on /a and a new file /a/b/c, you will receive +// Create /a/b/c and may also receive Write /a/b. +// +// This happens because, on NTFS-backed volumes, modifying the entries of a +// directory updates that directory's last-write time, and the Windows +// backend requests FILE_NOTIFY_CHANGE_LAST_WRITE to support Write events +// on files. The same Write filter therefore picks up the directory's +// metadata update. +// +// Whether the directory Write is actually delivered alongside the child +// events is not guaranteed; it depends on ReadDirectoryChangesW buffering, +// NTFS metadata update timing, and event coalescing. +// // The default ReadDirectoryChangesW() buffer size is 64K, which is the largest // value that is guaranteed to work with SMB filesystems. If you have many // events in quick succession this may not be enough, and you will have to use @@ -129,8 +150,12 @@ type Watcher struct { // want to wait until you've stopped receiving them // (see the dedup example in cmd/fsnotify). // - // Some systems may send Write event for directories - // when the directory content changes. + // Some systems also send Write events for directories + // when the directory contents change. This is the + // case for kqueue, and on Windows for the directory + // that contains a created, renamed, or removed child + // entry. It does not happen on inotify. See the + // per-platform notes on [Watcher]. // // fsnotify.Chmod Attributes were changed. On Linux this is also sent // when a file is removed (or more accurately, when a @@ -179,7 +204,9 @@ const ( Create Op = 1 << iota // The pathname was written to; this does *not* mean the write has finished, - // and a write can be followed by more writes. + // and a write can be followed by more writes. On Windows and kqueue, a + // Write on a directory can also indicate that its contents changed; see + // the per-platform notes on [Watcher]. Write // The path was removed; any watches on it will be removed. Some "remove" @@ -220,7 +247,7 @@ const ( // File opened for reading was closed. // - // Only works on Linux and FreeBSD. + // Only works on Linux. xUnportableCloseRead ) @@ -410,7 +437,6 @@ type ( withOpts struct { bufsize int op Op - noFollow bool sendCreate bool } ) @@ -469,12 +495,6 @@ func withOps(op Op) addOpt { return func(opt *withOpts) { opt.op = op } } -// WithNoFollow disables following symlinks, so the symlinks themselves are -// watched. -func withNoFollow() addOpt { - return func(opt *withOpts) { opt.noFollow = true } -} - // "Internal" option for recursive watches on inotify. func withCreate() addOpt { return func(opt *withOpts) { opt.sendCreate = true } @@ -494,3 +514,13 @@ func recursivePath(path string) (string, bool) { } return path, false } + +type watchFlag uint8 + +const ( + // Added by user with Add(), rather than an internal watch. + flagByUser = watchFlag(0x01) + // Part of recursive watch; as the top-level path added by the user or an + // "internal" watch. + flagRecurse = watchFlag(0x02) +) diff --git a/vendor/github.com/fsnotify/fsnotify/internal/darwin.go b/vendor/github.com/fsnotify/fsnotify/internal/darwin.go index 0b01bc182a..6721aa6096 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/darwin.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/darwin.go @@ -15,25 +15,6 @@ var ( var maxfiles uint64 -func SetRlimit() { - // Go 1.19 will do this automatically: https://go-review.googlesource.com/c/go/+/393354/ - var l syscall.Rlimit - err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l) - if err == nil && l.Cur != l.Max { - l.Cur = l.Max - syscall.Setrlimit(syscall.RLIMIT_NOFILE, &l) - } - maxfiles = l.Cur - - if n, err := syscall.SysctlUint32("kern.maxfiles"); err == nil && uint64(n) < maxfiles { - maxfiles = uint64(n) - } - - if n, err := syscall.SysctlUint32("kern.maxfilesperproc"); err == nil && uint64(n) < maxfiles { - maxfiles = uint64(n) - } -} - func Maxfiles() uint64 { return maxfiles } func Mkfifo(path string, mode uint32) error { return unix.Mkfifo(path, mode) } func Mknod(path string, mode uint32, dev int) error { return unix.Mknod(path, mode, dev) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go index 928319fb09..7600180742 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go @@ -6,52 +6,10 @@ var names = []struct { n string m uint32 }{ - {"NOTE_ABSOLUTE", unix.NOTE_ABSOLUTE}, {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_BACKGROUND", unix.NOTE_BACKGROUND}, - {"NOTE_CHILD", unix.NOTE_CHILD}, - {"NOTE_CRITICAL", unix.NOTE_CRITICAL}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, - {"NOTE_EXITSTATUS", unix.NOTE_EXITSTATUS}, - {"NOTE_EXIT_CSERROR", unix.NOTE_EXIT_CSERROR}, - {"NOTE_EXIT_DECRYPTFAIL", unix.NOTE_EXIT_DECRYPTFAIL}, - {"NOTE_EXIT_DETAIL", unix.NOTE_EXIT_DETAIL}, - {"NOTE_EXIT_DETAIL_MASK", unix.NOTE_EXIT_DETAIL_MASK}, - {"NOTE_EXIT_MEMORY", unix.NOTE_EXIT_MEMORY}, - {"NOTE_EXIT_REPARENTED", unix.NOTE_EXIT_REPARENTED}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FFAND", unix.NOTE_FFAND}, - {"NOTE_FFCOPY", unix.NOTE_FFCOPY}, - {"NOTE_FFCTRLMASK", unix.NOTE_FFCTRLMASK}, - {"NOTE_FFLAGSMASK", unix.NOTE_FFLAGSMASK}, - {"NOTE_FFNOP", unix.NOTE_FFNOP}, - {"NOTE_FFOR", unix.NOTE_FFOR}, - {"NOTE_FORK", unix.NOTE_FORK}, - {"NOTE_FUNLOCK", unix.NOTE_FUNLOCK}, - {"NOTE_LEEWAY", unix.NOTE_LEEWAY}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_MACHTIME", unix.NOTE_MACHTIME}, - {"NOTE_MACH_CONTINUOUS_TIME", unix.NOTE_MACH_CONTINUOUS_TIME}, - {"NOTE_NONE", unix.NOTE_NONE}, - {"NOTE_NSECONDS", unix.NOTE_NSECONDS}, - {"NOTE_OOB", unix.NOTE_OOB}, - //{"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, -0x100000 (?!) - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, - {"NOTE_REAP", unix.NOTE_REAP}, {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_SECONDS", unix.NOTE_SECONDS}, - {"NOTE_SIGNAL", unix.NOTE_SIGNAL}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRIGGER", unix.NOTE_TRIGGER}, - {"NOTE_USECONDS", unix.NOTE_USECONDS}, - {"NOTE_VM_ERROR", unix.NOTE_VM_ERROR}, - {"NOTE_VM_PRESSURE", unix.NOTE_VM_PRESSURE}, - {"NOTE_VM_PRESSURE_SUDDEN_TERMINATE", unix.NOTE_VM_PRESSURE_SUDDEN_TERMINATE}, - {"NOTE_VM_PRESSURE_TERMINATE", unix.NOTE_VM_PRESSURE_TERMINATE}, {"NOTE_WRITE", unix.NOTE_WRITE}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go index 3186b0c349..7600180742 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go @@ -7,27 +7,9 @@ var names = []struct { m uint32 }{ {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_CHILD", unix.NOTE_CHILD}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FFAND", unix.NOTE_FFAND}, - {"NOTE_FFCOPY", unix.NOTE_FFCOPY}, - {"NOTE_FFCTRLMASK", unix.NOTE_FFCTRLMASK}, - {"NOTE_FFLAGSMASK", unix.NOTE_FFLAGSMASK}, - {"NOTE_FFNOP", unix.NOTE_FFNOP}, - {"NOTE_FFOR", unix.NOTE_FFOR}, - {"NOTE_FORK", unix.NOTE_FORK}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_OOB", unix.NOTE_OOB}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRIGGER", unix.NOTE_TRIGGER}, {"NOTE_WRITE", unix.NOTE_WRITE}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go index f69fdb930f..b9e45f5551 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go @@ -6,37 +6,15 @@ var names = []struct { n string m uint32 }{ - {"NOTE_ABSTIME", unix.NOTE_ABSTIME}, - {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_CHILD", unix.NOTE_CHILD}, - {"NOTE_CLOSE", unix.NOTE_CLOSE}, - {"NOTE_CLOSE_WRITE", unix.NOTE_CLOSE_WRITE}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, + {"NOTE_WRITE", unix.NOTE_WRITE}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FFAND", unix.NOTE_FFAND}, - {"NOTE_FFCOPY", unix.NOTE_FFCOPY}, - {"NOTE_FFCTRLMASK", unix.NOTE_FFCTRLMASK}, - {"NOTE_FFLAGSMASK", unix.NOTE_FFLAGSMASK}, - {"NOTE_FFNOP", unix.NOTE_FFNOP}, - {"NOTE_FFOR", unix.NOTE_FFOR}, - {"NOTE_FILE_POLL", unix.NOTE_FILE_POLL}, - {"NOTE_FORK", unix.NOTE_FORK}, + {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_MSECONDS", unix.NOTE_MSECONDS}, - {"NOTE_NSECONDS", unix.NOTE_NSECONDS}, - {"NOTE_OPEN", unix.NOTE_OPEN}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, - {"NOTE_READ", unix.NOTE_READ}, {"NOTE_RENAME", unix.NOTE_RENAME}, {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_SECONDS", unix.NOTE_SECONDS}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRIGGER", unix.NOTE_TRIGGER}, - {"NOTE_USECONDS", unix.NOTE_USECONDS}, - {"NOTE_WRITE", unix.NOTE_WRITE}, + {"NOTE_OPEN", unix.NOTE_OPEN}, + {"NOTE_CLOSE", unix.NOTE_CLOSE}, + {"NOTE_CLOSE_WRITE", unix.NOTE_CLOSE_WRITE}, + {"NOTE_READ", unix.NOTE_READ}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go index 607e683bd7..5d8116436d 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go @@ -27,6 +27,6 @@ func Debug(name string, kevent *unix.Kevent_t) { if unknown > 0 { l = append(l, fmt.Sprintf("0x%x", unknown)) } - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s %10d:%-60s → %q\n", + fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s %10d:%-20s → %q\n", time.Now().Format("15:04:05.000000000"), mask, strings.Join(l, " | "), name) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go index e5b3b6f694..7600180742 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go @@ -7,19 +7,9 @@ var names = []struct { m uint32 }{ {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_CHILD", unix.NOTE_CHILD}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FORK", unix.NOTE_FORK}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, {"NOTE_WRITE", unix.NOTE_WRITE}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go index 1dd455bc5a..871766d699 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go @@ -7,22 +7,10 @@ var names = []struct { m uint32 }{ {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - // {"NOTE_CHANGE", unix.NOTE_CHANGE}, // Not on 386? - {"NOTE_CHILD", unix.NOTE_CHILD}, {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EOF", unix.NOTE_EOF}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FORK", unix.NOTE_FORK}, {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, {"NOTE_TRUNCATE", unix.NOTE_TRUNCATE}, {"NOTE_WRITE", unix.NOTE_WRITE}, } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go b/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go index 5ac8b50797..758a249052 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go @@ -15,17 +15,6 @@ var ( var maxfiles uint64 -func SetRlimit() { - // Go 1.19 will do this automatically: https://go-review.googlesource.com/c/go/+/393354/ - var l syscall.Rlimit - err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l) - if err == nil && l.Cur != l.Max { - l.Cur = l.Max - syscall.Setrlimit(syscall.RLIMIT_NOFILE, &l) - } - maxfiles = uint64(l.Cur) -} - func Maxfiles() uint64 { return maxfiles } func Mkfifo(path string, mode uint32) error { return unix.Mkfifo(path, mode) } func Mknod(path string, mode uint32, dev int) error { return unix.Mknod(path, mode, uint64(dev)) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/unix.go b/vendor/github.com/fsnotify/fsnotify/internal/unix.go index b251fb8038..9c66f5d30d 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/unix.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/unix.go @@ -15,17 +15,6 @@ var ( var maxfiles uint64 -func SetRlimit() { - // Go 1.19 will do this automatically: https://go-review.googlesource.com/c/go/+/393354/ - var l syscall.Rlimit - err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l) - if err == nil && l.Cur != l.Max { - l.Cur = l.Max - syscall.Setrlimit(syscall.RLIMIT_NOFILE, &l) - } - maxfiles = uint64(l.Cur) -} - func Maxfiles() uint64 { return maxfiles } func Mkfifo(path string, mode uint32) error { return unix.Mkfifo(path, mode) } func Mknod(path string, mode uint32, dev int) error { return unix.Mknod(path, mode, dev) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/unix2.go b/vendor/github.com/fsnotify/fsnotify/internal/unix2.go index 37dfeddc28..b2d89592f7 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/unix2.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/unix2.go @@ -2,6 +2,24 @@ package internal +import "syscall" + func HasPrivilegesForSymlink() bool { return true } + +// IgnoringEINTR makes a function call and repeats it if it returns an +// EINTR error. This appears to be required even though we install all +// signal handlers with SA_RESTART: see #22838, #38033, #38836, #40846. +// Also #20400 and #36644 are issues in which a signal handler is +// installed without setting SA_RESTART. None of these are the common case, +// but there are enough of them that it seems that we can't avoid +// an EINTR loop. +func IgnoringEINTR[T any](fn func() (T, error)) (T, error) { + for { + v, err := fn() + if err != syscall.EINTR { + return v, err + } + } +} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/windows.go b/vendor/github.com/fsnotify/fsnotify/internal/windows.go index 896bc2e5a2..e24d569264 100644 --- a/vendor/github.com/fsnotify/fsnotify/internal/windows.go +++ b/vendor/github.com/fsnotify/fsnotify/internal/windows.go @@ -14,7 +14,6 @@ var ( ErrUnixEACCES = errors.New("dummy") ) -func SetRlimit() {} func Maxfiles() uint64 { return 1<<64 - 1 } func Mkfifo(path string, mode uint32) error { return errors.New("no FIFOs on Windows") } func Mknod(path string, mode uint32, dev int) error { return errors.New("no device nodes on Windows") } diff --git a/vendor/github.com/fxamacker/cbor/v2/README.md b/vendor/github.com/fxamacker/cbor/v2/README.md index f9ae78ec9e..7aca561095 100644 --- a/vendor/github.com/fxamacker/cbor/v2/README.md +++ b/vendor/github.com/fxamacker/cbor/v2/README.md @@ -683,7 +683,7 @@ because RFC 8949 treats CBOR data item with remaining bytes as malformed. Other useful functions: - `Diagnose`, `DiagnoseFirst` produce human-readable [Extended Diagnostic Notation](https://www.rfc-editor.org/rfc/rfc8610.html#appendix-G) from CBOR data. - `UnmarshalFirst` decodes first CBOR data item and return any remaining bytes. -- `Wellformed` returns true if the CBOR data item is well-formed. +- `Wellformed` returns nil error if the CBOR data item is well-formed. Interfaces identical or comparable to Go `encoding` packages include: `Marshaler`, `Unmarshaler`, `BinaryMarshaler`, and `BinaryUnmarshaler`. @@ -702,27 +702,29 @@ Default limits may need to be increased for systems handling very large data (e. ## Status -v2.9.1 (Mar 29-30, 2026) includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests. +v2.9.2 (Sunday, May 3, 2026) refactors and hardens the streaming encoder by adding stricter checks for encoding to CBOR indefinite-length data. This prevents improper use of this library from producing malformed CBOR indefinite-length data that would be rejected by the decoder. -v2.9.1 passed fuzz tests and is production quality. +This release includes other bugfixes, defensive checks, and added more tests. -The minimum version of Go required to build: -- v2.8.0 and newer releases require go 1.20+. -- v2.7.1 and older releases require go 1.17+. +v2.9.2 passed fuzz tests (billions of executions) and is production quality. -For more details, see [v2.9.1 release notes](https://github.com/fxamacker/cbor/releases). +For more details, see [v2.9.2 release notes](https://github.com/fxamacker/cbor/releases). ### Prior Releases -[v2.9.0](https://github.com/fxamacker/cbor/releases/tag/v2.9.0) (Jul 13, 2025) improved interoperability/transcoding between CBOR & JSON, refactored tests, and improved docs. It passed fuzz tests (billions of executions) and is production quality. +Releases and commits tend to be on Sundays because my work schedule didn't leave time to work on this during weekdays (sometimes consecutive weekends and consecutive Christmas breaks, too). Monday morning releases were to allow more fuzzing to run overnight before clicking the release button. -[v2.8.0](https://github.com/fxamacker/cbor/releases/tag/v2.8.0) (March 30, 2025) is a small release primarily to add `omitzero` option to struct field tags and fix bugs. It passed fuzz tests (billions of executions) and is production quality. +[v2.9.1](https://github.com/fxamacker/cbor/releases/tag/v2.9.1) (Monday, Mar 30, 2026) includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests. It passed fuzz tests (billions of executions) and is production quality. -[v2.7.0](https://github.com/fxamacker/cbor/releases/tag/v2.7.0) (June 23, 2024) adds features and improvements that help large projects (e.g. Kubernetes) use CBOR as an alternative to JSON and Protocol Buffers. Other improvements include speedups, improved memory use, bug fixes, new serialization options, etc. It passed fuzz tests (5+ billion executions) and is production quality. +[v2.9.0](https://github.com/fxamacker/cbor/releases/tag/v2.9.0) (Sunday, Jul 13, 2025) improved interoperability/transcoding between CBOR & JSON, refactored tests, and improved docs. It passed fuzz tests (billions of executions) and is production quality. -[v2.6.0](https://github.com/fxamacker/cbor/releases/tag/v2.6.0) (February 2024) adds important new features, optimizations, and bug fixes. It is especially useful to systems that need to convert data between CBOR and JSON. New options and optimizations improve handling of bignum, integers, maps, and strings. +[v2.8.0](https://github.com/fxamacker/cbor/releases/tag/v2.8.0) (Sunday, March 30, 2025) is a small release primarily to add `omitzero` option to struct field tags and fix bugs. It passed fuzz tests (billions of executions) and is production quality. -[v2.5.0](https://github.com/fxamacker/cbor/releases/tag/v2.5.0) was released on Sunday, August 13, 2023 with new features and important bug fixes. It is fuzz tested and production quality after extended beta [v2.5.0-beta](https://github.com/fxamacker/cbor/releases/tag/v2.5.0-beta) (Dec 2022) -> [v2.5.0](https://github.com/fxamacker/cbor/releases/tag/v2.5.0) (Aug 2023). +[v2.7.0](https://github.com/fxamacker/cbor/releases/tag/v2.7.0) (Monday, June 23, 2024) adds features and improvements that help large projects (e.g. Kubernetes) use CBOR as an alternative to JSON and Protocol Buffers. Other improvements include speedups, improved memory use, bug fixes, new serialization options, etc. It passed fuzz tests (5+ billion executions) and is production quality. + +[v2.6.0](https://github.com/fxamacker/cbor/releases/tag/v2.6.0) (Sunday, Feb 11, 2024) adds important new features, optimizations, and bug fixes. It is especially useful to systems that need to convert data between CBOR and JSON. New options and optimizations improve handling of bignum, integers, maps, and strings. + +[v2.5.0](https://github.com/fxamacker/cbor/releases/tag/v2.5.0) (Sunday, August 13, 2023) adds new features and important bug fixes. It is fuzz tested and production quality after extended beta [v2.5.0-beta](https://github.com/fxamacker/cbor/releases/tag/v2.5.0-beta) (Dec 2022) -> [v2.5.0](https://github.com/fxamacker/cbor/releases/tag/v2.5.0) (Aug 2023). __IMPORTANT__: 👉 Before upgrading from v2.4 or older release, please read the notable changes highlighted in the release notes. v2.5.0 is a large release with bug fixes to error handling for extraneous data in `Unmarshal`, etc. that should be reviewed before upgrading. diff --git a/vendor/github.com/fxamacker/cbor/v2/decode.go b/vendor/github.com/fxamacker/cbor/v2/decode.go index 03fd7f8b04..1d3e63d068 100644 --- a/vendor/github.com/fxamacker/cbor/v2/decode.go +++ b/vendor/github.com/fxamacker/cbor/v2/decode.go @@ -2263,7 +2263,7 @@ func (d *decoder) applyByteStringTextConversion( default: // If this happens, there is a bug: the decoder has pushed an invalid // "expected later encoding" tag to the stack. - panic(fmt.Sprintf("unrecognized expected later encoding tag: %d", d.expectedLaterEncodingTags)) + panic(fmt.Sprintf("unrecognized expected later encoding tag: %d", d.expectedLaterEncodingTags[len(d.expectedLaterEncodingTags)-1])) } case reflect.Slice: diff --git a/vendor/github.com/fxamacker/cbor/v2/doc.go b/vendor/github.com/fxamacker/cbor/v2/doc.go index c758b73748..e4c1d27b8d 100644 --- a/vendor/github.com/fxamacker/cbor/v2/doc.go +++ b/vendor/github.com/fxamacker/cbor/v2/doc.go @@ -56,20 +56,30 @@ modes won't accidentally change at runtime after they're created. Modes are intended to be reused and are safe for concurrent use. -EncMode and DecMode Interfaces +EncMode, UserBufferEncMode, and DecMode Interfaces // EncMode interface uses immutable options and is safe for concurrent use. type EncMode interface { - Marshal(v interface{}) ([]byte, error) + Marshal(v any) ([]byte, error) NewEncoder(w io.Writer) *Encoder - EncOptions() EncOptions // returns copy of options + EncOptions() EncOptions + } + + // UserBufferEncMode extends EncMode with MarshalToBuffer, which supports + // user specified buffer rather than encoding into the built-in buffer pool. + type UserBufferEncMode interface { + EncMode + MarshalToBuffer(v any, buf *bytes.Buffer) error } // DecMode interface uses immutable options and is safe for concurrent use. type DecMode interface { - Unmarshal(data []byte, v interface{}) error + Unmarshal(data []byte, v any) error + UnmarshalFirst(data []byte, v any) (rest []byte, err error) + Valid(data []byte) error // Deprecated: use Wellformed instead. + Wellformed(data []byte) error NewDecoder(r io.Reader) *Decoder - DecOptions() DecOptions // returns copy of options + DecOptions() DecOptions } Using Default Encoding Mode diff --git a/vendor/github.com/fxamacker/cbor/v2/stream.go b/vendor/github.com/fxamacker/cbor/v2/stream.go index da4c8f210f..282b3f7ddc 100644 --- a/vendor/github.com/fxamacker/cbor/v2/stream.go +++ b/vendor/github.com/fxamacker/cbor/v2/stream.go @@ -6,6 +6,7 @@ package cbor import ( "bytes" "errors" + "fmt" "io" "reflect" ) @@ -157,11 +158,32 @@ func (dec *Decoder) overwriteBuf(newBuf []byte) { dec.off = 0 } +// indefDataItem tracks open indefinite-length data item during encoding. +// typ is the CBOR type of the indefinite-length data item. +// count is the number of items written so far. +// For indefinite-length maps, count must be even (key/value pairs) when +// the container is closed. +type indefDataItem struct { + typ cborType + count int +} + +// IndefiniteLengthMapOddItemCountError indicates that EndIndefinite was +// called on an open indefinite-length map with an odd number of items. +type IndefiniteLengthMapOddItemCountError struct { + count int +} + +func (e *IndefiniteLengthMapOddItemCountError) Error() string { + return fmt.Sprintf("cbor: cannot end indefinite-length map with %d item(s)", e.count) +} + // Encoder writes CBOR values to io.Writer. type Encoder struct { - w io.Writer - em *encMode - indefTypes []cborType + w io.Writer + em *encMode + indefs []indefDataItem + scratch [1]byte // reused for single-byte writes (indefinite-length head and break code) } // NewEncoder returns a new encoder that writes to w using the default encoding options. @@ -171,37 +193,40 @@ func NewEncoder(w io.Writer) *Encoder { // Encode writes the CBOR encoding of v. func (enc *Encoder) Encode(v any) error { - if len(enc.indefTypes) > 0 { - switch enc.indefTypes[len(enc.indefTypes)-1] { - case cborTypeTextString: - if v == nil { - return errors.New("cbor: cannot encode nil for indefinite-length text string") - } - k := reflect.TypeOf(v).Kind() - if k != reflect.String { - return errors.New("cbor: cannot encode item type " + k.String() + " for indefinite-length text string") - } - case cborTypeByteString: - if v == nil { - return errors.New("cbor: cannot encode nil for indefinite-length byte string") - } - t := reflect.TypeOf(v) - k := t.Kind() - if (k != reflect.Array && k != reflect.Slice) || t.Elem().Kind() != reflect.Uint8 { - return errors.New("cbor: cannot encode item type " + k.String() + " for indefinite-length byte string") - } + if len(enc.indefs) > 0 { + err := validateIndefiniteLengthChunkByType(enc.indefs[len(enc.indefs)-1].typ, v) + if err != nil { + return err } } buf := getEncodeBuffer() err := encode(buf, enc.em, reflect.ValueOf(v)) + + // Validate the encoded chunk against the indefinite-length data item using a byte-based check. + // This reliably detects chunks from cbor.Marshaler, registered tags, StringToByteString, etc., + // which may produce a chunk inconsistent with the parent's major type. + // Applies only to indefinite-length byte/text string parents (RFC 8949 Section 3.2.3). + if err == nil && len(enc.indefs) > 0 { + err = validateIndefiniteLengthChunkByData(enc.indefs[len(enc.indefs)-1].typ, buf.Bytes(), v) + } + if err == nil { _, err = enc.w.Write(buf.Bytes()) } putEncodeBuffer(buf) - return err + + if err != nil { + return err + } + + if len(enc.indefs) > 0 { + enc.indefs[len(enc.indefs)-1].count++ + } + + return nil } // StartIndefiniteByteString starts indefinite-length byte string encoding. @@ -233,37 +258,101 @@ func (enc *Encoder) StartIndefiniteMap() error { } // EndIndefinite closes last opened indefinite-length value. +// It returns *IndefiniteLengthMapOddItemCountError without writing the +// "break" code if the open indefinite-length map has an odd number of +// items; the encoder state is unchanged so the caller can write the +// missing value and retry. func (enc *Encoder) EndIndefinite() error { - if len(enc.indefTypes) == 0 { + if len(enc.indefs) == 0 { return errors.New("cbor: cannot encode \"break\" code outside indefinite length values") } - _, err := enc.w.Write([]byte{cborBreakFlag}) - if err == nil { - enc.indefTypes = enc.indefTypes[:len(enc.indefTypes)-1] + + // Verify that indefinite-length map has even number of elements + top := enc.indefs[len(enc.indefs)-1] + if top.typ == cborTypeMap && top.count%2 != 0 { + return &IndefiniteLengthMapOddItemCountError{count: top.count} } - return err + + // Write break code + enc.scratch[0] = cborBreakFlag + _, err := enc.w.Write(enc.scratch[:]) + if err != nil { + return err + } + + enc.indefs = enc.indefs[:len(enc.indefs)-1] + + // Increment parent container's item count because the child + // (indefinite-length data item) is fully written to the stream. + if len(enc.indefs) > 0 { + enc.indefs[len(enc.indefs)-1].count++ + } + + return nil } func (enc *Encoder) startIndefinite(typ cborType) error { if enc.em.indefLength == IndefLengthForbidden { return &IndefiniteLengthError{typ} } - var head byte - switch typ { - case cborTypeByteString: - head = cborByteStringWithIndefiniteLengthHead - case cborTypeTextString: - head = cborTextStringWithIndefiniteLengthHead - case cborTypeArray: - head = cborArrayWithIndefiniteLengthHead - case cborTypeMap: - head = cborMapWithIndefiniteLengthHead + + // Verify that new indefinite-length data item is not a chunk in indefinite-length byte/text string. + if len(enc.indefs) > 0 { + parent := enc.indefs[len(enc.indefs)-1].typ + if parent == cborTypeByteString || parent == cborTypeTextString { + return errors.New("cbor: cannot encode indefinite-length " + typ.String() + + " as chunk of indefinite-length " + parent.String()) + } } - _, err := enc.w.Write([]byte{head}) - if err == nil { - enc.indefTypes = append(enc.indefTypes, typ) + + // Write indefinite-length head. + enc.scratch[0] = byte(typ) | additionalInformationAsIndefiniteLengthFlag + _, err := enc.w.Write(enc.scratch[:]) + if err != nil { + return err } - return err + + enc.indefs = append(enc.indefs, indefDataItem{typ: typ}) + return nil +} + +// validateIndefiniteLengthChunkByType rejects chunks based solely on their Go type. +func validateIndefiniteLengthChunkByType(indefiniteLengthCborType cborType, v any) error { + if indefiniteLengthCborType != cborTypeByteString && + indefiniteLengthCborType != cborTypeTextString { + return nil + } + if v == nil { + return errors.New("cbor: cannot encode nil for indefinite-length " + indefiniteLengthCborType.String()) + } + return nil +} + +// validateIndefiniteLengthChunkByData checks that chunk is a definite-length +// CBOR data item with a matching major type. +// No-op for indefinite-length array/map, where any data item is valid. +func validateIndefiniteLengthChunkByData(indefiniteLengthCborType cborType, chunk []byte, v any) error { + if indefiniteLengthCborType != cborTypeByteString && + indefiniteLengthCborType != cborTypeTextString { + return nil + } + + if len(chunk) == 0 { + return errors.New("cbor: cannot encode item type " + reflect.TypeOf(v).Kind().String() + + " for indefinite-length " + indefiniteLengthCborType.String()) + } + + t, ai := parseInitialByte(chunk[0]) + if t != indefiniteLengthCborType { + return errors.New("cbor: cannot encode item type " + reflect.TypeOf(v).Kind().String() + + " for indefinite-length " + indefiniteLengthCborType.String()) + } + + if ai == additionalInformationAsIndefiniteLengthFlag { + return errors.New("cbor: cannot encode indefinite-length " + indefiniteLengthCborType.String() + + " as chunk of indefinite-length " + indefiniteLengthCborType.String()) + } + return nil } // RawMessage is a raw encoded CBOR value. diff --git a/vendor/github.com/fxamacker/cbor/v2/tag.go b/vendor/github.com/fxamacker/cbor/v2/tag.go index bd8b773f54..ee46e74213 100644 --- a/vendor/github.com/fxamacker/cbor/v2/tag.go +++ b/vendor/github.com/fxamacker/cbor/v2/tag.go @@ -155,6 +155,7 @@ type TagSet interface { Add(opts TagOptions, contentType reflect.Type, num uint64, nestedNum ...uint64) error // Remove removes given tag content type from TagSet. + // Remove is a no-op if contentType is nil. Remove(contentType reflect.Type) tagProvider @@ -245,7 +246,11 @@ func (t *syncTagSet) Add(opts TagOptions, contentType reflect.Type, num uint64, } // Remove removes given tag content type from TagSet. +// Remove is a no-op if contentType is nil. func (t *syncTagSet) Remove(contentType reflect.Type) { + if contentType == nil { + return + } for contentType.Kind() == reflect.Pointer { contentType = contentType.Elem() } diff --git a/vendor/github.com/go-jose/go-jose/v4/asymmetric.go b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go index f8d5774ef5..7784cd4584 100644 --- a/vendor/github.com/go-jose/go-jose/v4/asymmetric.go +++ b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go @@ -414,6 +414,9 @@ func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) { // Decrypt the given payload and return the content encryption key. func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { + if recipient == nil { + return nil, errors.New("go-jose/go-jose: missing recipient") + } epk, err := headers.getEPK() if err != nil { return nil, errors.New("go-jose/go-jose: invalid epk header") @@ -461,13 +464,18 @@ func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientI return nil, ErrUnsupportedAlgorithm } + encryptedKey := recipient.encryptedKey + if len(encryptedKey) == 0 { + return nil, errors.New("go-jose/go-jose: missing JWE Encrypted Key") + } + key := deriveKey(string(algorithm), keySize) block, err := aes.NewCipher(key) if err != nil { return nil, err } - return josecipher.KeyUnwrap(block, recipient.encryptedKey) + return josecipher.KeyUnwrap(block, encryptedKey) } func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go index b9effbca8a..a2f86e3db9 100644 --- a/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go @@ -66,12 +66,20 @@ func KeyWrap(block cipher.Block, cek []byte) ([]byte, error) { } // KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher. +// +// https://datatracker.ietf.org/doc/html/rfc7518#section-4.4 +// https://datatracker.ietf.org/doc/html/rfc7518#section-4.6 +// https://datatracker.ietf.org/doc/html/rfc7518#section-4.8 func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error) { + n := (len(ciphertext) / 8) - 1 + if n <= 0 { + return nil, errors.New("go-jose/go-jose: JWE Encrypted Key too short") + } + if len(ciphertext)%8 != 0 { return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks") } - n := (len(ciphertext) / 8) - 1 r := make([][]byte, n) for i := range r { diff --git a/vendor/github.com/go-jose/go-jose/v4/symmetric.go b/vendor/github.com/go-jose/go-jose/v4/symmetric.go index 09efefb265..f2ff29e179 100644 --- a/vendor/github.com/go-jose/go-jose/v4/symmetric.go +++ b/vendor/github.com/go-jose/go-jose/v4/symmetric.go @@ -366,11 +366,21 @@ func (ctx *symmetricKeyCipher) encryptKey(cek []byte, alg KeyAlgorithm) (recipie // Decrypt the content encryption key. func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { - switch headers.getAlgorithm() { - case DIRECT: - cek := make([]byte, len(ctx.key)) - copy(cek, ctx.key) - return cek, nil + if recipient == nil { + return nil, fmt.Errorf("go-jose/go-jose: missing recipient") + } + + alg := headers.getAlgorithm() + if alg == DIRECT { + return bytes.Clone(ctx.key), nil + } + + encryptedKey := recipient.encryptedKey + if len(encryptedKey) == 0 { + return nil, fmt.Errorf("go-jose/go-jose: missing JWE Encrypted Key") + } + + switch alg { case A128GCMKW, A192GCMKW, A256GCMKW: aead := newAESGCM(len(ctx.key)) @@ -385,7 +395,7 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien parts := &aeadParts{ iv: iv.bytes(), - ciphertext: recipient.encryptedKey, + ciphertext: encryptedKey, tag: tag.bytes(), } @@ -401,7 +411,7 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien return nil, err } - cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey) + cek, err := josecipher.KeyUnwrap(block, encryptedKey) if err != nil { return nil, err } @@ -445,7 +455,7 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien return nil, err } - cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey) + cek, err := josecipher.KeyUnwrap(block, encryptedKey) if err != nil { return nil, err } diff --git a/vendor/github.com/go-openapi/analysis/.gitignore b/vendor/github.com/go-openapi/analysis/.gitignore index d8f4186fe5..20c4e0fa04 100644 --- a/vendor/github.com/go-openapi/analysis/.gitignore +++ b/vendor/github.com/go-openapi/analysis/.gitignore @@ -3,3 +3,5 @@ .idea .env .mcp.json +go.work.sum +.worktrees diff --git a/vendor/github.com/go-openapi/analysis/CONTRIBUTORS.md b/vendor/github.com/go-openapi/analysis/CONTRIBUTORS.md index 2f85f1c050..c793ad2502 100644 --- a/vendor/github.com/go-openapi/analysis/CONTRIBUTORS.md +++ b/vendor/github.com/go-openapi/analysis/CONTRIBUTORS.md @@ -4,24 +4,31 @@ | Total Contributors | Total Contributions | | --- | --- | -| 15 | 207 | +| 22 | 271 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | -| @fredbi | 104 | | -| @casualjim | 70 | | +| @fredbi | 131 | | +| @casualjim | 91 | | | @keramix | 9 | | | @youyuanwu | 8 | | -| @msample | 3 | | +| @wjase | 7 | | | @kul-amr | 3 | | +| @schafle | 3 | | +| @msample | 3 | | | @mbohlool | 2 | | -| @Copilot | 1 | | -| @danielfbm | 1 | | -| @gregmarr | 1 | | -| @guillemj | 1 | | -| @knweiss | 1 | | -| @tklauser | 1 | | -| @cuishuang | 1 | | +| @zmay2030 | 2 | | | @ujjwalsh | 1 | | +| @itengfei | 1 | | +| @nrnrk | 1 | | +| @cuishuang | 1 | | +| @tklauser | 1 | | +| @Shimizu1111 | 1 | | +| @thaJeztah | 1 | | +| @knweiss | 1 | | +| @guillemj | 1 | | +| @gregmarr | 1 | | +| @danielfbm | 1 | | +| @Copilot | 1 | | _this file was generated by the [Contributors GitHub Action](https://github.com/github-community-projects/contributors)_ diff --git a/vendor/github.com/go-openapi/analysis/README.md b/vendor/github.com/go-openapi/analysis/README.md index 82c782fcdd..2a90462974 100644 --- a/vendor/github.com/go-openapi/analysis/README.md +++ b/vendor/github.com/go-openapi/analysis/README.md @@ -12,18 +12,15 @@ --- -A foundational library to analyze an OAI specification document for easier reasoning about the content. +A foundational library to analyze, diff, flatten, merge, and fix OAI specification documents for easier reasoning about the content. ## Announcements * **2025-12-19** : new community chat on discord * a new discord community channel is available to be notified of changes and support users - * our venerable Slack channel remains open, and will be eventually discontinued on **2026-03-31** You may join the discord community by clicking the invite link on the discord badge (also above). [![Discord Channel][discord-badge]][discord-url] -Or join our Slack channel: [![Slack Channel][slack-logo]![slack-badge]][slack-url] - ## Status API is stable. @@ -38,6 +35,7 @@ go get github.com/go-openapi/analysis * An analyzer providing methods to walk the functional content of a specification * A spec flattener producing a self-contained document bundle, while preserving `$ref`s +* A spec differ ("diff") to compare two specs and report structural and compatibility changes * A spec merger ("mixin") to merge several spec documents into a primary spec * A spec "fixer" ensuring that response descriptions are non empty @@ -78,9 +76,9 @@ on top of which it has been built. ## Other documentation * [All-time contributors](./CONTRIBUTORS.md) -* [Contributing guidelines](.github/CONTRIBUTING.md) -* [Maintainers documentation](docs/MAINTAINERS.md) -* [Code style](docs/STYLE.md) +* [Contributing guidelines][contributing-doc-site] +* [Maintainers documentation][maintainers-doc-site] +* [Code style][style-doc-site] ## Cutting a new release @@ -111,9 +109,6 @@ Maintainers can cut a new release by either: [godoc-badge]: https://pkg.go.dev/badge/github.com/go-openapi/analysis [godoc-url]: http://pkg.go.dev/github.com/go-openapi/analysis -[slack-logo]: https://a.slack-edge.com/e6a93c1/img/icons/favicon-32.png -[slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM -[slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue [discord-url]: https://discord.gg/FfnFYaC3k5 @@ -125,3 +120,7 @@ Maintainers can cut a new release by either: [goversion-url]: https://github.com/go-openapi/analysis/blob/master/go.mod [top-badge]: https://img.shields.io/github/languages/top/go-openapi/analysis [commits-badge]: https://img.shields.io/github/commits-since/go-openapi/analysis/latest + +[contributing-doc-site]: https://go-openapi.github.io/doc-site/contributing/contributing/index.html +[maintainers-doc-site]: https://go-openapi.github.io/doc-site/maintainers/index.html +[style-doc-site]: https://go-openapi.github.io/doc-site/contributing/style/index.html diff --git a/vendor/github.com/go-openapi/analysis/analyzer.go b/vendor/github.com/go-openapi/analysis/analyzer.go index 1c91b8c550..c24811aaeb 100644 --- a/vendor/github.com/go-openapi/analysis/analyzer.go +++ b/vendor/github.com/go-openapi/analysis/analyzer.go @@ -145,19 +145,27 @@ type Spec struct { enums enumAnalysis allSchemas map[string]SchemaRef allOfs map[string]SchemaRef + mangler mangling.NameMangler } // New takes a swagger spec object and returns an analyzed spec document. // The analyzed document contains a number of indices that make it easier to // reason about semantics of a swagger specification for use in code generation // or validation etc. -func New(doc *spec.Swagger) *Spec { +func New(doc *spec.Swagger, opts ...Option) *Spec { + o := &analyzerOptions{} + for _, opt := range opts { + opt(o) + } + a := &Spec{ spec: doc, references: referenceAnalysis{}, patterns: patternAnalysis{}, enums: enumAnalysis{}, + mangler: mangling.NewNameMangler(o.manglerOpts...), } + a.reset() a.initialize() @@ -288,20 +296,6 @@ func (s *Spec) ProducesFor(operation *spec.Operation) []string { return s.structMapKeys(prod) } -func mapKeyFromParam(param *spec.Parameter) string { - return fmt.Sprintf("%s#%s", param.In, fieldNameFromParam(param)) -} - -func fieldNameFromParam(param *spec.Parameter) string { - // TODO: this should be x-go-name - if nm, ok := param.Extensions.GetString("go-name"); ok { - return nm - } - mangler := mangling.NewNameMangler() - - return mangler.ToGoName(param.Name) -} - // ErrorOnParamFunc is a callback function to be invoked // whenever an error is encountered while resolving references // on parameters. @@ -651,6 +645,19 @@ func (s *Spec) AllEnums() map[string][]any { return cloneEnumMap(s.enums.allEnums) } +func (s *Spec) mapKeyFromParam(param *spec.Parameter) string { + return fmt.Sprintf("%s#%s", param.In, s.fieldNameFromParam(param)) +} + +func (s *Spec) fieldNameFromParam(param *spec.Parameter) string { + // TODO: this should be x-go-name + if nm, ok := param.Extensions.GetString("go-name"); ok { + return nm + } + + return s.mangler.ToGoName(param.Name) +} + func (s *Spec) structMapKeys(mp map[string]struct{}) []string { if len(mp) == 0 { return nil @@ -668,7 +675,7 @@ func (s *Spec) paramsAsMap(parameters []spec.Parameter, res map[string]spec.Para for _, param := range parameters { pr := param if pr.Ref.String() == "" { - res[mapKeyFromParam(&pr)] = pr + res[s.mapKeyFromParam(&pr)] = pr continue } @@ -699,7 +706,7 @@ func (s *Spec) paramsAsMap(parameters []spec.Parameter, res map[string]spec.Para } pr = objAsParam - res[mapKeyFromParam(&pr)] = pr + res[s.mapKeyFromParam(&pr)] = pr } } diff --git a/vendor/github.com/go-openapi/analysis/flatten.go b/vendor/github.com/go-openapi/analysis/flatten.go index d7ee0064b6..1e5016664d 100644 --- a/vendor/github.com/go-openapi/analysis/flatten.go +++ b/vendor/github.com/go-openapi/analysis/flatten.go @@ -554,6 +554,7 @@ func updateRefParents(allRefs map[string]spec.Ref, r *newRef) { } } +//nolint:gocognit,gocyclo,cyclop // legacy from a lot of design choices that led to concentrate the complexity just here. func stripOAIGenForRef(opts *FlattenOpts, k string, r *newRef) (bool, error) { replacedWithComplex := false diff --git a/vendor/github.com/go-openapi/analysis/flatten_name.go b/vendor/github.com/go-openapi/analysis/flatten_name.go index 922cae55c5..9d73217184 100644 --- a/vendor/github.com/go-openapi/analysis/flatten_name.go +++ b/vendor/github.com/go-openapi/analysis/flatten_name.go @@ -273,9 +273,9 @@ func mangler(o *FlattenOpts) func(string) string { if o.KeepNames { return func(in string) string { return in } } - mangler := mangling.NewNameMangler() + m := mangling.NewNameMangler(o.ManglerOpts...) - return mangler.ToJSONName + return m.ToJSONName } func nameFromRef(ref spec.Ref, o *FlattenOpts) string { diff --git a/vendor/github.com/go-openapi/analysis/flatten_options.go b/vendor/github.com/go-openapi/analysis/flatten_options.go index 23a57ea1ac..0984941fde 100644 --- a/vendor/github.com/go-openapi/analysis/flatten_options.go +++ b/vendor/github.com/go-openapi/analysis/flatten_options.go @@ -7,6 +7,7 @@ import ( "log" "github.com/go-openapi/spec" + "github.com/go-openapi/swag/mangling" ) // FlattenOpts configuration for flattening a swagger specification. @@ -24,12 +25,13 @@ type FlattenOpts struct { BasePath string // The location of the root document for this spec to resolve relative $ref // Flattening options - Expand bool // When true, skip flattening the spec and expand it instead (if Minimal is false) - Minimal bool // When true, do not decompose complex structures such as allOf - Verbose bool // enable some reporting on possible name conflicts detected - RemoveUnused bool // When true, remove unused parameters, responses and definitions after expansion/flattening - ContinueOnError bool // Continue when spec expansion issues are found - KeepNames bool // Do not attempt to jsonify names from references when flattening + Expand bool // When true, skip flattening the spec and expand it instead (if Minimal is false) + Minimal bool // When true, do not decompose complex structures such as allOf + Verbose bool // enable some reporting on possible name conflicts detected + RemoveUnused bool // When true, remove unused parameters, responses and definitions after expansion/flattening + ContinueOnError bool // Continue when spec expansion issues are found + KeepNames bool // Do not attempt to jsonify names from references when flattening + ManglerOpts []mangling.Option // Options for the name mangler used to jsonify names /* Extra keys */ _ struct{} // require keys diff --git a/vendor/github.com/go-openapi/analysis/go.work.sum b/vendor/github.com/go-openapi/analysis/go.work.sum deleted file mode 100644 index 899a68976e..0000000000 --- a/vendor/github.com/go-openapi/analysis/go.work.sum +++ /dev/null @@ -1,47 +0,0 @@ -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/montanaflynn/stats v0.7.1/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= -github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30 h1:BHT1/DKsYDGkUgQ2jmMaozVcdk+sVfz0+1ZJq4zkWgw= -github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= -github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4= -github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM= -github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= -github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.mongodb.org/mongo-driver v1.17.6 h1:87JUG1wZfWsr6rIz3ZmpH90rL5tea7O3IHuSwHUpsss= -go.mongodb.org/mongo-driver v1.17.6/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ= -golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= -golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= -golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= -golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= -golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= -golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU= -golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= -golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= -golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= -golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= -golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4 h1:bTLqdHv7xrGlFbvf5/TXNxy/iUwwdkjhqQTJDjW7aj0= -golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4/go.mod h1:g5NllXBEermZrmR51cJDQxmJUHUOfRAaNyWBM+R+548= -golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= -golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= -golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= -golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= -golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= -golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= diff --git a/vendor/github.com/go-openapi/analysis/mixin.go b/vendor/github.com/go-openapi/analysis/mixin.go index a7a9306cb3..ab15644f68 100644 --- a/vendor/github.com/go-openapi/analysis/mixin.go +++ b/vendor/github.com/go-openapi/analysis/mixin.go @@ -11,37 +11,66 @@ import ( "github.com/go-openapi/spec" ) -// Mixin modifies the primary swagger spec by adding the paths and -// definitions from the mixin specs. Top level parameters and -// responses from the mixins are also carried over. Operation id -// collisions are avoided by appending "Mixin" but only if -// needed. +// Mixin merges one or more Swagger 2.0 documents into a primary document. // -// The following parts of primary are subject to merge, filling empty details +// # Argument order and precedence // -// - Info +// The first argument is the primary spec, which Mixin modifies in place. +// Subsequent arguments are mixins, listed in decreasing order of priority. +// On any collision, the primary always wins; among mixins, the earliest one +// wins. +// +// Example: given a primary spec with host "a.example.com" and a mixin with +// host "b.example.com", the merged result keeps "a.example.com" (primary +// wins, the mixin value is dropped). Given a primary without a host and a +// mixin with host "b.example.com", the merged result uses "b.example.com" +// (the mixin fills in the empty field on the primary). +// +// # What gets merged +// +// Top-level scalar fields on the primary are filled from the first mixin +// that provides them, but only if the primary's value is the zero value: +// +// - Info (including the nested Contact and License) // - BasePath // - Host // - ExternalDocs // -// Consider calling [FixEmptyResponseDescriptions]() on the modified primary -// if you read them from storage and they are valid to start with. +// Map and slice fields are merged entry by entry. This covers: +// +// - paths, definitions, parameters, responses +// - securityDefinitions, security, tags +// - top-level and Info extensions +// +// Duplicate keys (or equal security requirements, or equal tag names) are +// skipped with a warning; warnings are returned as a slice and intended to +// be inspected by the caller (e.g. compared to an expected collision count +// in build scripts). +// +// Schemes, consumes and produces are merged as the union of distinct +// values. Duplicates there are silently dropped, no warning is emitted. +// +// Operation id collisions are auto-resolved by appending "Mixin" to the +// mixin operation id (N is the mixin index), so the merged spec keeps +// unique operation ids. +// +// # Notes and limitations // -// Entries in "paths", "definitions", "parameters" and "responses" are -// added to the primary in the order of the given mixins. If the entry -// already exists in primary it is skipped with a warning message. +// Consider calling [FixEmptyResponseDescriptions] on the modified primary +// if you read responses from storage and they are valid to start with. // -// The count of skipped entries (from collisions) is returned so any -// deviation from the number expected can flag a warning in your build -// scripts. Carefully review the collisions before accepting them; -// consider renaming things if possible. +// No key normalization takes place. Ensure paths, type names, etc. are +// canonical if your downstream tools rely on normalized forms. // -// No key normalization takes place (paths, type defs, -// etc). Ensure they are canonical if your downstream tools do -// key normalization of any form. +// YAML anchors (& / *) are resolved by the YAML parser before Mixin sees +// the document, so they are not preserved in the merged output, and they +// cannot be shared across input files. Use $ref for cross-file reuse. See +// https://goswagger.io/go-swagger/faq/faq_swagger/#does-swagger-mixin-preserve-yaml-anchors // -// Merging schemes ([http], https), and consumers/producers do not account for -// collisions. +// The order of paths and definitions in the merged output is alphabetical: +// the underlying spec model stores them as Go maps, which serialize with +// sorted keys. Source-file order is not preserved. See +// https://goswagger.io/go-swagger/faq/faq_swagger/#can-i-control-the-path-or-operation-order-in-swagger-mixin-output func Mixin(primary *spec.Swagger, mixins ...*spec.Swagger) []string { skipped := make([]string, 0, len(mixins)) opIDs := getOpIDs(primary) diff --git a/vendor/github.com/go-openapi/analysis/options.go b/vendor/github.com/go-openapi/analysis/options.go new file mode 100644 index 0000000000..b46cd2ca69 --- /dev/null +++ b/vendor/github.com/go-openapi/analysis/options.go @@ -0,0 +1,21 @@ +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + +package analysis + +import "github.com/go-openapi/swag/mangling" + +// Option configures the behavior of a new [Spec] analyzer. +type Option func(*analyzerOptions) + +type analyzerOptions struct { + manglerOpts []mangling.Option +} + +// WithManglerOptions sets the name mangler options used when building +// Go identifiers from specification names (e.g. parameter names). +func WithManglerOptions(opts ...mangling.Option) Option { + return func(o *analyzerOptions) { + o.manglerOpts = append(o.manglerOpts, opts...) + } +} diff --git a/vendor/github.com/go-openapi/errors/.gitignore b/vendor/github.com/go-openapi/errors/.gitignore index 9364443a6f..96c4149a0b 100644 --- a/vendor/github.com/go-openapi/errors/.gitignore +++ b/vendor/github.com/go-openapi/errors/.gitignore @@ -3,5 +3,4 @@ .idea .env .mcp.json -.claude/ settings.local.json diff --git a/vendor/github.com/go-openapi/errors/CONTRIBUTORS.md b/vendor/github.com/go-openapi/errors/CONTRIBUTORS.md index d49e377a13..68b716b568 100644 --- a/vendor/github.com/go-openapi/errors/CONTRIBUTORS.md +++ b/vendor/github.com/go-openapi/errors/CONTRIBUTORS.md @@ -4,12 +4,12 @@ | Total Contributors | Total Contributions | | --- | --- | -| 13 | 110 | +| 13 | 115 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | | @casualjim | 58 | | -| @fredbi | 36 | | +| @fredbi | 41 | | | @youyuanwu | 5 | | | @alexandear | 2 | | | @fiorix | 1 | | @@ -22,4 +22,4 @@ | @aokumasan | 1 | | | @ujjwalsh | 1 | | - _this file was generated by the [Contributors GitHub Action](https://github.com/github/contributors)_ + _this file was generated by the [Contributors GitHub Action](https://github.com/github-community-projects/contributors)_ diff --git a/vendor/github.com/go-openapi/errors/README.md b/vendor/github.com/go-openapi/errors/README.md index d9f4a3f151..35e6b69ba8 100644 --- a/vendor/github.com/go-openapi/errors/README.md +++ b/vendor/github.com/go-openapi/errors/README.md @@ -106,7 +106,7 @@ Maintainers can cut a new release by either: [slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM [slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue -[discord-url]: https://discord.gg/twZ9BwT3 +[discord-url]: https://discord.gg/FfnFYaC3k5 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg diff --git a/vendor/github.com/go-openapi/jsonpointer/.cliff.toml b/vendor/github.com/go-openapi/jsonpointer/.cliff.toml deleted file mode 100644 index 702629f5dc..0000000000 --- a/vendor/github.com/go-openapi/jsonpointer/.cliff.toml +++ /dev/null @@ -1,181 +0,0 @@ -# git-cliff ~ configuration file -# https://git-cliff.org/docs/configuration - -[changelog] -header = """ -""" - -footer = """ - ------ - -**[{{ remote.github.repo }}]({{ self::remote_url() }}) license terms** - -[![License][license-badge]][license-url] - -[license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg -[license-url]: {{ self::remote_url() }}/?tab=Apache-2.0-1-ov-file#readme - -{%- macro remote_url() -%} - https://github.com/{{ remote.github.owner }}/{{ remote.github.repo }} -{%- endmacro -%} -""" - -body = """ -{%- if version %} -## [{{ version | trim_start_matches(pat="v") }}]({{ self::remote_url() }}/tree/{{ version }}) - {{ timestamp | date(format="%Y-%m-%d") }} -{%- else %} -## [unreleased] -{%- endif %} -{%- if message %} - {%- raw %}\n{% endraw %} -{{ message }} - {%- raw %}\n{% endraw %} -{%- endif %} -{%- if version %} - {%- if previous.version %} - -**Full Changelog**: <{{ self::remote_url() }}/compare/{{ previous.version }}...{{ version }}> - {%- endif %} -{%- else %} - {%- raw %}\n{% endraw %} -{%- endif %} - -{%- if statistics %}{% if statistics.commit_count %} - {%- raw %}\n{% endraw %} -{{ statistics.commit_count }} commits in this release. - {%- raw %}\n{% endraw %} -{%- endif %}{% endif %} ------ - -{%- for group, commits in commits | group_by(attribute="group") %} - {%- raw %}\n{% endraw %} -### {{ group | upper_first }} - {%- raw %}\n{% endraw %} - {%- for commit in commits %} - {%- if commit.remote.pr_title %} - {%- set commit_message = commit.remote.pr_title %} - {%- else %} - {%- set commit_message = commit.message %} - {%- endif %} -* {{ commit_message | split(pat="\n") | first | trim }} - {%- if commit.remote.username %} -{%- raw %} {% endraw %}by [@{{ commit.remote.username }}](https://github.com/{{ commit.remote.username }}) - {%- endif %} - {%- if commit.remote.pr_number %} -{%- raw %} {% endraw %}in [#{{ commit.remote.pr_number }}]({{ self::remote_url() }}/pull/{{ commit.remote.pr_number }}) - {%- endif %} -{%- raw %} {% endraw %}[...]({{ self::remote_url() }}/commit/{{ commit.id }}) - {%- endfor %} -{%- endfor %} - -{%- if github %} -{%- raw %}\n{% endraw -%} - {%- set all_contributors = github.contributors | length %} - {%- if github.contributors | filter(attribute="username", value="dependabot[bot]") | length < all_contributors %} ------ - -### People who contributed to this release - {% endif %} - {%- for contributor in github.contributors | filter(attribute="username") | sort(attribute="username") %} - {%- if contributor.username != "dependabot[bot]" and contributor.username != "github-actions[bot]" %} -* [@{{ contributor.username }}](https://github.com/{{ contributor.username }}) - {%- endif %} - {%- endfor %} - - {% if github.contributors | filter(attribute="is_first_time", value=true) | length != 0 %} ------ - {%- raw %}\n{% endraw %} - -### New Contributors - {%- endif %} - - {%- for contributor in github.contributors | filter(attribute="is_first_time", value=true) %} - {%- if contributor.username != "dependabot[bot]" and contributor.username != "github-actions[bot]" %} -* @{{ contributor.username }} made their first contribution - {%- if contributor.pr_number %} - in [#{{ contributor.pr_number }}]({{ self::remote_url() }}/pull/{{ contributor.pr_number }}) \ - {%- endif %} - {%- endif %} - {%- endfor %} -{%- endif %} - -{%- raw %}\n{% endraw %} - -{%- macro remote_url() -%} - https://github.com/{{ remote.github.owner }}/{{ remote.github.repo }} -{%- endmacro -%} -""" -# Remove leading and trailing whitespaces from the changelog's body. -trim = true -# Render body even when there are no releases to process. -render_always = true -# An array of regex based postprocessors to modify the changelog. -postprocessors = [ - # Replace the placeholder with a URL. - #{ pattern = '', replace = "https://github.com/orhun/git-cliff" }, -] -# output file path -# output = "test.md" - -[git] -# Parse commits according to the conventional commits specification. -# See https://www.conventionalcommits.org -conventional_commits = false -# Exclude commits that do not match the conventional commits specification. -filter_unconventional = false -# Require all commits to be conventional. -# Takes precedence over filter_unconventional. -require_conventional = false -# Split commits on newlines, treating each line as an individual commit. -split_commits = false -# An array of regex based parsers to modify commit messages prior to further processing. -commit_preprocessors = [ - # Replace issue numbers with link templates to be updated in `changelog.postprocessors`. - #{ pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](/issues/${2}))"}, - # Check spelling of the commit message using https://github.com/crate-ci/typos. - # If the spelling is incorrect, it will be fixed automatically. - #{ pattern = '.*', replace_command = 'typos --write-changes -' } -] -# Prevent commits that are breaking from being excluded by commit parsers. -protect_breaking_commits = false -# An array of regex based parsers for extracting data from the commit message. -# Assigns commits to groups. -# Optionally sets the commit's scope and can decide to exclude commits from further processing. -commit_parsers = [ - { message = "^[Cc]hore\\([Rr]elease\\): prepare for", skip = true }, - { message = "(^[Mm]erge)|([Mm]erge conflict)", skip = true }, - { field = "author.name", pattern = "dependabot*", group = "Updates" }, - { message = "([Ss]ecurity)|([Vv]uln)", group = "Security" }, - { body = "(.*[Ss]ecurity)|([Vv]uln)", group = "Security" }, - { message = "([Cc]hore\\(lint\\))|(style)|(lint)|(codeql)|(golangci)", group = "Code quality" }, - { message = "(^[Dd]oc)|((?i)readme)|(badge)|(typo)|(documentation)", group = "Documentation" }, - { message = "(^[Ff]eat)|(^[Ee]nhancement)", group = "Implemented enhancements" }, - { message = "(^ci)|(\\(ci\\))|(fixup\\s+ci)|(fix\\s+ci)|(license)|(example)", group = "Miscellaneous tasks" }, - { message = "^test", group = "Testing" }, - { message = "(^fix)|(panic)", group = "Fixed bugs" }, - { message = "(^refact)|(rework)", group = "Refactor" }, - { message = "(^[Pp]erf)|(performance)", group = "Performance" }, - { message = "(^[Cc]hore)", group = "Miscellaneous tasks" }, - { message = "^[Rr]evert", group = "Reverted changes" }, - { message = "(upgrade.*?go)|(go\\s+version)", group = "Updates" }, - { message = ".*", group = "Other" }, -] -# Exclude commits that are not matched by any commit parser. -filter_commits = false -# An array of link parsers for extracting external references, and turning them into URLs, using regex. -link_parsers = [] -# Include only the tags that belong to the current branch. -use_branch_tags = false -# Order releases topologically instead of chronologically. -topo_order = false -# Order releases topologically instead of chronologically. -topo_order_commits = true -# Order of commits in each group/release within the changelog. -# Allowed values: newest, oldest -sort_commits = "newest" -# Process submodules commits -recurse_submodules = false - -#[remote.github] -#owner = "go-openapi" diff --git a/vendor/github.com/go-openapi/jsonpointer/.gitignore b/vendor/github.com/go-openapi/jsonpointer/.gitignore index 885dc27ab0..d8f4186fe5 100644 --- a/vendor/github.com/go-openapi/jsonpointer/.gitignore +++ b/vendor/github.com/go-openapi/jsonpointer/.gitignore @@ -3,4 +3,3 @@ .idea .env .mcp.json -.claude/ diff --git a/vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md b/vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md index 2ebebedc15..0cdcfb4cef 100644 --- a/vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md +++ b/vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md @@ -4,11 +4,11 @@ | Total Contributors | Total Contributions | | --- | --- | -| 12 | 101 | +| 13 | 115 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | -| @fredbi | 54 | | +| @fredbi | 67 | | | @casualjim | 33 | | | @magodo | 3 | | | @youyuanwu | 3 | | @@ -18,7 +18,8 @@ | @ianlancetaylor | 1 | | | @mfleader | 1 | | | @Neo2308 | 1 | | +| @alexandear | 1 | | | @olivierlemasle | 1 | | | @testwill | 1 | | - _this file was generated by the [Contributors GitHub Action](https://github.com/github/contributors)_ + _this file was generated by the [Contributors GitHub Action](https://github.com/github-community-projects/contributors)_ diff --git a/vendor/github.com/go-openapi/jsonpointer/NOTICE b/vendor/github.com/go-openapi/jsonpointer/NOTICE index f3b51939a9..201908d2f0 100644 --- a/vendor/github.com/go-openapi/jsonpointer/NOTICE +++ b/vendor/github.com/go-openapi/jsonpointer/NOTICE @@ -18,7 +18,7 @@ It ships with copies of other software which license terms are recalled below. The original software was authored on 25-02-2013 by sigu-399 (https://github.com/sigu-399, sigu.399@gmail.com). -github.com/sigh-399/jsonpointer +github.com/sigu-399/jsonpointer =========================== // SPDX-FileCopyrightText: Copyright 2013 sigu-399 ( https://github.com/sigu-399 ) diff --git a/vendor/github.com/go-openapi/jsonpointer/README.md b/vendor/github.com/go-openapi/jsonpointer/README.md index c52803e2e8..24fbe1bf68 100644 --- a/vendor/github.com/go-openapi/jsonpointer/README.md +++ b/vendor/github.com/go-openapi/jsonpointer/README.md @@ -16,17 +16,25 @@ An implementation of JSON Pointer for golang, which supports go `struct`. ## Announcements -* **2025-12-19** : new community chat on discord - * a new discord community channel is available to be notified of changes and support users - * our venerable Slack channel remains open, and will be eventually discontinued on **2026-03-31** - -You may join the discord community by clicking the invite link on the discord badge (also above). [![Discord Channel][discord-badge]][discord-url] - -Or join our Slack channel: [![Slack Channel][slack-logo]![slack-badge]][slack-url] +* **2026-04-15** : added support for trailing "-" for arrays (v0.23.0) + * this brings full support of [RFC6901][RFC6901] + * this is supported for types relying on the reflection-based implemented + * API semantics remain essentially unaltered. Exception: `Pointer.Set(document any,value any) (document any, err error)` + can only perform a best-effort to mutate the input document in place. In the case of adding elements to an array with a + trailing "-", either pass a mutable array (`*[]T`) as the input document, or use the returned updated document instead. + * types that implement the `JSONSetable` interface may not implement the mutation implied by the trailing "-" + +* **2026-04-15** : added support for optional alternate JSON name providers + * for struct support the defaults might not suit all situations: there are known limitations + when it comes to handle untagged fields or embedded types. + * the default name provider in use is not fully aligned with go JSON stdlib + * exposed an option (or global setting) to change the provider that resolves a struct into json keys + * the default behavior is not altered + * a new alternate name provider is added (imported from `go-openapi/swag/jsonname`), aligned with JSON stdlib behavior ## Status -API is stable. +API is stable and feature-complete. ## Import this library in your project @@ -88,7 +96,7 @@ See -also known as [RFC6901](https://www.rfc-editor.org/rfc/rfc6901) +also known as [RFC6901][RFC6901]. ## Licensing @@ -99,19 +107,19 @@ on top of which it has been built. ## Limitations -The 4.Evaluation part of the previous reference, starting with 'If the currently referenced value is a JSON array, -the reference token MUST contain either...' is not implemented. - -That is because our implementation of the JSON pointer only supports explicit references to array elements: -the provision in the spec to resolve non-existent members as "the last element in the array", -using the special trailing character "-" is not implemented. +* [RFC6901][RFC6901] is now fully supported, including trailing "-" semantics for arrays (for `Set` operations). +* Default behavior: JSON name detection in go `struct`s + - Unlike go standard marshaling, untagged fields do not default to the go field name and are ignored. + - anonymous fields are not traversed if untagged + - the above limitations may be overcome by calling `UseGoNameProvider()` at initialization time. + - alternatively, users may inject the desired custom behavior for naming fields as an option. ## Other documentation * [All-time contributors](./CONTRIBUTORS.md) -* [Contributing guidelines](.github/CONTRIBUTING.md) -* [Maintainers documentation](docs/MAINTAINERS.md) -* [Code style](docs/STYLE.md) +* [Contributing guidelines][contributing-doc-site] +* [Maintainers documentation][maintainers-doc-site] +* [Code style][style-doc-site] ## Cutting a new release @@ -142,11 +150,8 @@ Maintainers can cut a new release by either: [godoc-badge]: https://pkg.go.dev/badge/github.com/go-openapi/jsonpointer [godoc-url]: http://pkg.go.dev/github.com/go-openapi/jsonpointer -[slack-logo]: https://a.slack-edge.com/e6a93c1/img/icons/favicon-32.png -[slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM -[slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue -[discord-url]: https://discord.gg/twZ9BwT3 +[discord-url]: https://discord.gg/FfnFYaC3k5 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg @@ -156,3 +161,8 @@ Maintainers can cut a new release by either: [goversion-url]: https://github.com/go-openapi/jsonpointer/blob/master/go.mod [top-badge]: https://img.shields.io/github/languages/top/go-openapi/jsonpointer [commits-badge]: https://img.shields.io/github/commits-since/go-openapi/jsonpointer/latest +[RFC6901]: https://www.rfc-editor.org/rfc/rfc6901 + +[contributing-doc-site]: https://go-openapi.github.io/doc-site/contributing/contributing/index.html +[maintainers-doc-site]: https://go-openapi.github.io/doc-site/maintainers/index.html +[style-doc-site]: https://go-openapi.github.io/doc-site/contributing/style/index.html diff --git a/vendor/github.com/go-openapi/jsonpointer/errors.go b/vendor/github.com/go-openapi/jsonpointer/errors.go index 8c50dde8bc..8813474d44 100644 --- a/vendor/github.com/go-openapi/jsonpointer/errors.go +++ b/vendor/github.com/go-openapi/jsonpointer/errors.go @@ -16,12 +16,24 @@ const ( ErrPointer pointerError = "JSON pointer error" // ErrInvalidStart states that a JSON pointer must start with a separator ("/"). - ErrInvalidStart pointerError = `JSON pointer must be empty or start with a "` + pointerSeparator + ErrInvalidStart pointerError = `JSON pointer must be empty or start with a "` + pointerSeparator + `"` // ErrUnsupportedValueType indicates that a value of the wrong type is being set. ErrUnsupportedValueType pointerError = "only structs, pointers, maps and slices are supported for setting values" + + // ErrDashToken indicates use of the RFC 6901 "-" reference token + // in a context where it cannot be resolved. + // + // Per RFC 6901 §4 the "-" token refers to the (nonexistent) element + // after the last array element. It may only be used as the terminal + // token of a [Pointer.Set] against a slice, where it means "append". + // Any other use (get, offset, intermediate traversal, non-slice target) + // is an error condition that wraps this sentinel. + ErrDashToken pointerError = `the "-" array token cannot be resolved here` //nolint:gosec // G101 false positive: this is a JSON Pointer reference token, not a credential. ) +const dashToken = "-" + func errNoKey(key string) error { return fmt.Errorf("object has no key %q: %w", key, ErrPointer) } @@ -33,3 +45,15 @@ func errOutOfBounds(length, idx int) error { func errInvalidReference(token string) error { return fmt.Errorf("invalid token reference %q: %w", token, ErrPointer) } + +func errDashOnGet() error { + return fmt.Errorf("cannot resolve %q token on get: %w: %w", dashToken, ErrDashToken, ErrPointer) +} + +func errDashIntermediate() error { + return fmt.Errorf("the %q token may only appear as the terminal token of a pointer: %w: %w", dashToken, ErrDashToken, ErrPointer) +} + +func errDashOnOffset() error { + return fmt.Errorf("cannot compute offset for %q token (nonexistent element): %w: %w", dashToken, ErrDashToken, ErrPointer) +} diff --git a/vendor/github.com/go-openapi/jsonpointer/ifaces.go b/vendor/github.com/go-openapi/jsonpointer/ifaces.go new file mode 100644 index 0000000000..1e56ac0442 --- /dev/null +++ b/vendor/github.com/go-openapi/jsonpointer/ifaces.go @@ -0,0 +1,47 @@ +// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + +package jsonpointer + +import "reflect" + +// JSONPointable is an interface for structs to implement, +// when they need to customize the json pointer process or want to avoid the use of reflection. +type JSONPointable interface { + // JSONLookup returns a value pointed at this (unescaped) key. + JSONLookup(key string) (any, error) +} + +// JSONSetable is an interface for structs to implement, +// when they need to customize the json pointer process or want to avoid the use of reflection. +// +// # Handling of the RFC 6901 "-" token +// +// When a type implementing JSONSetable is the terminal parent of a [Pointer.Set] +// call, the library passes the raw reference token to JSONSet without +// interpretation. In particular, the RFC 6901 "-" token (which conventionally +// means "append" for arrays, per RFC 6902) is forwarded verbatim as the key +// argument. Implementations that model an array-like container are expected +// to give "-" the append semantics; implementations that do not should return +// an error wrapping [ErrDashToken] (or [ErrPointer]) for clarity. +// +// Implementations are responsible for any in-place mutation: the library does +// not attempt to rebind the result of JSONSet into a parent container. +type JSONSetable interface { + // JSONSet sets the value pointed at the (unescaped) key. + // + // The key may be the RFC 6901 "-" token when the pointer targets a + // slice-like member; see the interface documentation for details. + JSONSet(key string, value any) error +} + +// NameProvider knows how to resolve go struct fields into json names. +// +// The default provider is brought by [github.com/go-openapi/swag/jsonname.DefaultJSONNameProvider]. +type NameProvider interface { + // GetGoName gets the go name for a json property name + GetGoName(subject any, name string) (string, bool) + + // GetGoNameForType gets the go name for a given type for a json property name + GetGoNameForType(tpe reflect.Type, name string) (string, bool) +} diff --git a/vendor/github.com/go-openapi/jsonpointer/options.go b/vendor/github.com/go-openapi/jsonpointer/options.go new file mode 100644 index 0000000000..d52caab222 --- /dev/null +++ b/vendor/github.com/go-openapi/jsonpointer/options.go @@ -0,0 +1,86 @@ +// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + +package jsonpointer + +import ( + "sync" + + "github.com/go-openapi/swag/jsonname" +) + +// Option to tune the behavior of a JSON [Pointer]. +type Option func(*options) + +var ( + //nolint:gochecknoglobals // package level defaults are provided as a convenient, backward-compatible way to adopt options. + defaultOptions = options{ + provider: jsonname.DefaultJSONNameProvider, + } + //nolint:gochecknoglobals // guards defaultOptions against concurrent SetDefaultNameProvider / read races (testing) + defaultOptionsMu sync.RWMutex +) + +// SetDefaultNameProvider sets the [NameProvider] as a package-level default. +// +// By default, the default provider is [jsonname.DefaultJSONNameProvider]. +// +// It is safe to call concurrently with [Pointer.Get], [Pointer.Set], +// [GetForToken] and [SetForToken]. The typical usage is to call it once +// at initialization time. +// +// A nil provider is ignored. +func SetDefaultNameProvider(provider NameProvider) { + if provider == nil { + return + } + + defaultOptionsMu.Lock() + defer defaultOptionsMu.Unlock() + + defaultOptions.provider = provider +} + +// UseGoNameProvider sets the [NameProvider] as a package-level default +// to the alternative provider [jsonname.GoNameProvider], that covers a few areas +// not supported by the default name provider. +// +// This implementation supports untagged exported fields and embedded types in go struct. +// It follows strictly the behavior of the JSON standard library regarding field naming conventions. +// +// It is safe to call concurrently with [Pointer.Get], [Pointer.Set], +// [GetForToken] and [SetForToken]. The typical usage is to call it once +// at initialization time. +func UseGoNameProvider() { + SetDefaultNameProvider(jsonname.NewGoNameProvider()) +} + +// DefaultNameProvider returns the current package-level [NameProvider]. +func DefaultNameProvider() NameProvider { //nolint:ireturn // returning the interface is the point — callers pick their own implementation. + defaultOptionsMu.RLock() + defer defaultOptionsMu.RUnlock() + + return defaultOptions.provider +} + +// WithNameProvider injects a custom [NameProvider] to resolve json names from go struct types. +func WithNameProvider(provider NameProvider) Option { + return func(o *options) { + o.provider = provider + } +} + +type options struct { + provider NameProvider +} + +func optionsWithDefaults(opts []Option) options { + var o options + o.provider = DefaultNameProvider() + + for _, apply := range opts { + apply(&o) + } + + return o +} diff --git a/vendor/github.com/go-openapi/jsonpointer/pointer.go b/vendor/github.com/go-openapi/jsonpointer/pointer.go index 7df49af3b9..2369c1827e 100644 --- a/vendor/github.com/go-openapi/jsonpointer/pointer.go +++ b/vendor/github.com/go-openapi/jsonpointer/pointer.go @@ -11,8 +11,6 @@ import ( "reflect" "strconv" "strings" - - "github.com/go-openapi/swag/jsonname" ) const ( @@ -20,20 +18,6 @@ const ( pointerSeparator = `/` ) -// JSONPointable is an interface for structs to implement, -// when they need to customize the json pointer process or want to avoid the use of reflection. -type JSONPointable interface { - // JSONLookup returns a value pointed at this (unescaped) key. - JSONLookup(key string) (any, error) -} - -// JSONSetable is an interface for structs to implement, -// when they need to customize the json pointer process or want to avoid the use of reflection. -type JSONSetable interface { - // JSONSet sets the value pointed at the (unescaped) key. - JSONSet(key string, value any) error -} - // Pointer is a representation of a json pointer. // // Use [Pointer.Get] to retrieve a value or [Pointer.Set] to set a value. @@ -41,7 +25,7 @@ type JSONSetable interface { // It works with any go type interpreted as a JSON document, which means: // // - if a type implements [JSONPointable], its [JSONPointable.JSONLookup] method is used to resolve [Pointer.Get] -// - if a type implements [JSONSetable], its [JSONPointable.JSONSet] method is used to resolve [Pointer.Set] +// - if a type implements [JSONSetable], its [JSONSetable.JSONSet] method is used to resolve [Pointer.Set] // - a go map[K]V is interpreted as an object, with type K assignable to a string // - a go slice []T is interpreted as an array // - a go struct is interpreted as an object, with exported fields interpreted as keys @@ -71,16 +55,35 @@ func New(jsonPointerString string) (Pointer, error) { // Get uses the pointer to retrieve a value from a JSON document. // // It returns the value with its type as a [reflect.Kind] or an error. -func (p *Pointer) Get(document any) (any, reflect.Kind, error) { - return p.get(document, jsonname.DefaultJSONNameProvider) +func (p *Pointer) Get(document any, opts ...Option) (any, reflect.Kind, error) { + o := optionsWithDefaults(opts) + + return p.get(document, o.provider) } // Set uses the pointer to set a value from a data type // that represent a JSON document. // -// It returns the updated document. -func (p *Pointer) Set(document any, value any) (any, error) { - return document, p.set(document, value, jsonname.DefaultJSONNameProvider) +// # Mutation contract +// +// Set mutates the provided document in place whenever Go's type system allows +// it: when document is a map, a pointer, or when the targeted value is reached +// through an addressable ancestor (e.g. a struct field traversed via a pointer, +// a slice element). Callers that rely on this in-place behavior may continue +// to ignore the returned document. +// +// The returned document is only load-bearing when Set cannot mutate in place. +// This happens in one specific case: appending to a top-level slice passed by +// value (e.g. document of type []T rather than *[]T) via the RFC 6901 "-" +// terminal token. reflect.Append produces a new slice header that the library +// cannot rebind into the caller's variable; the updated document is returned +// instead. Pass *[]T if you want in-place rebind for that case as well. +// +// See [ErrDashToken] for the semantics of the "-" token. +func (p *Pointer) Set(document any, value any, opts ...Option) (any, error) { + o := optionsWithDefaults(opts) + + return p.set(document, value, o.provider) } // DecodedTokens returns the decoded (unescaped) tokens of this JSON pointer. @@ -109,6 +112,46 @@ func (p *Pointer) String() string { return pointerSeparator + strings.Join(p.referenceTokens, pointerSeparator) } +// Offset returns the byte offset, in the raw JSON text of document, of the +// location referenced by this pointer's terminal token. +// +// Unlike [Pointer.Get] and [Pointer.Set], which operate on a decoded Go value, +// Offset operates directly on the textual JSON source. It drives an +// [encoding/json.Decoder] over the string and stops at the terminal token, +// returning the position at which the decoder was about to read that token. +// +// It is primarily intended for tooling that needs to map a pointer back to a +// region of the original source: reporting line/column for validation or +// parse diagnostics, extracting a sub-document by slicing the raw bytes, or +// highlighting the referenced span in an editor. +// +// # Offset semantics +// +// The meaning of the returned offset depends on whether the terminal token +// addresses an object property or an array element: +// +// - Object property: the offset points to the first byte of the key (its +// opening quote character), not to the associated value. For example, +// pointer "/foo/bar" against {"foo": {"bar": 21}} returns 9, the index of +// the opening quote of "bar". +// - Array element: the offset points to the first byte of the value at that +// index. For example, pointer "/0/1" against [[1,2], [3,4]] returns 4, +// the index of the digit 2. +// +// # Errors +// +// Offset returns an error in any of these cases: +// +// - document is not syntactically valid JSON; +// - the structure of document does not match the pointer (e.g. traversing +// into a scalar, or a token that is neither a valid key nor a valid +// numeric index); +// - a referenced key or index does not exist in document; +// - the pointer's terminal token is the RFC 6901 "-" array token, which +// designates a nonexistent element and therefore has no offset in the +// source. The returned error wraps [ErrDashToken]. +// +// All errors wrap [ErrPointer]. func (p *Pointer) Offset(document string) (int64, error) { dec := json.NewDecoder(strings.NewReader(document)) var offset int64 @@ -137,7 +180,35 @@ func (p *Pointer) Offset(document string) (int64, error) { return 0, fmt.Errorf("invalid token %#v: %w", tk, ErrPointer) } } - return offset, nil + return skipJSONSeparator(document, offset), nil +} + +// skipJSONSeparator advances offset past trailing JSON whitespace and at most +// one value separator (comma) in document, so the result points at the first +// byte of the next JSON token. +// +// The streaming decoder's InputOffset sits right after the most recently +// consumed token, which between values is the comma (or whitespace) — not +// the following token. Normalizing here keeps Offset's contract uniform: +// for both object keys and array elements, and regardless of position within +// the parent container, the returned offset always points at the first byte +// of the addressed token. +func skipJSONSeparator(document string, offset int64) int64 { + n := int64(len(document)) + for offset < n && isJSONWhitespace(document[offset]) { + offset++ + } + if offset < n && document[offset] == ',' { + offset++ + } + for offset < n && isJSONWhitespace(document[offset]) { + offset++ + } + return offset +} + +func isJSONWhitespace(c byte) bool { + return c == ' ' || c == '\t' || c == '\n' || c == '\r' } // "Constructor", parses the given string JSON pointer. @@ -157,9 +228,9 @@ func (p *Pointer) parse(jsonPointerString string) error { return nil } -func (p *Pointer) get(node any, nameProvider *jsonname.NameProvider) (any, reflect.Kind, error) { +func (p *Pointer) get(node any, nameProvider NameProvider) (any, reflect.Kind, error) { if nameProvider == nil { - nameProvider = jsonname.DefaultJSONNameProvider + nameProvider = defaultOptions.provider } kind := reflect.Invalid @@ -185,50 +256,130 @@ func (p *Pointer) get(node any, nameProvider *jsonname.NameProvider) (any, refle return node, kind, nil } -func (p *Pointer) set(node, data any, nameProvider *jsonname.NameProvider) error { +func (p *Pointer) set(node, data any, nameProvider NameProvider) (any, error) { knd := reflect.ValueOf(node).Kind() if knd != reflect.Pointer && knd != reflect.Struct && knd != reflect.Map && knd != reflect.Slice && knd != reflect.Array { - return errors.Join( + return node, errors.Join( fmt.Errorf("unexpected type: %T", node), //nolint:err113 // err wrapping is carried out by errors.Join, not fmt.Errorf. ErrUnsupportedValueType, ErrPointer, ) } - l := len(p.referenceTokens) - // full document when empty - if l == 0 { - return nil + if len(p.referenceTokens) == 0 { + return node, nil } if nameProvider == nil { - nameProvider = jsonname.DefaultJSONNameProvider + nameProvider = defaultOptions.provider } - var decodedToken string - lastIndex := l - 1 + return p.setAt(node, p.referenceTokens, data, nameProvider) +} - if lastIndex > 0 { // skip if we only have one token in pointer - for _, token := range p.referenceTokens[:lastIndex] { - decodedToken = Unescape(token) - next, err := p.resolveNodeForToken(node, decodedToken, nameProvider) - if err != nil { - return err - } +// setAt recursively walks the token list, setting the data at the terminal +// token and rebinding any new child reference (e.g. a slice header returned +// by an "-" append) into its parent on the way back up. +// +// Returning the (possibly new) node at each level is what makes append work +// at any depth without requiring the caller to pass a pointer to the +// containing slice: the new slice header propagates up and each parent +// rebinds it via the appropriate kind-specific setter. +func (p *Pointer) setAt(node any, tokens []string, data any, nameProvider NameProvider) (any, error) { + decodedToken := Unescape(tokens[0]) + + if len(tokens) == 1 { + return setSingleImpl(node, data, decodedToken, nameProvider) + } - node = next - } + child, err := p.resolveNodeForToken(node, decodedToken, nameProvider) + if err != nil { + return node, err + } + + newChild, err := p.setAt(child, tokens[1:], data, nameProvider) + if err != nil { + return node, err } - // last token - decodedToken = Unescape(p.referenceTokens[lastIndex]) + return rebindChild(node, decodedToken, newChild, nameProvider) +} + +// rebindChild writes newChild back into node at decodedToken. +// +// For cases where the child was already mutated in place (pointer aliasing, +// addressable slice elements) the rebind is a safe no-op. For cases where +// the child was returned by value (map entries holding a slice, slices +// reached through a non-addressable ancestor), the rebind propagates the +// new value into the parent. +// +// Parents implementing [JSONPointable] are left alone: they took ownership +// of the child via JSONLookup and did not opt into a JSONSet-based rebind +// on intermediate tokens. +func rebindChild(node any, decodedToken string, newChild any, nameProvider NameProvider) (any, error) { + if _, ok := node.(JSONPointable); ok { + return node, nil + } + + rValue := reflect.Indirect(reflect.ValueOf(node)) + + switch rValue.Kind() { + case reflect.Struct: + nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken) + if !ok { + return node, fmt.Errorf("object has no field %q: %w", decodedToken, ErrPointer) + } + fld := rValue.FieldByName(nm) + if !fld.CanSet() { + return node, nil + } + assignReflectValue(fld, newChild) + return node, nil + + case reflect.Map: + rValue.SetMapIndex(reflect.ValueOf(decodedToken), reflect.ValueOf(newChild)) + return node, nil + + case reflect.Slice: + if decodedToken == dashToken { + return node, errDashIntermediate() + } + idx, err := strconv.Atoi(decodedToken) + if err != nil { + return node, errors.Join(err, ErrPointer) + } + elem := rValue.Index(idx) + if !elem.CanSet() { + return node, nil + } + assignReflectValue(elem, newChild) + return node, nil + + default: + return node, errInvalidReference(decodedToken) + } +} - return setSingleImpl(node, data, decodedToken, nameProvider) +// assignReflectValue assigns src into dst, unwrapping a pointer when dst +// expects the pointee type. This tolerates the pointer-wrapping performed +// by [typeFromValue] for addressable fields. +func assignReflectValue(dst reflect.Value, src any) { + nv := reflect.ValueOf(src) + if !nv.IsValid() { + return + } + if nv.Type().AssignableTo(dst.Type()) { + dst.Set(nv) + return + } + if nv.Kind() == reflect.Pointer && nv.Elem().Type().AssignableTo(dst.Type()) { + dst.Set(nv.Elem()) + } } -func (p *Pointer) resolveNodeForToken(node any, decodedToken string, nameProvider *jsonname.NameProvider) (next any, err error) { +func (p *Pointer) resolveNodeForToken(node any, decodedToken string, nameProvider NameProvider) (next any, err error) { // check for nil during traversal if isNil(node) { return nil, fmt.Errorf("cannot traverse through nil value at %q: %w", decodedToken, ErrPointer) @@ -272,6 +423,9 @@ func (p *Pointer) resolveNodeForToken(node any, decodedToken string, nameProvide return typeFromValue(mv), nil case reflect.Slice: + if decodedToken == dashToken { + return nil, errDashIntermediate() + } tokenIndex, err := strconv.Atoi(decodedToken) if err != nil { return nil, errors.Join(err, ErrPointer) @@ -312,16 +466,23 @@ func typeFromValue(v reflect.Value) any { } // GetForToken gets a value for a json pointer token 1 level deep. -func GetForToken(document any, decodedToken string) (any, reflect.Kind, error) { - return getSingleImpl(document, decodedToken, jsonname.DefaultJSONNameProvider) +func GetForToken(document any, decodedToken string, opts ...Option) (any, reflect.Kind, error) { + o := optionsWithDefaults(opts) + + return getSingleImpl(document, decodedToken, o.provider) } // SetForToken sets a value for a json pointer token 1 level deep. -func SetForToken(document any, decodedToken string, value any) (any, error) { - return document, setSingleImpl(document, value, decodedToken, jsonname.DefaultJSONNameProvider) +// +// See [Pointer.Set] for the mutation contract, in particular the handling of +// the RFC 6901 "-" token on slices. +func SetForToken(document any, decodedToken string, value any, opts ...Option) (any, error) { + o := optionsWithDefaults(opts) + + return setSingleImpl(document, value, decodedToken, o.provider) } -func getSingleImpl(node any, decodedToken string, nameProvider *jsonname.NameProvider) (any, reflect.Kind, error) { +func getSingleImpl(node any, decodedToken string, nameProvider NameProvider) (any, reflect.Kind, error) { rValue := reflect.Indirect(reflect.ValueOf(node)) kind := rValue.Kind() if isNil(node) { @@ -361,6 +522,9 @@ func getSingleImpl(node any, decodedToken string, nameProvider *jsonname.NamePro return nil, kind, errNoKey(decodedToken) case reflect.Slice: + if decodedToken == dashToken { + return nil, kind, errDashOnGet() + } tokenIndex, err := strconv.Atoi(decodedToken) if err != nil { return nil, kind, errors.Join(err, ErrPointer) @@ -378,14 +542,14 @@ func getSingleImpl(node any, decodedToken string, nameProvider *jsonname.NamePro } } -func setSingleImpl(node, data any, decodedToken string, nameProvider *jsonname.NameProvider) error { +func setSingleImpl(node, data any, decodedToken string, nameProvider NameProvider) (any, error) { // check for nil to prevent panic when calling rValue.Type() if isNil(node) { - return fmt.Errorf("cannot set field %q on nil value: %w", decodedToken, ErrPointer) + return node, fmt.Errorf("cannot set field %q on nil value: %w", decodedToken, ErrPointer) } if ns, ok := node.(JSONSetable); ok { - return ns.JSONSet(decodedToken, data) + return node, ns.JSONSet(decodedToken, data) } rValue := reflect.Indirect(reflect.ValueOf(node)) @@ -394,12 +558,12 @@ func setSingleImpl(node, data any, decodedToken string, nameProvider *jsonname.N case reflect.Struct: nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken) if !ok { - return fmt.Errorf("object has no field %q: %w", decodedToken, ErrPointer) + return node, fmt.Errorf("object has no field %q: %w", decodedToken, ErrPointer) } fld := rValue.FieldByName(nm) if !fld.CanSet() { - return fmt.Errorf("can't set struct field %s to %v: %w", nm, data, ErrPointer) + return node, fmt.Errorf("can't set struct field %s to %v: %w", nm, data, ErrPointer) } value := reflect.ValueOf(data) @@ -407,33 +571,51 @@ func setSingleImpl(node, data any, decodedToken string, nameProvider *jsonname.N assignedType := fld.Type() if !valueType.AssignableTo(assignedType) { - return fmt.Errorf("can't set value with type %T to field %s with type %v: %w", data, nm, assignedType, ErrPointer) + return node, fmt.Errorf("can't set value with type %T to field %s with type %v: %w", data, nm, assignedType, ErrPointer) } fld.Set(value) - return nil + return node, nil case reflect.Map: kv := reflect.ValueOf(decodedToken) rValue.SetMapIndex(kv, reflect.ValueOf(data)) - return nil + return node, nil case reflect.Slice: + if decodedToken == dashToken { + // RFC 6901 §4 / RFC 6902 append semantics: terminal "-" appends + // the value to the slice. We rebind in place when the slice is + // reachable via an addressable ancestor; otherwise we return the + // new slice header for the parent (or the public Set) to rebind. + value := reflect.ValueOf(data) + elemType := rValue.Type().Elem() + if !value.Type().AssignableTo(elemType) { + return node, fmt.Errorf("can't append value of type %T to slice of %v: %w", data, elemType, ErrPointer) + } + newSlice := reflect.Append(rValue, value) + if rValue.CanSet() { + rValue.Set(newSlice) + return node, nil + } + return newSlice.Interface(), nil + } + tokenIndex, err := strconv.Atoi(decodedToken) if err != nil { - return errors.Join(err, ErrPointer) + return node, errors.Join(err, ErrPointer) } sLength := rValue.Len() if tokenIndex < 0 || tokenIndex >= sLength { - return errOutOfBounds(sLength, tokenIndex) + return node, errOutOfBounds(sLength, tokenIndex) } elem := rValue.Index(tokenIndex) if !elem.CanSet() { - return fmt.Errorf("can't set slice index %s to %v: %w", decodedToken, data, ErrPointer) + return node, fmt.Errorf("can't set slice index %s to %v: %w", decodedToken, data, ErrPointer) } value := reflect.ValueOf(data) @@ -441,15 +623,15 @@ func setSingleImpl(node, data any, decodedToken string, nameProvider *jsonname.N assignedType := elem.Type() if !valueType.AssignableTo(assignedType) { - return fmt.Errorf("can't set value with type %T to slice element %d with type %v: %w", data, tokenIndex, assignedType, ErrPointer) + return node, fmt.Errorf("can't set value with type %T to slice element %d with type %v: %w", data, tokenIndex, assignedType, ErrPointer) } elem.Set(value) - return nil + return node, nil default: - return errInvalidReference(decodedToken) + return node, errInvalidReference(decodedToken) } } @@ -460,24 +642,27 @@ func offsetSingleObject(dec *json.Decoder, decodedToken string) (int64, error) { if err != nil { return 0, err } - switch tk := tk.(type) { - case json.Delim: - switch tk { - case '{': - if err = drainSingle(dec); err != nil { - return 0, err - } - case '[': + key, ok := tk.(string) + if !ok { + return 0, fmt.Errorf("invalid key token %#v: %w", tk, ErrPointer) + } + if key == decodedToken { + return offset, nil + } + + // Consume the associated value. Scalars are fully read by a single + // Token() call; composite values must be drained. + tk, err = dec.Token() + if err != nil { + return 0, err + } + if delim, isDelim := tk.(json.Delim); isDelim { + switch delim { + case '{', '[': if err = drainSingle(dec); err != nil { return 0, err } } - case string: - if tk == decodedToken { - return offset, nil - } - default: - return 0, fmt.Errorf("invalid token %#v: %w", tk, ErrPointer) } } @@ -485,6 +670,9 @@ func offsetSingleObject(dec *json.Decoder, decodedToken string) (int64, error) { } func offsetSingleArray(dec *json.Decoder, decodedToken string) (int64, error) { + if decodedToken == dashToken { + return 0, errDashOnOffset() + } idx, err := strconv.Atoi(decodedToken) if err != nil { return 0, fmt.Errorf("token reference %q is not a number: %w: %w", decodedToken, err, ErrPointer) diff --git a/vendor/github.com/go-openapi/jsonreference/.gitignore b/vendor/github.com/go-openapi/jsonreference/.gitignore index 885dc27ab0..d8f4186fe5 100644 --- a/vendor/github.com/go-openapi/jsonreference/.gitignore +++ b/vendor/github.com/go-openapi/jsonreference/.gitignore @@ -3,4 +3,3 @@ .idea .env .mcp.json -.claude/ diff --git a/vendor/github.com/go-openapi/jsonreference/CONTRIBUTORS.md b/vendor/github.com/go-openapi/jsonreference/CONTRIBUTORS.md index 7faeb83a77..3cfbca6a6a 100644 --- a/vendor/github.com/go-openapi/jsonreference/CONTRIBUTORS.md +++ b/vendor/github.com/go-openapi/jsonreference/CONTRIBUTORS.md @@ -4,18 +4,18 @@ | Total Contributors | Total Contributions | | --- | --- | -| 9 | 73 | +| 9 | 79 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | -| @fredbi | 36 | https://github.com/go-openapi/jsonreference/commits?author=fredbi | -| @casualjim | 25 | https://github.com/go-openapi/jsonreference/commits?author=casualjim | -| @youyuanwu | 5 | https://github.com/go-openapi/jsonreference/commits?author=youyuanwu | -| @olivierlemasle | 2 | https://github.com/go-openapi/jsonreference/commits?author=olivierlemasle | -| @apelisse | 1 | https://github.com/go-openapi/jsonreference/commits?author=apelisse | -| @gbjk | 1 | https://github.com/go-openapi/jsonreference/commits?author=gbjk | -| @honza | 1 | https://github.com/go-openapi/jsonreference/commits?author=honza | -| @Neo2308 | 1 | https://github.com/go-openapi/jsonreference/commits?author=Neo2308 | -| @erraggy | 1 | https://github.com/go-openapi/jsonreference/commits?author=erraggy | +| @fredbi | 42 | | +| @casualjim | 25 | | +| @youyuanwu | 5 | | +| @olivierlemasle | 2 | | +| @apelisse | 1 | | +| @gbjk | 1 | | +| @honza | 1 | | +| @Neo2308 | 1 | | +| @erraggy | 1 | | - _this file was generated by the [Contributors GitHub Action](https://github.com/github/contributors)_ + _this file was generated by the [Contributors GitHub Action](https://github.com/github-community-projects/contributors)_ diff --git a/vendor/github.com/go-openapi/jsonreference/README.md b/vendor/github.com/go-openapi/jsonreference/README.md index adea160619..43d05b0506 100644 --- a/vendor/github.com/go-openapi/jsonreference/README.md +++ b/vendor/github.com/go-openapi/jsonreference/README.md @@ -14,15 +14,9 @@ An implementation of JSON Reference for golang. + ## Status @@ -74,9 +68,9 @@ on top of which it has been built. ## Other documentation * [All-time contributors](./CONTRIBUTORS.md) -* [Contributing guidelines](.github/CONTRIBUTING.md) -* [Maintainers documentation](docs/MAINTAINERS.md) -* [Code style](docs/STYLE.md) +* [Contributing guidelines][contributing-doc-site] +* [Maintainers documentation][maintainers-doc-site] +* [Code style][style-doc-site] ## Cutting a new release @@ -115,7 +109,7 @@ Maintainers can cut a new release by either: [slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM [slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue -[discord-url]: https://discord.gg/twZ9BwT3 +[discord-url]: https://discord.gg/FfnFYaC3k5 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg @@ -125,3 +119,7 @@ Maintainers can cut a new release by either: [goversion-url]: https://github.com/go-openapi/jsonreference/blob/master/go.mod [top-badge]: https://img.shields.io/github/languages/top/go-openapi/jsonreference [commits-badge]: https://img.shields.io/github/commits-since/go-openapi/jsonreference/latest + +[contributing-doc-site]: https://go-openapi.github.io/doc-site/contributing/contributing/index.html +[maintainers-doc-site]: https://go-openapi.github.io/doc-site/maintainers/index.html +[style-doc-site]: https://go-openapi.github.io/doc-site/contributing/style/index.html diff --git a/vendor/github.com/go-openapi/loads/CONTRIBUTORS.md b/vendor/github.com/go-openapi/loads/CONTRIBUTORS.md index 36b836a3d5..d9481e7871 100644 --- a/vendor/github.com/go-openapi/loads/CONTRIBUTORS.md +++ b/vendor/github.com/go-openapi/loads/CONTRIBUTORS.md @@ -4,12 +4,12 @@ | Total Contributors | Total Contributions | | --- | --- | -| 14 | 123 | +| 14 | 130 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | +| @fredbi | 52 | | | @casualjim | 48 | | -| @fredbi | 45 | | | @youyuanwu | 6 | | | @vburenin | 4 | | | @keramix | 4 | | @@ -23,4 +23,4 @@ | @kreativka | 1 | | | @petrkotas | 1 | | - _this file was generated by the [Contributors GitHub Action](https://github.com/github/contributors)_ + _this file was generated by the [Contributors GitHub Action](https://github.com/github-community-projects/contributors)_ diff --git a/vendor/github.com/go-openapi/loads/README.md b/vendor/github.com/go-openapi/loads/README.md index d92e62a040..a67a1546ed 100644 --- a/vendor/github.com/go-openapi/loads/README.md +++ b/vendor/github.com/go-openapi/loads/README.md @@ -106,7 +106,7 @@ Maintainers can cut a new release by either: [slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM [slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue -[discord-url]: https://discord.gg/twZ9BwT3 +[discord-url]: https://discord.gg/FfnFYaC3k5 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg diff --git a/vendor/github.com/go-openapi/runtime/.gitignore b/vendor/github.com/go-openapi/runtime/.gitignore index d8f4186fe5..bbdffea78a 100644 --- a/vendor/github.com/go-openapi/runtime/.gitignore +++ b/vendor/github.com/go-openapi/runtime/.gitignore @@ -3,3 +3,4 @@ .idea .env .mcp.json +go.work.sum diff --git a/vendor/github.com/go-openapi/runtime/CONTRIBUTORS.md b/vendor/github.com/go-openapi/runtime/CONTRIBUTORS.md new file mode 100644 index 0000000000..4a717770cb --- /dev/null +++ b/vendor/github.com/go-openapi/runtime/CONTRIBUTORS.md @@ -0,0 +1,82 @@ +# Contributors + +- Repository: ['go-openapi/runtime'] + +| Total Contributors | Total Contributions | +| --- | --- | +| 70 | 491 | + +| Username | All Time Contribution Count | All Commits | +| --- | --- | --- | +| @casualjim | 268 | | +| @fredbi | 69 | | +| @youyuanwu | 19 | | +| @josephwoodward | 13 | | +| @kenjones-cisco | 12 | | +| @GlenDC | 7 | | +| @moenning | 6 | | +| @mstoykov | 6 | | +| @elakito | 6 | | +| @ifraixedes | 5 | | +| @zeitlinger | 4 | | +| @jkawamoto | 3 | | +| @stoyanr | 3 | | +| @keramix | 2 | | +| @Equanox | 2 | | +| @ederavilaprado | 2 | | +| @nan0tube | 2 | | +| @thomdixon | 2 | | +| @deborggraever | 2 | | +| @MakarandNsd | 2 | | +| @Vadskye | 2 | | +| @jsilland | 2 | | +| @Kunde21 | 2 | | +| @bcomnes | 2 | | +| @galaxie | 2 | | +| @anfernee | 2 | | +| @wahabmk | 1 | | +| @vearutop | 1 | | +| @tschaub | 1 | | +| @pytlesk4 | 1 | | +| @tgraf | 1 | | +| @seanprince | 1 | | +| @rodriguise | 1 | | +| @petrkotas | 1 | | +| @maxatome | 1 | | +| @maxkarelov | 1 | | +| @tooolbox | 1 | | +| @akutz | 1 | | +| @yabberyabber | 1 | | +| @elv-gilles | 1 | | +| @gregmarr | 1 | | +| @jwalter1-quest | 1 | | +| @s4s7 | 1 | | +| @stingshen | 1 | | +| @tamalsaha | 1 | | +| @tte | 1 | | +| @martian4202 | 1 | | +| @yan-zhuang | 1 | | +| @aleksandr-vin | 1 | | +| @azylman | 1 | | +| @anasmuhmd | 1 | | +| @ArFe | 1 | | +| @CodeLingoBot | 1 | | +| @dlmiddlecote | 1 | | +| @danny-cheung | 1 | | +| @calavera | 1 | | +| @EdwardBetts | 1 | | +| @etsangsplk | 1 | | +| @ericzsplk | 1 | | +| @faguirre1 | 1 | | +| @florindragos | 1 | | +| @gbjk | 1 | | +| @taisho6339 | 1 | | +| @jbowes | 1 | | +| @JoakimSoderberg | 1 | | +| @robbert229 | 1 | | +| @jonathaningram | 1 | | +| @KuaaMU | 1 | | +| @germanhs | 1 | | +| @pracucci | 1 | | + + _this file was generated by the [Contributors GitHub Action](https://github.com/github-community-projects/contributors)_ diff --git a/vendor/github.com/go-openapi/runtime/README.md b/vendor/github.com/go-openapi/runtime/README.md index dd7f5039a7..befd3d641b 100644 --- a/vendor/github.com/go-openapi/runtime/README.md +++ b/vendor/github.com/go-openapi/runtime/README.md @@ -16,15 +16,9 @@ A runtime for go OpenAPI toolkit. The runtime component for use in code generation or as untyped usage. + ## Status @@ -64,9 +58,9 @@ on top of which it has been built. * [FAQ](docs/FAQ.md) * [All-time contributors](./CONTRIBUTORS.md) -* [Contributing guidelines](.github/CONTRIBUTING.md) -* [Maintainers documentation](docs/MAINTAINERS.md) -* [Code style](docs/STYLE.md) +* [Contributing guidelines][contributing-doc-site] +* [Maintainers documentation][maintainers-doc-site] +* [Code style][style-doc-site] ## Cutting a new release @@ -97,11 +91,8 @@ Maintainers can cut a new release by either: [godoc-badge]: https://pkg.go.dev/badge/github.com/go-openapi/runtime [godoc-url]: http://pkg.go.dev/github.com/go-openapi/runtime -[slack-logo]: https://a.slack-edge.com/e6a93c1/img/icons/favicon-32.png -[slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM -[slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue -[discord-url]: https://discord.gg/twZ9BwT3 +[discord-url]: https://discord.gg/FfnFYaC3k5 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg @@ -111,3 +102,7 @@ Maintainers can cut a new release by either: [goversion-url]: https://github.com/go-openapi/runtime/blob/master/go.mod [top-badge]: https://img.shields.io/github/languages/top/go-openapi/runtime [commits-badge]: https://img.shields.io/github/commits-since/go-openapi/runtime/latest + +[contributing-doc-site]: https://go-openapi.github.io/doc-site/contributing/contributing/index.html +[maintainers-doc-site]: https://go-openapi.github.io/doc-site/maintainers/index.html +[style-doc-site]: https://go-openapi.github.io/doc-site/contributing/style/index.html diff --git a/vendor/github.com/go-openapi/runtime/client/request.go b/vendor/github.com/go-openapi/runtime/client/request.go index f16ee487ba..0ad2da44bd 100644 --- a/vendor/github.com/go-openapi/runtime/client/request.go +++ b/vendor/github.com/go-openapi/runtime/client/request.go @@ -189,6 +189,14 @@ func (r *request) SetTimeout(timeout time.Duration) error { } func (r *request) isMultipart(mediaType string) bool { + // An explicit application/x-www-form-urlencoded choice is honored even when + // file fields are present: the spec allows files to travel as URL-encoded + // form values, although it does not stream and is discouraged. Without this + // short-circuit, picking urlencoded with files would silently fall back to + // multipart and emit an inconsistent Content-Type. + if strings.EqualFold(mediaType, runtime.URLencodedFormMime) { + return false + } if len(r.fileFields) > 0 { return true } @@ -223,8 +231,29 @@ func (r *request) buildHTTP(mediaType, basePath string, producers map[string]run if len(r.formFields) > 0 || len(r.fileFields) > 0 { if !r.isMultipart(mediaType) { r.header.Set(runtime.HeaderContentType, mediaType) - formString := r.formFields.Encode() - r.buf.WriteString(formString) + values := url.Values{} + for k, vs := range r.formFields { + values[k] = append(values[k], vs...) + } + // Per Swagger 2.0, file form parameters can be sent under + // application/x-www-form-urlencoded by including the file content as a + // regular form-field value. The whole form is then percent-encoded as + // usual. This buffers the entire payload and does not preserve a + // per-file Content-Type — multipart/form-data is preferred when both + // are advertised by the operation. + for fn, ff := range r.fileFields { + for _, fi := range ff { + data, ferr := io.ReadAll(fi) + if cerr := fi.Close(); cerr != nil && ferr == nil { + ferr = cerr + } + if ferr != nil { + return nil, ferr + } + values.Add(fn, string(data)) + } + } + r.buf.WriteString(values.Encode()) goto DoneChoosingBodySource } @@ -460,9 +489,6 @@ func logClose(err error, pw *io.PipeWriter) { } } -func mangleContentType(mediaType, boundary string) string { - if strings.ToLower(mediaType) == runtime.URLencodedFormMime { - return fmt.Sprintf("%s; boundary=%s", mediaType, boundary) - } +func mangleContentType(_, boundary string) string { return "multipart/form-data; boundary=" + boundary } diff --git a/vendor/github.com/go-openapi/runtime/client/runtime.go b/vendor/github.com/go-openapi/runtime/client/runtime.go index eeb17dfb24..f41818ea56 100644 --- a/vendor/github.com/go-openapi/runtime/client/runtime.go +++ b/vendor/github.com/go-openapi/runtime/client/runtime.go @@ -545,14 +545,7 @@ func (r *Runtime) createHttpRequest(operation *runtime.ClientOperation) (*reques //} // Enhancement proposal: https://github.com/go-openapi/runtime/issues/386 - cmt := r.DefaultMediaType - for _, mediaType := range operation.ConsumesMediaTypes { - // Pick first non-empty media type - if mediaType != "" { - cmt = mediaType - break - } - } + cmt := pickConsumesMediaType(operation.ConsumesMediaTypes, r.DefaultMediaType) if _, ok := r.Producers[cmt]; !ok && cmt != runtime.MultipartFormMime && cmt != runtime.URLencodedFormMime { return nil, nil, fmt.Errorf("none of producers: %v registered. try %s", r.Producers, cmt) @@ -568,6 +561,27 @@ func (r *Runtime) createHttpRequest(operation *runtime.ClientOperation) (*reques return request, req, nil } +// pickConsumesMediaType selects which Content-Type the client will send. +// +// When the operation advertises multipart/form-data alongside other types +// (typically application/x-www-form-urlencoded), multipart is preferred because +// it streams and preserves per-file Content-Type. Otherwise the first non-empty +// entry wins, falling back to def. This makes the choice independent of the +// order produced by codegen. +func pickConsumesMediaType(consumes []string, def string) string { + for _, mt := range consumes { + if strings.EqualFold(mt, runtime.MultipartFormMime) { + return mt + } + } + for _, mt := range consumes { + if mt != "" { + return mt + } + } + return def +} + func basePool(pool *x509.CertPool) *x509.CertPool { if pool == nil { return x509.NewCertPool() diff --git a/vendor/github.com/go-openapi/runtime/go.work b/vendor/github.com/go-openapi/runtime/go.work index b4cd9e01e8..efa29dcac2 100644 --- a/vendor/github.com/go-openapi/runtime/go.work +++ b/vendor/github.com/go-openapi/runtime/go.work @@ -3,4 +3,4 @@ use ( ./client-middleware/opentracing ) -go 1.24.0 +go 1.25.0 diff --git a/vendor/github.com/go-openapi/runtime/go.work.sum b/vendor/github.com/go-openapi/runtime/go.work.sum deleted file mode 100644 index b24a8cfaf9..0000000000 --- a/vendor/github.com/go-openapi/runtime/go.work.sum +++ /dev/null @@ -1,109 +0,0 @@ -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/go-openapi/errors v0.22.2/go.mod h1:+n/5UdIqdVnLIJ6Q9Se8HNGUXYaY6CN8ImWzfi/Gzp0= -github.com/go-openapi/jsonpointer v0.22.0/go.mod h1:xt3jV88UtExdIkkL7NloURjRQjbeUgcxFblMjq2iaiU= -github.com/go-openapi/jsonreference v0.21.1/go.mod h1:PWs8rO4xxTUqKGu+lEvvCxD5k2X7QYkKAepJyCmSTT8= -github.com/go-openapi/swag v0.24.1/go.mod h1:sm8I3lCPlspsBBwUm1t5oZeWZS0s7m/A+Psg0ooRU0A= -github.com/go-openapi/swag/cmdutils v0.24.0/go.mod h1:uxib2FAeQMByyHomTlsP8h1TtPd54Msu2ZDU/H5Vuf8= -github.com/go-openapi/swag/conv v0.24.0/go.mod h1:jbn140mZd7EW2g8a8Y5bwm8/Wy1slLySQQ0ND6DPc2c= -github.com/go-openapi/swag/fileutils v0.24.0/go.mod h1:3SCrCSBHyP1/N+3oErQ1gP+OX1GV2QYFSnrTbzwli90= -github.com/go-openapi/swag/jsonname v0.24.0/go.mod h1:GXqrPzGJe611P7LG4QB9JKPtUZ7flE4DOVechNaDd7Q= -github.com/go-openapi/swag/jsonutils v0.24.0/go.mod h1:vBowZtF5Z4DDApIoxcIVfR8v0l9oq5PpYRUuteVu6f0= -github.com/go-openapi/swag/loading v0.24.0/go.mod h1:gShCN4woKZYIxPxbfbyHgjXAhO61m88tmjy0lp/LkJk= -github.com/go-openapi/swag/mangling v0.24.0/go.mod h1:Jm5Go9LHkycsz0wfoaBDkdc4CkpuSnIEf62brzyCbhc= -github.com/go-openapi/swag/netutils v0.24.0/go.mod h1:WRgiHcYTnx+IqfMCtu0hy9oOaPR0HnPbmArSRN1SkZM= -github.com/go-openapi/swag/stringutils v0.24.0/go.mod h1:5nUXB4xA0kw2df5PRipZDslPJgJut+NjL7D25zPZ/4w= -github.com/go-openapi/swag/typeutils v0.24.0/go.mod h1:q8C3Kmk/vh2VhpCLaoR2MVWOGP8y7Jc8l82qCTd1DYI= -github.com/go-openapi/swag/yamlutils v0.24.0/go.mod h1:DpKv5aYuaGm/sULePoeiG8uwMpZSfReo1HR3Ik0yaG8= -github.com/go-openapi/testify/enable/yaml/v2 v2.4.0/go.mod h1:14iV8jyyQlinc9StD7w1xVPW3CO3q1Gj04Jy//Kw4VM= -github.com/go-openapi/testify/v2 v2.4.0/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= -github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= -github.com/montanaflynn/stats v0.7.1/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30 h1:BHT1/DKsYDGkUgQ2jmMaozVcdk+sVfz0+1ZJq4zkWgw= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= -github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= -github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4= -github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM= -github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= -github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.mongodb.org/mongo-driver v1.17.6/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= -golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8= -golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= -golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= -golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= -golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc= -golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= -golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= -golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= -golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= -golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjhjHsTNdVEEMZNWA0quBnfrO+AfoDSAKw= -golang.org/x/telemetry v0.0.0-20260109210033-bd525da824e2/go.mod h1:b7fPSJ0pKZ3ccUh8gnTONJxhn3c/PS6tyzQvyqw4iA8= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= -golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA= -golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= -golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= -golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s= -golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= -golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= -golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/github.com/go-openapi/runtime/middleware/context.go b/vendor/github.com/go-openapi/runtime/middleware/context.go index 1f85e86b53..728c73308e 100644 --- a/vendor/github.com/go-openapi/runtime/middleware/context.go +++ b/vendor/github.com/go-openapi/runtime/middleware/context.go @@ -17,6 +17,7 @@ import ( "github.com/go-openapi/loads" "github.com/go-openapi/spec" "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag/typeutils" "github.com/go-openapi/runtime" "github.com/go-openapi/runtime/logger" @@ -468,7 +469,7 @@ func (c *Context) Authorize(request *http.Request, route *MatchedRoute) (any, *h } applies, usr, err := route.Authenticators.Authenticate(request, route) - if !applies || err != nil || !route.Authenticators.AllowsAnonymous() && usr == nil { + if !applies || err != nil || !route.Authenticators.AllowsAnonymous() && typeutils.IsZero(usr) { if err != nil { return nil, nil, err } diff --git a/vendor/github.com/go-openapi/runtime/middleware/router.go b/vendor/github.com/go-openapi/runtime/middleware/router.go index e828653be7..d375fd7709 100644 --- a/vendor/github.com/go-openapi/runtime/middleware/router.go +++ b/vendor/github.com/go-openapi/runtime/middleware/router.go @@ -21,6 +21,7 @@ import ( "github.com/go-openapi/spec" "github.com/go-openapi/strfmt" "github.com/go-openapi/swag/stringutils" + "github.com/go-openapi/swag/typeutils" ) // RouteParam is a object to capture route params in a framework agnostic way. @@ -292,7 +293,7 @@ func (ras RouteAuthenticators) Authenticate(req *http.Request, route *MatchedRou continue } applies, usr, err := ra.Authenticate(req, route) - if !applies || err != nil || usr == nil { + if !applies || err != nil || typeutils.IsZero(usr) { if err != nil { lastError = err } @@ -357,7 +358,7 @@ func (d *defaultRouter) Lookup(method, path string) (*MatchedRoute, bool) { } } if router, ok := d.routers[mth]; ok { - if m, rp, ok := router.Lookup(fpath.Clean(path)); ok && m != nil { + if m, rp, ok := router.Lookup(fpath.Clean(escapeLiteralColons(path))); ok && m != nil { if entry, ok := m.(*routeEntry); ok { d.debugLogf("found a route for %s %s with %d parameters", method, path, len(entry.Parameters)) var params RouteParams @@ -398,7 +399,7 @@ func (d *defaultRouter) OtherMethods(method, path string) []string { var methods []string for k, v := range d.routers { if k != mn { - if _, _, ok := v.Lookup(fpath.Clean(path)); ok { + if _, _, ok := v.Lookup(fpath.Clean(escapeLiteralColons(path))); ok { methods = append(methods, k) continue } @@ -414,6 +415,14 @@ func (d *defaultRouter) SetLogger(lg logger.Logger) { // convert swagger parameters per path segment into a denco parameter as multiple parameters per segment are not supported in denco. var pathConverter = regexp.MustCompile(`{(.+?)}([^/]*)`) +// escapeLiteralColons replaces literal ':' characters with their URL-encoded +// equivalent "%3A". This prevents the denco router from misinterpreting ':' +// in URL path segments as parameter delimiters. The ':' character is valid in +// URL paths per RFC 3986 section 3.3. +func escapeLiteralColons(path string) string { + return strings.ReplaceAll(path, ":", "%3A") +} + func decodeCompositParams(name string, value string, pattern string, names []string, values []string) ([]string, []string) { pleft := strings.Index(pattern, "{") names = append(names, name) @@ -463,7 +472,7 @@ func (d *defaultRouteBuilder) AddRoute(method, path string, operation *spec.Oper requestBinder := NewUntypedRequestBinder(parameters, d.spec.Spec(), d.api.Formats()) requestBinder.setDebugLogf(d.debugLogf) - record := denco.NewRecord(pathConverter.ReplaceAllString(path, ":$1"), &routeEntry{ + record := denco.NewRecord(pathConverter.ReplaceAllString(escapeLiteralColons(path), ":$1"), &routeEntry{ BasePath: bp, PathPattern: path, Operation: operation, diff --git a/vendor/github.com/go-openapi/runtime/middleware/validation.go b/vendor/github.com/go-openapi/runtime/middleware/validation.go index 8a56490639..8dca105be6 100644 --- a/vendor/github.com/go-openapi/runtime/middleware/validation.go +++ b/vendor/github.com/go-openapi/runtime/middleware/validation.go @@ -10,7 +10,6 @@ import ( "github.com/go-openapi/errors" "github.com/go-openapi/runtime" - "github.com/go-openapi/swag/stringutils" ) type validation struct { @@ -22,27 +21,62 @@ type validation struct { } // ContentType validates the content type of a request. +// +// An allowed entry may carry MIME type parameters (e.g. "text/plain;charset=utf-8"). +// In that case every parameter the client sends must be present on the allowed entry +// with the same value; the allowed entry may carry additional parameters the client +// omits. An allowed entry without parameters accepts any client parameters. +// "*/*" and "type/*" wildcards are matched on the bare type only. func validateContentType(allowed []string, actual string) error { if len(allowed) == 0 { return nil } - mt, _, err := mime.ParseMediaType(actual) + actualType, actualParams, err := mime.ParseMediaType(actual) if err != nil { return errors.InvalidContentType(actual, allowed) } - if stringutils.ContainsStringsCI(allowed, mt) { - return nil - } - if stringutils.ContainsStringsCI(allowed, "*/*") { - return nil + typeWildcard := "" + if slash := strings.IndexByte(actualType, '/'); slash > 0 { + typeWildcard = actualType[:slash] + "/*" } - parts := strings.Split(actual, "/") - if len(parts) == 2 && stringutils.ContainsStringsCI(allowed, parts[0]+"/*") { - return nil + for _, a := range allowed { + if strings.EqualFold(a, "*/*") { + return nil + } + if typeWildcard != "" && strings.EqualFold(a, typeWildcard) { + return nil + } + if mediaTypeMatches(a, actualType, actualParams) { + return nil + } } return errors.InvalidContentType(actual, allowed) } +// mediaTypeMatches reports whether the actual client media type satisfies the +// server-side allowed media type, with parameter-aware comparison. +func mediaTypeMatches(allowed, actualType string, actualParams map[string]string) bool { + allowedType, allowedParams, err := mime.ParseMediaType(allowed) + if err != nil { + // Fall back to a case-insensitive bare match if the configured value + // can't be parsed as a media type. + return strings.EqualFold(allowed, actualType) + } + if !strings.EqualFold(allowedType, actualType) { + return false + } + if len(allowedParams) == 0 { + return true + } + for k, v := range actualParams { + sv, ok := allowedParams[k] + if !ok || !strings.EqualFold(sv, v) { + return false + } + } + return true +} + func validateRequest(ctx *Context, request *http.Request, route *MatchedRoute) *validation { validate := &validation{ context: ctx, diff --git a/vendor/github.com/go-openapi/runtime/statuses.go b/vendor/github.com/go-openapi/runtime/statuses.go index c0f3e6b447..273d9c6ced 100644 --- a/vendor/github.com/go-openapi/runtime/statuses.go +++ b/vendor/github.com/go-openapi/runtime/statuses.go @@ -60,7 +60,7 @@ var Statuses = map[int]string{ 444: "No Response", 449: "Retry With", 450: "Blocked by Windows Parental Controls", - 451: "Wrong Exchange Server", + 451: "Unavailable For Legal Reasons", 499: "Client Closed Request", 500: "Internal Server Error", 501: "Not Implemented", diff --git a/vendor/github.com/go-openapi/spec/.gitignore b/vendor/github.com/go-openapi/spec/.gitignore index 885dc27ab0..d8f4186fe5 100644 --- a/vendor/github.com/go-openapi/spec/.gitignore +++ b/vendor/github.com/go-openapi/spec/.gitignore @@ -3,4 +3,3 @@ .idea .env .mcp.json -.claude/ diff --git a/vendor/github.com/go-openapi/spec/.golangci.yml b/vendor/github.com/go-openapi/spec/.golangci.yml index dc7c96053d..9d2733176e 100644 --- a/vendor/github.com/go-openapi/spec/.golangci.yml +++ b/vendor/github.com/go-openapi/spec/.golangci.yml @@ -4,7 +4,10 @@ linters: disable: - depguard - funlen + - goconst - godox + - gomodguard + - gomodguard_v2 - exhaustruct - nlreturn - nonamedreturns diff --git a/vendor/github.com/go-openapi/spec/CONTRIBUTORS.md b/vendor/github.com/go-openapi/spec/CONTRIBUTORS.md index 2967e3cedd..2fd257bbee 100644 --- a/vendor/github.com/go-openapi/spec/CONTRIBUTORS.md +++ b/vendor/github.com/go-openapi/spec/CONTRIBUTORS.md @@ -4,12 +4,12 @@ | Total Contributors | Total Contributions | | --- | --- | -| 38 | 392 | +| 38 | 398 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | | @casualjim | 191 | | -| @fredbi | 90 | | +| @fredbi | 96 | | | @pytlesk4 | 26 | | | @kul-amr | 10 | | | @keramix | 10 | | @@ -47,4 +47,4 @@ | @ChandanChainani | 1 | | | @bvwells | 1 | | - _this file was generated by the [Contributors GitHub Action](https://github.com/github/contributors)_ + _this file was generated by the [Contributors GitHub Action](https://github.com/github-community-projects/contributors)_ diff --git a/vendor/github.com/go-openapi/spec/README.md b/vendor/github.com/go-openapi/spec/README.md index 134809fd77..7c96eb9a58 100644 --- a/vendor/github.com/go-openapi/spec/README.md +++ b/vendor/github.com/go-openapi/spec/README.md @@ -18,12 +18,9 @@ The object model for OpenAPI v2 specification documents. * **2025-12-19** : new community chat on discord * a new discord community channel is available to be notified of changes and support users - * our venerable Slack channel remains open, and will be eventually discontinued on **2026-03-31** You may join the discord community by clicking the invite link on the discord badge (also above). [![Discord Channel][discord-badge]][discord-url] -Or join our Slack channel: [![Slack Channel][slack-logo]![slack-badge]][slack-url] - ## Status API is stable. @@ -95,9 +92,9 @@ This library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE). ## Other documentation * [All-time contributors](./CONTRIBUTORS.md) -* [Contributing guidelines](.github/CONTRIBUTING.md) -* [Maintainers documentation](docs/MAINTAINERS.md) -* [Code style](docs/STYLE.md) +* [Contributing guidelines][contributing-doc-site] +* [Maintainers documentation][maintainers-doc-site] +* [Code style][style-doc-site] ## Cutting a new release @@ -132,11 +129,8 @@ Maintainers can cut a new release by either: [doc-url]: https://goswagger.io/go-openapi [godoc-badge]: https://pkg.go.dev/badge/github.com/go-openapi/spec [godoc-url]: http://pkg.go.dev/github.com/go-openapi/spec -[slack-logo]: https://a.slack-edge.com/e6a93c1/img/icons/favicon-32.png -[slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM -[slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue -[discord-url]: https://discord.gg/twZ9BwT3 +[discord-url]: https://discord.gg/FfnFYaC3k5 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg @@ -146,3 +140,7 @@ Maintainers can cut a new release by either: [goversion-url]: https://github.com/go-openapi/spec/blob/master/go.mod [top-badge]: https://img.shields.io/github/languages/top/go-openapi/spec [commits-badge]: https://img.shields.io/github/commits-since/go-openapi/spec/latest + +[contributing-doc-site]: https://go-openapi.github.io/doc-site/contributing/contributing/index.html +[maintainers-doc-site]: https://go-openapi.github.io/doc-site/maintainers/index.html +[style-doc-site]: https://go-openapi.github.io/doc-site/contributing/style/index.html diff --git a/vendor/github.com/go-openapi/spec/header.go b/vendor/github.com/go-openapi/spec/header.go index 599ba2c5d7..f656e0789a 100644 --- a/vendor/github.com/go-openapi/spec/header.go +++ b/vendor/github.com/go-openapi/spec/header.go @@ -150,7 +150,11 @@ func (h Header) MarshalJSON() ([]byte, error) { if err != nil { return nil, err } - return jsonutils.ConcatJSON(b1, b2, b3), nil + b4, err := json.Marshal(h.VendorExtensible) + if err != nil { + return nil, err + } + return jsonutils.ConcatJSON(b1, b2, b3, b4), nil } // UnmarshalJSON unmarshals this header from JSON. diff --git a/vendor/github.com/go-openapi/spec/schema_loader.go b/vendor/github.com/go-openapi/spec/schema_loader.go index 0894c932c6..1e346069e2 100644 --- a/vendor/github.com/go-openapi/spec/schema_loader.go +++ b/vendor/github.com/go-openapi/spec/schema_loader.go @@ -117,7 +117,7 @@ func (r *schemaLoader) updateBasePath(transitive *schemaLoader, basePath string) func (r *schemaLoader) resolveRef(ref *Ref, target any, basePath string) error { tgt := reflect.ValueOf(target) - if tgt.Kind() != reflect.Ptr { + if tgt.Kind() != reflect.Pointer { return ErrResolveRefNeedsAPointer } diff --git a/vendor/github.com/go-openapi/strfmt/.gitignore b/vendor/github.com/go-openapi/strfmt/.gitignore index 885dc27ab0..bbdffea78a 100644 --- a/vendor/github.com/go-openapi/strfmt/.gitignore +++ b/vendor/github.com/go-openapi/strfmt/.gitignore @@ -3,4 +3,4 @@ .idea .env .mcp.json -.claude/ +go.work.sum diff --git a/vendor/github.com/go-openapi/strfmt/.golangci.yml b/vendor/github.com/go-openapi/strfmt/.golangci.yml index 3c4cd489a1..8a3b3bff7c 100644 --- a/vendor/github.com/go-openapi/strfmt/.golangci.yml +++ b/vendor/github.com/go-openapi/strfmt/.golangci.yml @@ -2,6 +2,7 @@ version: "2" linters: default: all disable: + - goconst # has become too noisy. Disabled - depguard - funlen - gomoddirectives diff --git a/vendor/github.com/go-openapi/strfmt/CONTRIBUTORS.md b/vendor/github.com/go-openapi/strfmt/CONTRIBUTORS.md index e49700d4d2..4aa4fcb54f 100644 --- a/vendor/github.com/go-openapi/strfmt/CONTRIBUTORS.md +++ b/vendor/github.com/go-openapi/strfmt/CONTRIBUTORS.md @@ -4,12 +4,12 @@ | Total Contributors | Total Contributions | | --- | --- | -| 40 | 225 | +| 40 | 239 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | | @casualjim | 88 | | -| @fredbi | 57 | | +| @fredbi | 71 | | | @youyuanwu | 13 | | | @jlambatl | 9 | | | @GlenDC | 5 | | diff --git a/vendor/github.com/go-openapi/strfmt/README.md b/vendor/github.com/go-openapi/strfmt/README.md index a0cf642754..4afef43733 100644 --- a/vendor/github.com/go-openapi/strfmt/README.md +++ b/vendor/github.com/go-openapi/strfmt/README.md @@ -16,14 +16,6 @@ Golang support for string formats defined by JSON Schema and OpenAPI. ## Announcements -* **2025-12-19** : new community chat on discord - * a new discord community channel is available to be notified of changes and support users - * our venerable Slack channel remains open, and will be eventually discontinued on **2026-03-31** - -You may join the discord community by clicking the invite link on the discord badge (also above). [![Discord Channel][discord-badge]][discord-url] - -Or join our Slack channel: [![Slack Channel][slack-logo]![slack-badge]][slack-url] - * **2026-03-07** : v0.26.0 **dropped dependency to the mongodb driver** * mongodb users can still use this package without any change * however, we have frozen the back-compatible support for mongodb driver at v2.5.0 @@ -177,9 +169,9 @@ This library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE). ## Other documentation * [All-time contributors](./CONTRIBUTORS.md) -* [Contributing guidelines](.github/CONTRIBUTING.md) -* [Maintainers documentation](docs/MAINTAINERS.md) -* [Code style](docs/STYLE.md) +* [Contributing guidelines][contributing-doc-site] +* [Maintainers documentation][maintainers-doc-site] +* [Code style][style-doc-site] ## Cutting a new release @@ -214,9 +206,6 @@ Maintainers can cut a new release by either: [doc-url]: https://goswagger.io/go-openapi [godoc-badge]: https://pkg.go.dev/badge/github.com/go-openapi/strfmt [godoc-url]: http://pkg.go.dev/github.com/go-openapi/strfmt -[slack-logo]: https://a.slack-edge.com/e6a93c1/img/icons/favicon-32.png -[slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM -[slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue [discord-url]: https://discord.gg/FfnFYaC3k5 @@ -228,3 +217,7 @@ Maintainers can cut a new release by either: [goversion-url]: https://github.com/go-openapi/strfmt/blob/master/go.mod [top-badge]: https://img.shields.io/github/languages/top/go-openapi/strfmt [commits-badge]: https://img.shields.io/github/commits-since/go-openapi/strfmt/latest + +[contributing-doc-site]: https://go-openapi.github.io/doc-site/contributing/contributing/index.html +[maintainers-doc-site]: https://go-openapi.github.io/doc-site/maintainers/index.html +[style-doc-site]: https://go-openapi.github.io/doc-site/contributing/style/index.html diff --git a/vendor/github.com/go-openapi/strfmt/default.go b/vendor/github.com/go-openapi/strfmt/default.go index 87d3856ad2..725cc0e1a6 100644 --- a/vendor/github.com/go-openapi/strfmt/default.go +++ b/vendor/github.com/go-openapi/strfmt/default.go @@ -1978,6 +1978,14 @@ func (r *Password) DeepCopy() *Password { } func isRequestURI(rawurl string) bool { + // url.ParseRequestURI assumes the input contains no "#fragment" + // (RFC 3986 §3.5). A URI with a fragment and an empty path, such as + // "https://host#@frag", is therefore misread as userinfo and rejected + // as "invalid userinfo". Strip the fragment first so the absolute + // request URI validates, matching url.Parse's RFC 3986 handling. + if i := strings.IndexByte(rawurl, '#'); i >= 0 { + rawurl = rawurl[:i] + } _, err := url.ParseRequestURI(rawurl) return err == nil } diff --git a/vendor/github.com/go-openapi/strfmt/duration.go b/vendor/github.com/go-openapi/strfmt/duration.go index b710bfbf53..f2ab7ff834 100644 --- a/vendor/github.com/go-openapi/strfmt/duration.go +++ b/vendor/github.com/go-openapi/strfmt/duration.go @@ -7,11 +7,9 @@ import ( "database/sql/driver" "encoding/json" "fmt" - "math" - "regexp" - "strconv" "strings" "time" + "unicode" ) func init() { //nolint:gochecknoinits // registers duration format in the default registry @@ -22,34 +20,62 @@ func init() { //nolint:gochecknoinits // registers duration format in the defaul const ( hoursInDay = 24 daysInWeek = 7 + nanos = uint64(time.Nanosecond) + micros = uint64(time.Microsecond) + millis = uint64(time.Millisecond) + seconds = uint64(time.Second) + minutes = uint64(time.Minute) + hours = uint64(time.Hour) + days = uint64(hoursInDay * time.Hour) + weeks = uint64(hoursInDay * daysInWeek * time.Hour) + maxUint64 = uint64(1 << 63) ) +// timeMultiplier holds all supported aliases for duration units, including their plural form. +// //nolint:gochecknoglobals // package-level lookup tables for duration parsing -var ( - timeUnits = [][]string{ - {"ns", "nano"}, - {"us", "µs", "micro"}, - {"ms", "milli"}, - {"s", "sec"}, - {"m", "min"}, - {"h", "hr", "hour"}, - {"d", "day"}, - {"w", "wk", "week"}, - } - - timeMultiplier = map[string]time.Duration{ - "ns": time.Nanosecond, - "us": time.Microsecond, - "ms": time.Millisecond, - "s": time.Second, - "m": time.Minute, - "h": time.Hour, - "d": hoursInDay * time.Hour, - "w": hoursInDay * daysInWeek * time.Hour, - } - - durationMatcher = regexp.MustCompile(`^(((?:-\s?)?\d+)(\.\d+)?\s*([A-Za-zµ]+))`) -) +var timeMultiplier = map[string]uint64{ + "ns": nanos, + "nano": nanos, + "nanosecond": nanos, + "nanoseconds": nanos, + "nanos": nanos, + "us": micros, + "µs": micros, // U+00B5 = micro symbol + "μs": micros, // U+03BC = Greek letter mu + "micro": micros, + "micros": micros, + "microsecond": micros, + "microseconds": micros, + "ms": millis, + "milli": millis, + "millis": millis, + "millisecond": millis, + "milliseconds": millis, + "s": seconds, + "sec": seconds, + "secs": seconds, + "second": seconds, + "seconds": seconds, + "m": minutes, + "min": minutes, + "mins": minutes, + "minute": minutes, + "minutes": minutes, + "h": hours, + "hr": hours, + "hrs": hours, + "hour": hours, + "hours": hours, + "d": days, + "day": days, + "days": days, + "w": weeks, + "wk": weeks, + "wks": weeks, + "week": weeks, + "weeks": weeks, +} // IsDuration returns true if the provided string is a valid duration. func IsDuration(str string) bool { @@ -80,64 +106,157 @@ func (d *Duration) UnmarshalText(data []byte) error { // validation is performed return nil } -// ParseDuration parses a duration from a string, compatible with scala duration syntax. -func ParseDuration(cand string) (time.Duration, error) { - if dur, err := time.ParseDuration(cand); err == nil { - return dur, nil +// ParseDuration parses a duration from a string +// +// It is similar to [time.ParseDuration] but support additional units like days and weeks, +// additional abreviations for units and is more tolerant on the presence of blank spaces. +// +// A duration may be negative or fractional. +// +// # Differences with [time.ParseDuration] +// +// - more supported units and aliases (see below) +// - sign followed by blank space is tolerated +// - tolerates blanks between duration and unit (e.g. "300 ms") +// +// # Supported units +// +// Units may be specified using aliases or a plural form. +// +// - "ns", "nano", "nanosecond", "nanoseconds", "nanos" +// - "us", "µs" (U+00B5 = micro symbol), "μs" (U+03BC = Greek letter mu), "micro", "micros", "microsecond", "microseconds" +// - "ms", "milli", "millis", "millisecond", "milliseconds" +// - "s", "sec", "secs", "second", "seconds" +// - "m", "min", "mins", "minute", "minutes" +// - "h", "hr", "hrs", "hour", "hours" +// - "d", "day", "days" +// - "w", "wk", "wks", "week", "weeks" +// +// NOTE: inspired by scala duration syntax. +// +// # Examples +// +// "300ms", "-1.5h", "2h45m", +// ".5 week", +// "2 minutes 45 seconds". +// +//nolint:gocognit,gocyclo,cyclop // complexity is only slightly above the usual level, may be tolerated as it mimicks the stdlib. +func ParseDuration(s string) (time.Duration, error) { + // NOTE: this code is largely inspired by the standard library. + orig := s + var d uint64 + neg := false + + // Consume [-+]? + if s != "" { + c := s[0] + if c == '-' || c == '+' { + neg = c == '-' + s = s[1:] + } } - var dur time.Duration - ok := false - const expectGroups = 4 - for _, match := range durationMatcher.FindAllStringSubmatch(cand, -1) { - if len(match) < expectGroups { - continue + // Consume space + s = strings.TrimLeftFunc(s, unicode.IsSpace) + + // Special case: if all that is left is "0", this is zero. + if s == "0" { + return 0, nil + } + + if s == "" { + return 0, parseDurationError(orig, "empty duration") + } + + for s != "" { + var ( + v, f uint64 // integers before, after decimal point + scale float64 = 1 // value = v + f/scale + ) + s = strings.TrimLeftFunc(s, unicode.IsSpace) + + // The next character must be 0-9.] + if s[0] != '.' && ('0' > s[0] || s[0] > '9') { + return 0, parseDurationError(orig, fmt.Sprintf("expected a numerical value, but got %q", s[0])) + } + + // Consume integer part [0-9]* + pl := len(s) + var ok bool + v, s, ok = leadingInt(s) + if !ok { + return 0, parseDurationError(orig, "expected a leading integer part") } + pre := pl != len(s) // whether we consumed anything before a period - // remove possible leading - and spaces - value, negative := strings.CutPrefix(match[2], "-") + // Consume fractional part (\.[0-9]*)? + post := false + if s != "" && s[0] == '.' { + s = s[1:] + pl := len(s) + f, scale, s = leadingFraction(s) + post = pl != len(s) + } - // if the duration contains a decimal separator determine a divising factor - const neutral = 1.0 - divisor := neutral - decimal, hasDecimal := strings.CutPrefix(match[3], ".") - if hasDecimal { - divisor = math.Pow10(len(decimal)) - value += decimal // consider the value as an integer: will change units later on + if !pre && !post { + // no digits (e.g. ".s" or "-.s") + return 0, parseDurationError(orig, "expected digits") } - // if the string is a valid duration, parse it - factor, err := strconv.Atoi(strings.TrimSpace(value)) // converts string to int - if err != nil { - return 0, err + // Consume space. + s = strings.TrimLeftFunc(s, unicode.IsSpace) + + // Consume unit. + i := 0 + for ; i < len(s); i++ { + c := s[i] + if c == '.' || '0' <= c && c <= '9' || unicode.IsSpace(rune(c)) { + break + } } - if negative { - factor = -factor + if i == 0 { + return 0, parseDurationError(orig, "missing unit in duration") } - unit := strings.ToLower(strings.TrimSpace(match[4])) + u := s[:i] + s = s[i:] + unit, ok := timeMultiplier[u] + if !ok { + return 0, parseDurationError(orig, fmt.Sprintf("unknown unit %q in duration", u)) + } - for _, variants := range timeUnits { - last := len(variants) - 1 - multiplier := timeMultiplier[variants[0]] + if v > maxUint64/unit { + // overflow + return 0, parseDurationError(orig, "numerical overflow") + } - for i, variant := range variants { - if (last == i && strings.HasPrefix(unit, variant)) || strings.EqualFold(variant, unit) { - ok = true - if divisor != neutral { - multiplier = time.Duration(float64(multiplier) / divisor) // convert to duration only after having reduced the scale - } - dur += (time.Duration(factor) * multiplier) - } + v *= unit + if f > 0 { + // float64 is needed to be nanosecond accurate for fractions of hours. + // v >= 0 && (f*unit/scale) <= 3.6e+12 (ns/h, h is the largest unit) + v += uint64(float64(f) * (float64(unit) / scale)) + if v > maxUint64 { + // overflow + return 0, parseDurationError(orig, "numerical overflow") } } + + d += v + if d > maxUint64 { + return 0, parseDurationError(orig, "numerical overflow") + } } - if ok { - return dur, nil + if neg { + return -time.Duration(d), nil } - return 0, fmt.Errorf("unable to parse %s as duration: %w", cand, ErrFormat) + + if d > maxUint64-1 { + return 0, parseDurationError(orig, "numerical overflow") + } + + return time.Duration(d), nil } // Scan reads a Duration value from database driver type. @@ -204,3 +323,70 @@ func (d *Duration) DeepCopy() *Duration { d.DeepCopyInto(out) return out } + +func parseDurationError(s, msg string) error { + if msg == "" { + return fmt.Errorf("invalid duration: %s: %w", s, ErrFormat) + } + + return fmt.Errorf("invalid duration: %s: %s: %w", s, msg, ErrFormat) +} + +// leadingInt consumes the leading [0-9]* from s. +func leadingInt[bytes []byte | string](s bytes) (x uint64, rem bytes, ok bool) { //nolint:ireturn // false positive + i := 0 + for ; i < len(s); i++ { + c := s[i] + if c < '0' || c > '9' { + break + } + + if x > maxUint64/10 { // overflow + return 0, rem, false + } + + x = x*10 + uint64(c) - '0' + if x > maxUint64 { // overflow + return 0, rem, false + } + } + + return x, s[i:], true +} + +// leadingFraction consumes the leading [0-9]* from s. +// // +// It is used only for fractions, so it does not return an error on overflow, +// it just stops accumulating precision. +func leadingFraction(s string) (x uint64, scale float64, rem string) { + i := 0 + scale = 1 + overflow := false + for ; i < len(s); i++ { + c := s[i] + if c < '0' || c > '9' { + break + } + + if overflow { + continue + } + + if x > (maxUint64-1)/10 { + // It's possible for overflow to give a positive number, so take care. + overflow = true + continue + } + + y := x*10 + uint64(c) - '0' + if y > maxUint64 { + overflow = true + continue + } + + x = y + scale *= 10 + } + + return x, scale, s[i:] +} diff --git a/vendor/github.com/go-openapi/strfmt/go.work b/vendor/github.com/go-openapi/strfmt/go.work index 288e7655d4..f233e74cfd 100644 --- a/vendor/github.com/go-openapi/strfmt/go.work +++ b/vendor/github.com/go-openapi/strfmt/go.work @@ -4,4 +4,4 @@ use ( ./internal/testintegration ) -go 1.24.0 +go 1.25.0 diff --git a/vendor/github.com/go-openapi/strfmt/go.work.sum b/vendor/github.com/go-openapi/strfmt/go.work.sum deleted file mode 100644 index 33dac969b6..0000000000 --- a/vendor/github.com/go-openapi/strfmt/go.work.sum +++ /dev/null @@ -1,16 +0,0 @@ -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= -github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30 h1:BHT1/DKsYDGkUgQ2jmMaozVcdk+sVfz0+1ZJq4zkWgw= -github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= -github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE= -golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= -golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU= -golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= -golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= -golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= -golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/vendor/github.com/go-openapi/swag/.gitignore b/vendor/github.com/go-openapi/swag/.gitignore index a0a95a96b3..1680db44c0 100644 --- a/vendor/github.com/go-openapi/swag/.gitignore +++ b/vendor/github.com/go-openapi/swag/.gitignore @@ -4,4 +4,3 @@ Godeps .idea *.out .mcp.json -.claude/ diff --git a/vendor/github.com/go-openapi/swag/CONTRIBUTORS.md b/vendor/github.com/go-openapi/swag/CONTRIBUTORS.md index bc76fe820c..ef1a735293 100644 --- a/vendor/github.com/go-openapi/swag/CONTRIBUTORS.md +++ b/vendor/github.com/go-openapi/swag/CONTRIBUTORS.md @@ -4,11 +4,11 @@ | Total Contributors | Total Contributions | | --- | --- | -| 24 | 235 | +| 24 | 246 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | -| @fredbi | 105 | | +| @fredbi | 116 | | | @casualjim | 98 | | | @alexandear | 4 | | | @orisano | 3 | | @@ -33,4 +33,4 @@ | @davidalpert | 1 | | | @Xe | 1 | | - _this file was generated by the [Contributors GitHub Action](https://github.com/github/contributors)_ + _this file was generated by the [Contributors GitHub Action](https://github.com/github-community-projects/contributors)_ diff --git a/vendor/github.com/go-openapi/swag/README.md b/vendor/github.com/go-openapi/swag/README.md index 834eb2ffb9..ddbd8735ce 100644 --- a/vendor/github.com/go-openapi/swag/README.md +++ b/vendor/github.com/go-openapi/swag/README.md @@ -34,12 +34,9 @@ You may also use it standalone for your projects. * **2025-12-19** : new community chat on discord * a new discord community channel is available to be notified of changes and support users - * our venerable Slack channel remains open, and will be eventually discontinued on **2026-03-31** You may join the discord community by clicking the invite link on the discord badge (also above). [![Discord Channel][discord-badge]][discord-url] -Or join our Slack channel: [![Slack Channel][slack-logo]![slack-badge]][slack-url] - ## Status API is stable. @@ -171,9 +168,9 @@ on top of which it has been built. ## Other documentation * [All-time contributors](./CONTRIBUTORS.md) -* [Contributing guidelines](.github/CONTRIBUTING.md) -* [Maintainers documentation](docs/MAINTAINERS.md) -* [Code style](docs/STYLE.md) +* [Contributing guidelines][contributing-doc-site] +* [Maintainers documentation][maintainers-doc-site] +* [Code style][style-doc-site] ## Cutting a new release @@ -208,11 +205,8 @@ Maintainers can cut a new release by either: [doc-url]: https://goswagger.io/go-openapi [godoc-badge]: https://pkg.go.dev/badge/github.com/go-openapi/swag [godoc-url]: http://pkg.go.dev/github.com/go-openapi/swag -[slack-logo]: https://a.slack-edge.com/e6a93c1/img/icons/favicon-32.png -[slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM -[slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue -[discord-url]: https://discord.gg/twZ9BwT3 +[discord-url]: https://discord.gg/FfnFYaC3k5 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg @@ -222,3 +216,7 @@ Maintainers can cut a new release by either: [goversion-url]: https://github.com/go-openapi/swag/blob/master/go.mod [top-badge]: https://img.shields.io/github/languages/top/go-openapi/swag [commits-badge]: https://img.shields.io/github/commits-since/go-openapi/swag/latest + +[contributing-doc-site]: https://go-openapi.github.io/doc-site/contributing/contributing/index.html +[maintainers-doc-site]: https://go-openapi.github.io/doc-site/maintainers/index.html +[style-doc-site]: https://go-openapi.github.io/doc-site/contributing/style/index.html diff --git a/vendor/github.com/go-openapi/swag/SECURITY.md b/vendor/github.com/go-openapi/swag/SECURITY.md index 72296a8313..1fea2c5736 100644 --- a/vendor/github.com/go-openapi/swag/SECURITY.md +++ b/vendor/github.com/go-openapi/swag/SECURITY.md @@ -6,14 +6,32 @@ This policy outlines the commitment and practices of the go-openapi maintainers | Version | Supported | | ------- | ------------------ | -| 0.25.x | :white_check_mark: | +| O.x | :white_check_mark: | + +## Vulnerability checks in place + +This repository uses automated vulnerability scans, at every merged commit and at least once a week. + +We use: + +* [`GitHub CodeQL`][codeql-url] +* [`trivy`][trivy-url] +* [`govulncheck`][govulncheck-url] + +Reports are centralized in github security reports and visible only to the maintainers. ## Reporting a vulnerability If you become aware of a security vulnerability that affects the current repository, -please report it privately to the maintainers. +**please report it privately to the maintainers** +rather than opening a publicly visible GitHub issue. + +Please follow the instructions provided by github to [Privately report a security vulnerability][github-guidance-url]. -Please follow the instructions provided by github to -[Privately report a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability). +> [!NOTE] +> On Github, navigate to the project's "Security" tab then click on "Report a vulnerability". -TL;DR: on Github, navigate to the project's "Security" tab then click on "Report a vulnerability". +[codeql-url]: https://github.com/github/codeql +[trivy-url]: https://trivy.dev/docs/latest/getting-started +[govulncheck-url]: https://go.dev/blog/govulncheck +[github-guidance-url]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability diff --git a/vendor/github.com/go-openapi/swag/go.work b/vendor/github.com/go-openapi/swag/go.work index 1e537f0749..8537cb2a76 100644 --- a/vendor/github.com/go-openapi/swag/go.work +++ b/vendor/github.com/go-openapi/swag/go.work @@ -17,4 +17,4 @@ use ( ./yamlutils ) -go 1.24.0 +go 1.25.0 diff --git a/vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go b/vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go new file mode 100644 index 0000000000..adc4426873 --- /dev/null +++ b/vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go @@ -0,0 +1,286 @@ +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + +package jsonname + +import ( + "reflect" + "strings" + "sync" +) + +var _ providerIface = (*GoNameProvider)(nil) + +// GoNameProvider resolves json property names to go struct field names following +// the same rules as the standard library's [encoding/json] package. +// +// Contrary to [NameProvider], it considers exported fields without a json tag, +// and promotes fields from anonymous embedded struct types. +// +// Rules (aligned with encoding/json): +// +// - unexported fields are ignored; +// - a field tagged `json:"-"` is ignored; +// - a field tagged `json:"-,"` is kept under the json name "-" (stdlib quirk); +// - a field tagged `json:""` or with no json tag at all keeps its Go name as json name; +// - anonymous struct fields without an explicit json tag have their fields +// promoted into the parent, following breadth-first depth rules: +// a shallower field wins over a deeper one; at equal depth, a conflict +// discards all conflicting fields unless exactly one has an explicit json tag. +// +// This type is safe for concurrent use. +type GoNameProvider struct { + lock sync.Mutex + index map[reflect.Type]nameIndex +} + +// NewGoNameProvider creates a new [GoNameProvider]. +func NewGoNameProvider() *GoNameProvider { + return &GoNameProvider{ + index: make(map[reflect.Type]nameIndex), + } +} + +// GetJSONNames gets all the json property names for a type. +func (n *GoNameProvider) GetJSONNames(subject any) []string { + n.lock.Lock() + defer n.lock.Unlock() + + tpe := reflect.Indirect(reflect.ValueOf(subject)).Type() + names := n.nameIndexFor(tpe) + + res := make([]string, 0, len(names.jsonNames)) + for k := range names.jsonNames { + res = append(res, k) + } + + return res +} + +// GetJSONName gets the json name for a go property name. +func (n *GoNameProvider) GetJSONName(subject any, name string) (string, bool) { + tpe := reflect.Indirect(reflect.ValueOf(subject)).Type() + + return n.GetJSONNameForType(tpe, name) +} + +// GetJSONNameForType gets the json name for a go property name on a given type. +func (n *GoNameProvider) GetJSONNameForType(tpe reflect.Type, name string) (string, bool) { + n.lock.Lock() + defer n.lock.Unlock() + + names := n.nameIndexFor(tpe) + nme, ok := names.goNames[name] + + return nme, ok +} + +// GetGoName gets the go name for a json property name. +func (n *GoNameProvider) GetGoName(subject any, name string) (string, bool) { + tpe := reflect.Indirect(reflect.ValueOf(subject)).Type() + + return n.GetGoNameForType(tpe, name) +} + +// GetGoNameForType gets the go name for a given type for a json property name. +func (n *GoNameProvider) GetGoNameForType(tpe reflect.Type, name string) (string, bool) { + n.lock.Lock() + defer n.lock.Unlock() + + names := n.nameIndexFor(tpe) + nme, ok := names.jsonNames[name] + + return nme, ok +} + +func (n *GoNameProvider) nameIndexFor(tpe reflect.Type) nameIndex { + if names, ok := n.index[tpe]; ok { + return names + } + + names := buildGoNameIndex(tpe) + n.index[tpe] = names + + return names +} + +// fieldEntry captures a candidate field discovered while walking a struct +// along with the indirection path from the root type (used to resolve conflicts +// by depth in the same way encoding/json does). +type fieldEntry struct { + goName string + jsonName string + index []int + tagged bool +} + +func buildGoNameIndex(tpe reflect.Type) nameIndex { + fields := collectGoFields(tpe) + + idx := make(map[string]string, len(fields)) + reverseIdx := make(map[string]string, len(fields)) + for _, f := range fields { + idx[f.jsonName] = f.goName + reverseIdx[f.goName] = f.jsonName + } + + return nameIndex{jsonNames: idx, goNames: reverseIdx} +} + +// collectGoFields walks tpe breadth-first along anonymous struct fields, +// reproducing the field selection performed by encoding/json.typeFields. +func collectGoFields(tpe reflect.Type) []fieldEntry { + if tpe.Kind() != reflect.Struct { + return nil + } + + type queued struct { + typ reflect.Type + index []int + } + + current := []queued{} + next := []queued{{typ: tpe}} + visited := map[reflect.Type]bool{tpe: true} + + var ( + candidates []fieldEntry + count = map[string]int{} + nextCount = map[string]int{} + ) + + for len(next) > 0 { + current, next = next, current[:0] + count, nextCount = nextCount, count + for k := range nextCount { + delete(nextCount, k) + } + + for _, q := range current { + for i := 0; i < q.typ.NumField(); i++ { + sf := q.typ.Field(i) + + if sf.Anonymous { + ft := sf.Type + if ft.Kind() == reflect.Ptr { + ft = ft.Elem() + } + if !sf.IsExported() && ft.Kind() != reflect.Struct { + continue + } + } else if !sf.IsExported() { + continue + } + + tag := sf.Tag.Get("json") + if tag == "-" { + continue + } + jsonName, _ := parseJSONTag(tag) + tagged := jsonName != "" + + ft := sf.Type + if ft.Kind() == reflect.Ptr { + ft = ft.Elem() + } + + if sf.Anonymous && ft.Kind() == reflect.Struct && !tagged { + if visited[ft] { + continue + } + visited[ft] = true + + index := make([]int, len(q.index)+1) + copy(index, q.index) + index[len(q.index)] = i + next = append(next, queued{typ: ft, index: index}) + + continue + } + + name := jsonName + if name == "" { + name = sf.Name + } + + index := make([]int, len(q.index)+1) + copy(index, q.index) + index[len(q.index)] = i + + candidates = append(candidates, fieldEntry{ + goName: sf.Name, + jsonName: name, + index: index, + tagged: tagged, + }) + nextCount[name]++ + } + } + } + + return dominantFields(candidates) +} + +// dominantFields applies the Go encoding/json conflict resolution rules: +// at each JSON name, the shallowest field wins; at equal depth, a uniquely +// tagged candidate wins; otherwise all candidates for that name are dropped. +func dominantFields(candidates []fieldEntry) []fieldEntry { + byName := make(map[string][]fieldEntry, len(candidates)) + for _, c := range candidates { + byName[c.jsonName] = append(byName[c.jsonName], c) + } + + out := make([]fieldEntry, 0, len(byName)) + for _, group := range byName { + if len(group) == 1 { + out = append(out, group[0]) + + continue + } + + minDepth := len(group[0].index) + for _, c := range group[1:] { + if len(c.index) < minDepth { + minDepth = len(c.index) + } + } + + var shallow []fieldEntry + for _, c := range group { + if len(c.index) == minDepth { + shallow = append(shallow, c) + } + } + + if len(shallow) == 1 { + out = append(out, shallow[0]) + + continue + } + + var tagged []fieldEntry + for _, c := range shallow { + if c.tagged { + tagged = append(tagged, c) + } + } + if len(tagged) == 1 { + out = append(out, tagged[0]) + } + } + + return out +} + +// parseJSONTag returns the name component of a json struct tag and whether +// it carried any non-name option (kept for future-proofing, e.g. "omitempty"). +func parseJSONTag(tag string) (string, string) { + if tag == "" { + return "", "" + } + if idx := strings.IndexByte(tag, ','); idx >= 0 { + return tag[:idx], tag[idx+1:] + } + + return tag, "" +} diff --git a/vendor/github.com/go-openapi/swag/jsonname/ifaces.go b/vendor/github.com/go-openapi/swag/jsonname/ifaces.go new file mode 100644 index 0000000000..812ace5639 --- /dev/null +++ b/vendor/github.com/go-openapi/swag/jsonname/ifaces.go @@ -0,0 +1,14 @@ +// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers +// SPDX-License-Identifier: Apache-2.0 + +package jsonname + +import "reflect" + +// providerIface is an unexported compile-time contract that every name provider +// in this package is expected to satisfy. +// It mirrors the interface declared by the main consumer of this module: [github.com/go-openapi/jsonpointer.NameProvider]. +type providerIface interface { + GetGoName(subject any, name string) (string, bool) + GetGoNameForType(tpe reflect.Type, name string) (string, bool) +} diff --git a/vendor/github.com/go-openapi/swag/jsonname/name_provider.go b/vendor/github.com/go-openapi/swag/jsonname/name_provider.go index 8eaf1bece8..9f5da7a016 100644 --- a/vendor/github.com/go-openapi/swag/jsonname/name_provider.go +++ b/vendor/github.com/go-openapi/swag/jsonname/name_provider.go @@ -12,6 +12,8 @@ import ( // DefaultJSONNameProvider is the default cache for types. var DefaultJSONNameProvider = NewNameProvider() +var _ providerIface = (*NameProvider)(nil) + // NameProvider represents an object capable of translating from go property names // to json property names. // diff --git a/vendor/github.com/go-openapi/swag/loading/doc.go b/vendor/github.com/go-openapi/swag/loading/doc.go index 8cf7bcb8b9..112c49968b 100644 --- a/vendor/github.com/go-openapi/swag/loading/doc.go +++ b/vendor/github.com/go-openapi/swag/loading/doc.go @@ -2,4 +2,28 @@ // SPDX-License-Identifier: Apache-2.0 // Package loading provides tools to load a file from http or from a local file system. +// +// # Security +// +// By default, the local loader reads any path the process can access, including absolute +// paths and "file://" URIs (for example "file:///etc/passwd"). Applications that pass +// untrusted input to [LoadFromFileOrHTTP], [JSONDoc] (or to downstream consumers such as +// go-openapi/loads) must confine local loading to a trusted directory. +// +// Use [WithRoot] to do so: it resolves every requested path relative to a chosen directory +// and rejects anything that escapes it, including via symlink. It is built on [os.Root] +// and is therefore safer than passing an [os.DirFS] to [WithFS], which does not block +// symlink escapes. +// +// Remote loading uses a standard [net/http] client. +// By default it follows redirects and performs no destination filtering — exactly like [net/http.DefaultClient]. +// +// A caller-controlled URL may therefore reach internal services or cloud metadata endpoints +// (server-side request forgery). +// +// This package does not, and should not, embed a network policy: +// when the URL may derive from untrusted input, supply a restricted client with +// [WithHTTPClient] whose transport rejects unwanted destinations at dial time — which also +// covers redirects and DNS rebinding. +// See the example on [LoadFromFileOrHTTP]. package loading diff --git a/vendor/github.com/go-openapi/swag/loading/loading.go b/vendor/github.com/go-openapi/swag/loading/loading.go index 269fb74d16..0b38ac1e38 100644 --- a/vendor/github.com/go-openapi/swag/loading/loading.go +++ b/vendor/github.com/go-openapi/swag/loading/loading.go @@ -17,7 +17,11 @@ import ( "strings" ) -// LoadFromFileOrHTTP loads the bytes from a file or a remote http server based on the path passed in +// LoadFromFileOrHTTP loads the bytes from a file or a remote http server based on the path passed in. +// +// Security: by default a local path is read with no confinement, so a caller-controlled path +// (including a "file://" URI or an absolute path) may read any file the process can access. +// When the path may derive from untrusted input, confine local loading with [WithRoot]. func LoadFromFileOrHTTP(pth string, opts ...Option) ([]byte, error) { o := optionsWithDefaults(opts) return LoadStrategy(pth, o.ReadFileFunc(), loadHTTPBytes(opts...), opts...)(pth) @@ -54,11 +58,14 @@ func LoadFromFileOrHTTP(pth string, opts ...Option) ([]byte, error) { // - `file:///c:/folder/file` becomes `C:\folder\file` // - `file://c:/folder/file` is tolerated (without leading `/`) and becomes `c:\folder\file` func LoadStrategy(pth string, local, remote func(string) ([]byte, error), opts ...Option) func(string) ([]byte, error) { - if strings.HasPrefix(pth, "http") { + if hasHTTPScheme(pth) { return remote } o := optionsWithDefaults(opts) _, isEmbedFS := o.fs.(embed.FS) + // any loader backed by an fs.FS or an os.Root consumes forward-slash paths on every + // platform, so it must not go through the windows-native file:// preprocessing below. + isFSBacked := o.fs != nil || o.root != "" return func(p string) ([]byte, error) { upth, err := url.PathUnescape(p) @@ -67,14 +74,20 @@ func LoadStrategy(pth string, local, remote func(string) ([]byte, error), opts . } cpth, hasPrefix := strings.CutPrefix(upth, "file://") - if !hasPrefix || isEmbedFS || runtime.GOOS != "windows" { + if !hasPrefix || isFSBacked || runtime.GOOS != "windows" { // crude processing: trim the file:// prefix. This leaves full URIs with a host with a (mostly) unexpected result // regular file path provided: just normalize slashes if isEmbedFS { - // on windows, we need to slash the path if FS is an embed FS. + // embed.FS always uses "/" as separator, even on windows, and rejects leading "./" or "/". return local(strings.TrimLeft(filepath.ToSlash(cpth), "./")) // remove invalid leading characters for embed FS } + if isFSBacked { + // other fs.FS (e.g. os.DirFS) and os.Root loaders also use "/" on every platform. + // Escaping paths (absolute, "..", escaping symlinks) are rejected by the loader, not rewritten here. + return local(filepath.ToSlash(cpth)) + } + return local(filepath.FromSlash(cpth)) } @@ -113,6 +126,21 @@ func LoadStrategy(pth string, local, remote func(string) ([]byte, error), opts . } } +// hasHTTPScheme reports whether pth is an absolute URL with an http or https scheme, +// selecting the remote loader. The comparison is case-insensitive, as URL schemes are. +// +// Requiring the "://" separator (rather than a bare "http" prefix) avoids misrouting a +// local file whose name merely starts with "http" (e.g. "httpbin.json") to the remote loader. +func hasHTTPScheme(pth string) bool { + for _, scheme := range [...]string{"http://", "https://"} { + if len(pth) >= len(scheme) && strings.EqualFold(pth[:len(scheme)], scheme) { + return true + } + } + + return false +} + func loadHTTPBytes(opts ...Option) func(path string) ([]byte, error) { o := optionsWithDefaults(opts) diff --git a/vendor/github.com/go-openapi/swag/loading/options.go b/vendor/github.com/go-openapi/swag/loading/options.go index 6674ac69e6..2c12823172 100644 --- a/vendor/github.com/go-openapi/swag/loading/options.go +++ b/vendor/github.com/go-openapi/swag/loading/options.go @@ -4,6 +4,7 @@ package loading import ( + "errors" "io/fs" "net/http" "os" @@ -23,7 +24,8 @@ type ( } fileOptions struct { - fs fs.ReadFileFS + fs fs.ReadFileFS + root string // when non-empty, local reads are confined to this directory via os.Root } options struct { @@ -33,6 +35,20 @@ type ( ) func (fo fileOptions) ReadFileFunc() func(string) ([]byte, error) { + if fo.root != "" { + root := fo.root + + return func(name string) ([]byte, error) { + r, err := os.OpenRoot(root) + if err != nil { + return nil, errors.Join(err, ErrLoader) + } + defer func() { _ = r.Close() }() + + return r.ReadFile(name) + } + } + if fo.fs == nil { return os.ReadFile } @@ -87,8 +103,15 @@ func WithHTTPClient(client *http.Client) Option { // By default, the file system is the one provided by the os package. // // For example, this may be set to consume from an embedded file system, or a rooted FS. +// +// WithFS and [WithRoot] are mutually exclusive: the last one applied wins. +// +// Security note: a file system built from [os.DirFS] confines paths but does NOT protect +// against symlinks that escape the root. To load from a directory derived from untrusted +// input, prefer [WithRoot], which is symlink-escape resistant. func WithFS(filesystem fs.FS) Option { return func(o *options) { + o.root = "" // last-wins vs WithRoot if rfs, ok := filesystem.(fs.ReadFileFS); ok { o.fs = rfs @@ -98,6 +121,28 @@ func WithFS(filesystem fs.FS) Option { } } +// WithRoot confines local file loading to dir. +// +// Every requested path is resolved relative to dir, and any path that would escape dir — +// whether through an absolute path, ".." traversal, or a symlink pointing outside dir — is +// rejected. This is built on [os.Root] and is therefore resistant to the symlink escapes +// that a plain [os.DirFS] does not prevent. +// +// WithRoot is the recommended option when loading specs from a location derived from +// untrusted input. It applies to local loading only and has no effect on remote +// (http/https) loading. WithRoot and [WithFS] are mutually exclusive: the last one applied +// wins. +// +// Note: [os.Root] confines path resolution but does not, by itself, protect against +// traversal of mount/bind boundaries, /proc special files, or device files. Point WithRoot +// at a directory that holds only the documents you intend to expose. +func WithRoot(dir string) Option { + return func(o *options) { + o.root = dir + o.fs = nil // last-wins vs WithFS + } +} + type readFileFS struct { fs.FS } diff --git a/vendor/github.com/go-openapi/validate/CONTRIBUTORS.md b/vendor/github.com/go-openapi/validate/CONTRIBUTORS.md index 7b79b765dc..46da8797de 100644 --- a/vendor/github.com/go-openapi/validate/CONTRIBUTORS.md +++ b/vendor/github.com/go-openapi/validate/CONTRIBUTORS.md @@ -4,12 +4,12 @@ | Total Contributors | Total Contributions | | --- | --- | -| 31 | 295 | +| 31 | 302 | | Username | All Time Contribution Count | All Commits | | --- | --- | --- | | @casualjim | 169 | | -| @fredbi | 58 | | +| @fredbi | 65 | | | @sttts | 11 | | | @youyuanwu | 9 | | | @keramix | 8 | | @@ -40,4 +40,4 @@ | @dadgar | 1 | | | @elakito | 1 | | - _this file was generated by the [Contributors GitHub Action](https://github.com/github/contributors)_ + _this file was generated by the [Contributors GitHub Action](https://github.com/github-community-projects/contributors)_ diff --git a/vendor/github.com/go-openapi/validate/README.md b/vendor/github.com/go-openapi/validate/README.md index fec42b7c6e..17bd03b606 100644 --- a/vendor/github.com/go-openapi/validate/README.md +++ b/vendor/github.com/go-openapi/validate/README.md @@ -112,7 +112,7 @@ Maintainers can cut a new release by either: [slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM [slack-url]: https://goswagger.slack.com/archives/C04R30YMU [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue -[discord-url]: https://discord.gg/twZ9BwT3 +[discord-url]: https://discord.gg/FfnFYaC3k5 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg diff --git a/vendor/github.com/google/go-containerregistry/internal/estargz/estargz.go b/vendor/github.com/google/go-containerregistry/internal/estargz/estargz.go deleted file mode 100644 index 69021bcee2..0000000000 --- a/vendor/github.com/google/go-containerregistry/internal/estargz/estargz.go +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright 2020 Google LLC All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Package estargz adapts the containerd estargz package to our abstractions. -package estargz - -import ( - "bytes" - "io" - - "github.com/containerd/stargz-snapshotter/estargz" - v1 "github.com/google/go-containerregistry/pkg/v1" -) - -// Assert that what we're returning is an io.ReadCloser -var _ io.ReadCloser = (*estargz.Blob)(nil) - -// ReadCloser reads uncompressed tarball input from the io.ReadCloser and -// returns: -// - An io.ReadCloser from which compressed data may be read, and -// - A v1.Hash with the hash of the estargz table of contents, or -// - An error if the estargz processing encountered a problem. -// -// Refer to estargz for the options: -// https://pkg.go.dev/github.com/containerd/stargz-snapshotter/estargz@v0.4.1#Option -func ReadCloser(r io.ReadCloser, opts ...estargz.Option) (*estargz.Blob, v1.Hash, error) { - defer r.Close() - - // TODO(#876): Avoid buffering into memory. - bs, err := io.ReadAll(r) - if err != nil { - return nil, v1.Hash{}, err - } - br := bytes.NewReader(bs) - - rc, err := estargz.Build(io.NewSectionReader(br, 0, int64(len(bs))), opts...) - if err != nil { - return nil, v1.Hash{}, err - } - - h, err := v1.NewHash(rc.TOCDigest().String()) - return rc, h, err -} diff --git a/vendor/github.com/google/go-containerregistry/internal/gzip/zip.go b/vendor/github.com/google/go-containerregistry/internal/gzip/zip.go index 018c0f8c0f..98100c0246 100644 --- a/vendor/github.com/google/go-containerregistry/internal/gzip/zip.go +++ b/vendor/github.com/google/go-containerregistry/internal/gzip/zip.go @@ -51,33 +51,31 @@ func ReadCloserLevel(r io.ReadCloser, level int) io.ReadCloser { // Returns err so we can pw.CloseWithError(err) go func() error { - // TODO(go1.14): Just defer {pw,gw,r}.Close like you'd expect. - // Context: https://golang.org/issue/24283 + // Always close the source reader when the goroutine exits, + // regardless of which error path is taken. This prevents + // resource leaks (e.g. pullLimiter token slots held by + // limitedReadCloser wrappers around r). + defer r.Close() + gw, err := gzip.NewWriterLevel(bw, level) if err != nil { return pw.CloseWithError(err) } + defer gw.Close() + defer pw.Close() if _, err := io.Copy(gw, r); err != nil { - defer r.Close() - defer gw.Close() return pw.CloseWithError(err) } - // Close gzip writer to Flush it and write gzip trailers. if err := gw.Close(); err != nil { return pw.CloseWithError(err) } - // Flush bufio writer to ensure we write out everything. if err := bw.Flush(); err != nil { return pw.CloseWithError(err) } - // We don't really care if these fail. - defer pw.Close() - defer r.Close() - return nil }() diff --git a/vendor/github.com/google/go-containerregistry/internal/limit/limit.go b/vendor/github.com/google/go-containerregistry/internal/limit/limit.go new file mode 100644 index 0000000000..29d2b08ace --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/internal/limit/limit.go @@ -0,0 +1,36 @@ +// Copyright 2026 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package limit provides bounded reads from io.Readers. +package limit + +import ( + "fmt" + "io" +) + +// ReadAll reads from r until EOF and returns the data. If r produces more +// than max bytes, it returns an error instead of a silently truncated +// slice. Use this in preference to io.ReadAll(io.LimitReader(r, max)) +// when callers must distinguish a complete read from a truncated one. +func ReadAll(r io.Reader, max int64) ([]byte, error) { + b, err := io.ReadAll(io.LimitReader(r, max+1)) + if err != nil { + return nil, err + } + if int64(len(b)) > max { + return nil, fmt.Errorf("body exceeds %d byte limit", max) + } + return b, nil +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go b/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go index 6f08460ba7..ade2c63c90 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go +++ b/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go @@ -25,7 +25,6 @@ import ( "github.com/docker/cli/cli/config/configfile" "github.com/docker/cli/cli/config/types" "github.com/google/go-containerregistry/pkg/name" - "github.com/mitchellh/go-homedir" ) // Resource represents a registry or repository that can be authenticated against. @@ -95,7 +94,7 @@ func (dk *defaultKeychain) ResolveContext(_ context.Context, target Resource) (A // First, check $HOME/.docker/config.json foundDockerConfig := false - home, err := homedir.Dir() + home, err := os.UserHomeDir() if err == nil { foundDockerConfig = fileExists(filepath.Join(home, ".docker/config.json")) } diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/registry.go b/vendor/github.com/google/go-containerregistry/pkg/name/registry.go index 5e6b6e62a0..478021486c 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/name/registry.go +++ b/vendor/github.com/google/go-containerregistry/pkg/name/registry.go @@ -24,14 +24,14 @@ import ( "strings" ) -// Detect more complex forms of local references. -var reLocal = regexp.MustCompile(`.*\.local(?:host)?(?::\d{1,5})?$`) +// Detect more complex forms of localhost references. +var reLocal = regexp.MustCompile(`.*\.localhost(?::\d{1,5})?$`) // Detect the loopback IP (127.0.0.1) -var reLoopback = regexp.MustCompile(regexp.QuoteMeta("127.0.0.1")) +var reLoopback = regexp.MustCompile(`^127\.0\.0\.1(?::\d{1,5})?$`) // Detect the loopback IPV6 (::1) -var reipv6Loopback = regexp.MustCompile(regexp.QuoteMeta("::1")) +var reipv6Loopback = regexp.MustCompile(`^(::1|\[::1\](?::\d{1,5})?)$`) // Registry stores a docker registry name in a structured form. type Registry struct { diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/repository.go b/vendor/github.com/google/go-containerregistry/pkg/name/repository.go index 290797575e..efde6e869d 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/name/repository.go +++ b/vendor/github.com/google/go-containerregistry/pkg/name/repository.go @@ -85,11 +85,12 @@ func NewRepository(name string, opts ...Option) (Repository, error) { var registry string repo := name parts := strings.SplitN(name, regRepoDelimiter, 2) - if len(parts) == 2 && (strings.ContainsRune(parts[0], '.') || strings.ContainsRune(parts[0], ':')) { + maybeRegistry := parts[0] + if len(parts) == 2 && (maybeRegistry == "localhost" || strings.ContainsAny(maybeRegistry, ".:")) { // The first part of the repository is treated as the registry domain - // iff it contains a '.' or ':' character, otherwise it is all repository - // and the domain defaults to Docker Hub. - registry = parts[0] + // if it is localhost or contains a '.' or ':' character, otherwise it + // is all repository and the domain defaults to Docker Hub. + registry = maybeRegistry repo = parts[1] } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/google/auth.go b/vendor/github.com/google/go-containerregistry/pkg/v1/google/auth.go index 4e64eda43c..74174b7fd5 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/google/auth.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/google/auth.go @@ -30,8 +30,11 @@ import ( const cloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" -// GetGcloudCmd is exposed so we can test this. -var GetGcloudCmd = func(ctx context.Context) *exec.Cmd { +// gcloudBin is replaced in tests to mock detecting the gcloud binary. +var gcloudBin = "gcloud" + +// getGcloudCmd is replaced in tests to drive the gcloud mock. +var getGcloudCmd = func(ctx context.Context) *exec.Cmd { // This is odd, but basically what docker-credential-gcr does. // // config-helper is undocumented, but it's purportedly the only supported way @@ -39,7 +42,7 @@ var GetGcloudCmd = func(ctx context.Context) *exec.Cmd { // // --force-auth-refresh means we are getting a token that is valid for about // an hour (we reuse it until it's expired). - return exec.CommandContext(ctx, "gcloud", "config", "config-helper", "--force-auth-refresh", "--format=json(credential)") + return exec.CommandContext(ctx, gcloudBin, "config", "config-helper", "--force-auth-refresh", "--format=json(credential)") } // NewEnvAuthenticator returns an authn.Authenticator that generates access @@ -63,13 +66,13 @@ func NewEnvAuthenticator(ctx context.Context) (authn.Authenticator, error) { // NewGcloudAuthenticator returns an oauth2.TokenSource that generates access // tokens by shelling out to the gcloud sdk. func NewGcloudAuthenticator(ctx context.Context) (authn.Authenticator, error) { - if _, err := exec.LookPath("gcloud"); err != nil { + if _, err := exec.LookPath(gcloudBin); err != nil { // gcloud is not available, fall back to anonymous logs.Warn.Println("gcloud binary not found") return authn.Anonymous, nil } - ts := gcloudSource{ctx, GetGcloudCmd} + ts := gcloudSource{ctx, getGcloudCmd} // Attempt to fetch a token to ensure gcloud is installed and we can run it. token, err := ts.Token() diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/google/list.go b/vendor/github.com/google/go-containerregistry/pkg/v1/google/list.go index cfb7143472..2b86b004e1 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/google/list.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/google/list.go @@ -17,6 +17,7 @@ package google import ( "context" "encoding/json" + "errors" "fmt" "net/http" "net/url" @@ -143,7 +144,7 @@ func (l *lister) list(repo name.Repository) (*Tags, error) { // This isn't GCR, just append the tags and keep paginating. tags.Tags = append(tags.Tags, parsed.Tags...) - uri, err = getNextPageURL(resp) + uri, err = getNextPageURL(resp, repo) if err != nil { return nil, err } @@ -159,8 +160,11 @@ func (l *lister) list(repo name.Repository) (*Tags, error) { // getNextPageURL checks if there is a Link header in a http.Response which // contains a link to the next page. If yes it returns the url.URL of the next -// page otherwise it returns nil. -func getNextPageURL(resp *http.Response) (*url.URL, error) { +// page otherwise it returns nil. It validates that the resolved URL points +// to the same registry to prevent SSRF attacks where a malicious registry +// could redirect pagination requests to internal services like cloud metadata +// endpoints. +func getNextPageURL(resp *http.Response, repo name.Repository) (*url.URL, error) { link := resp.Header.Get("Link") if link == "" { return nil, nil @@ -175,6 +179,9 @@ func getNextPageURL(resp *http.Response) (*url.URL, error) { return nil, fmt.Errorf("failed to parse link header: missing '>' in: %s", link) } link = link[1:end] + if link == "" { + return nil, nil + } linkURL, err := url.Parse(link) if err != nil { @@ -184,9 +191,33 @@ func getNextPageURL(resp *http.Response) (*url.URL, error) { return nil, nil } linkURL = resp.Request.URL.ResolveReference(linkURL) + + // Validate that the pagination URL points to the same registry to prevent SSRF. + if err := validatePaginationURL(linkURL, repo); err != nil { + return nil, err + } + return linkURL, nil } +// validatePaginationURL checks that a pagination URL is safe to follow. +// It ensures the URL points to the same registry host to prevent SSRF attacks +// where a malicious registry could include a Link header pointing to internal +// services (e.g., cloud metadata endpoints at 169.254.169.254). +func validatePaginationURL(u *url.URL, repo name.Repository) error { + // Must use same scheme as the registry + if u.Scheme != repo.Scheme() { + return fmt.Errorf("pagination URL scheme %q does not match registry scheme %q", u.Scheme, repo.Scheme()) + } + + // Must point to the same registry host + if u.Host != repo.RegistryStr() { + return errors.New("pagination URL host does not match registry host: potential SSRF attack") + } + + return nil +} + type rawManifestInfo struct { Size string `json:"imageSizeBytes"` MediaType string `json:"mediaType"` diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go index 2e5f4358dd..48d5022392 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go @@ -15,6 +15,7 @@ package layout import ( + "fmt" "io" "os" @@ -23,15 +24,56 @@ import ( // Blob returns a blob with the given hash from the Path. func (l Path) Blob(h v1.Hash) (io.ReadCloser, error) { - return os.Open(l.blobPath(h)) + return l.openBlob(h) } // Bytes is a convenience function to return a blob from the Path as // a byte slice. func (l Path) Bytes(h v1.Hash) ([]byte, error) { - return os.ReadFile(l.blobPath(h)) + f, err := l.openBlob(h) + if err != nil { + return nil, err + } + defer f.Close() + return io.ReadAll(f) } func (l Path) blobPath(h v1.Hash) string { return l.path("blobs", h.Algorithm, h.Hex) } + +func (l Path) openBlob(h v1.Hash) (*os.File, error) { + p := l.blobPath(h) + info, err := os.Lstat(p) + if err != nil { + return nil, err + } + if info.Mode()&os.ModeSymlink != 0 { + return nil, fmt.Errorf("layout blob %s is a symlink", h) + } + if !info.Mode().IsRegular() { + return nil, fmt.Errorf("layout blob %s is not a regular file", h) + } + f, err := os.Open(p) + if err != nil { + return nil, err + } + closeFile := true + defer func() { + if closeFile { + f.Close() + } + }() + stat, err := f.Stat() + if err != nil { + return nil, err + } + if !stat.Mode().IsRegular() { + return nil, fmt.Errorf("layout blob %s is not a regular file", h) + } + if !os.SameFile(info, stat) { + return nil, fmt.Errorf("layout blob %s changed while opening", h) + } + closeFile = false + return f, nil +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go b/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go index 22d483f3bd..783eecc695 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go @@ -29,6 +29,7 @@ type Manifest struct { Layers []Descriptor `json:"layers"` Annotations map[string]string `json:"annotations,omitempty"` Subject *Descriptor `json:"subject,omitempty"` + ArtifactType string `json:"artifactType,omitempty"` } // IndexManifest represents an OCI image index in a structured way. @@ -38,6 +39,7 @@ type IndexManifest struct { Manifests []Descriptor `json:"manifests"` Annotations map[string]string `json:"annotations,omitempty"` Subject *Descriptor `json:"subject,omitempty"` + ArtifactType string `json:"artifactType,omitempty"` } // Descriptor holds a reference from the manifest to one of its constituent elements. diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go index 3ea27fe47f..0c58e0c1bc 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go @@ -52,6 +52,16 @@ func (i *image) MediaType() (types.MediaType, error) { return i.base.MediaType() } +// isImageConfig reports whether the media type is a Docker or OCI image config. +func isImageConfig(mt types.MediaType) bool { + switch mt { + case types.DockerConfigJSON, types.OCIConfigJSON: + return true + default: + return false + } +} + func (i *image) compute() error { i.Lock() defer i.Unlock() @@ -60,6 +70,24 @@ func (i *image) compute() error { if i.computed { return nil } + + m, err := i.base.Manifest() + if err != nil { + return err + } + manifest := m.DeepCopy() + + diffIDMap := make(map[v1.Hash]v1.Layer) + digestMap := make(map[v1.Hash]v1.Layer) + + // Determine effective config media type (user override takes precedence). + cfgMediaType := manifest.Config.MediaType + if i.configMediaType != nil { + cfgMediaType = *i.configMediaType + } + + imageConfig := isImageConfig(cfgMediaType) + var configFile *v1.ConfigFile if i.configFile != nil { configFile = i.configFile @@ -70,33 +98,32 @@ func (i *image) compute() error { } configFile = cf.DeepCopy() } - diffIDs := configFile.RootFS.DiffIDs - history := configFile.History - diffIDMap := make(map[v1.Hash]v1.Layer) - digestMap := make(map[v1.Hash]v1.Layer) + // For image configs, update RootFS.DiffIDs and History from added layers. + // For artifacts, skip this: the config has no rootfs or history fields. + if imageConfig { + diffIDs := configFile.RootFS.DiffIDs + history := configFile.History - for _, add := range i.adds { - history = append(history, add.History) - if add.Layer != nil { - diffID, err := add.Layer.DiffID() - if err != nil { - return err + for _, add := range i.adds { + history = append(history, add.History) + if add.Layer != nil { + diffID, err := add.Layer.DiffID() + if err != nil { + return err + } + diffIDs = append(diffIDs, diffID) + diffIDMap[diffID] = add.Layer } - diffIDs = append(diffIDs, diffID) - diffIDMap[diffID] = add.Layer } - } - m, err := i.base.Manifest() - if err != nil { - return err + configFile.RootFS.DiffIDs = diffIDs + configFile.History = history } - manifest := m.DeepCopy() + manifestLayers := manifest.Layers for _, add := range i.adds { if add.Layer == nil { - // Empty layers include only history in manifest. continue } @@ -105,14 +132,12 @@ func (i *image) compute() error { return err } - // Fields in the addendum override the original descriptor. if len(add.Annotations) != 0 { desc.Annotations = add.Annotations } if len(add.URLs) != 0 { desc.URLs = add.URLs } - if add.MediaType != "" { desc.MediaType = add.MediaType } @@ -120,42 +145,38 @@ func (i *image) compute() error { manifestLayers = append(manifestLayers, *desc) digestMap[desc.Digest] = add.Layer } - - configFile.RootFS.DiffIDs = diffIDs - configFile.History = history - manifest.Layers = manifestLayers - rcfg, err := json.Marshal(configFile) - if err != nil { - return err - } - d, sz, err := v1.SHA256(bytes.NewBuffer(rcfg)) - if err != nil { - return err - } - manifest.Config.Digest = d - manifest.Config.Size = sz + // For image configs, re-marshal the config and update the manifest digest. + // For artifacts, preserve the original config blob as-is to avoid + // corrupting the digest via re-marshaling. + if imageConfig { + rcfg, err := json.Marshal(configFile) + if err != nil { + return err + } + d, sz, err := v1.SHA256(bytes.NewBuffer(rcfg)) + if err != nil { + return err + } + manifest.Config.Digest = d + manifest.Config.Size = sz - // If Data was set in the base image, we need to update it in the mutated image. - if m.Config.Data != nil { - manifest.Config.Data = rcfg + if m.Config.Data != nil { + manifest.Config.Data = rcfg + } } - // If the user wants to mutate the media type of the config if i.configMediaType != nil { manifest.Config.MediaType = *i.configMediaType } - if i.mediaType != nil { manifest.MediaType = *i.mediaType } - if i.annotations != nil { if manifest.Annotations == nil { manifest.Annotations = map[string]string{} } - for k, v := range i.annotations { manifest.Annotations[k] = v } @@ -173,29 +194,34 @@ func (i *image) compute() error { // Layers returns the ordered collection of filesystem layers that comprise this image. // The order of the list is oldest/base layer first, and most-recent/top layer last. func (i *image) Layers() ([]v1.Layer, error) { - if err := i.compute(); errors.Is(err, stream.ErrNotComputed) { - // Image contains a streamable layer which has not yet been - // consumed. Just return the layers we have in case the caller - // is going to consume the layers. + if err := i.compute(); errors.Is(err, stream.ErrNotComputed) || (i.manifest != nil && !isImageConfig(i.manifest.Config.MediaType)) { + // Stream not yet consumed, or non-image OCI artifact (RootFS.DiffIDs + // is empty so partial.DiffIDs returns nothing). Fall back to the base + // layers plus any added layers. layers, err := i.base.Layers() if err != nil { return nil, err } for _, add := range i.adds { - layers = append(layers, add.Layer) + if add.Layer != nil { + layers = append(layers, add.Layer) + } } return layers, nil } else if err != nil { return nil, err } - diffIDs, err := partial.DiffIDs(i) - if err != nil { - return nil, err - } - ls := make([]v1.Layer, 0, len(diffIDs)) - for _, h := range diffIDs { - l, err := i.LayerByDiffID(h) + // Walk manifest layer descriptors by digest rather than rootfs diff + // IDs. Two layers can legitimately share a diff ID — same uncompressed + // content, different compression — and produce distinct digests. The + // manifest preserves the per-occurrence digest; LayerByDiffID does not, + // which previously caused duplicate-diff-ID layers to collapse to a + // single entry in the returned slice and break blob upload for + // downstream pushers (see #2034). + ls := make([]v1.Layer, 0, len(i.manifest.Layers)) + for _, desc := range i.manifest.Layers { + l, err := i.LayerByDigest(desc.Digest) if err != nil { return nil, err } @@ -220,11 +246,18 @@ func (i *image) ConfigFile() (*v1.ConfigFile, error) { return i.configFile.DeepCopy(), nil } -// RawConfigFile returns the serialized bytes of ConfigFile() +// RawConfigFile returns the serialized bytes of ConfigFile(). +// For non-image OCI artifacts, returns the original raw config to preserve +// the config blob digest. func (i *image) RawConfigFile() ([]byte, error) { if err := i.compute(); err != nil { return nil, err } + // If the manifest config is not a standard image config, return the + // original raw bytes to avoid corrupting the digest via re-marshaling. + if i.manifest != nil && !isImageConfig(i.manifest.Config.MediaType) { + return i.base.RawConfigFile() + } return json.Marshal(i.configFile) } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go index 088572723e..09458e96cb 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go @@ -277,93 +277,103 @@ func extract(img v1.Image, w io.Writer) error { // whiteout layers more efficient, since we can just keep track of the removed // files as we see .wh. layers and ignore those in previous layers. for i := len(layers) - 1; i >= 0; i-- { - layer := layers[i] - layerReader, err := layer.Uncompressed() - if err != nil { - return fmt.Errorf("reading layer contents: %w", err) + if err := extractLayer(tarWriter, fileMap, layers[i]); err != nil { + return err } - defer layerReader.Close() - tarReader := tar.NewReader(layerReader) - for { - header, err := tarReader.Next() - if errors.Is(err, io.EOF) { - break - } - if err != nil { - return fmt.Errorf("reading tar: %w", err) - } + } + return nil +} - // Some tools prepend everything with "./", so if we don't Clean the - // name, we may have duplicate entries, which angers tar-split. - header.Name = filepath.Clean(header.Name) +func extractLayer(tarWriter *tar.Writer, fileMap map[string]bool, layer v1.Layer) error { + layerReader, err := layer.Uncompressed() + if err != nil { + return fmt.Errorf("reading layer contents: %w", err) + } + defer layerReader.Close() - // Normalize absolute paths to relative to prevent writing outside - // the extraction root (Zip Slip / CVE-2018-15664 class). - // Many OCI tools emit absolute paths; stripping the leading slash - // preserves the entry while removing the danger. - if filepath.IsAbs(header.Name) { - header.Name = strings.TrimLeft(header.Name, "/") - } - // After normalization, reject any remaining path traversal. - if strings.HasPrefix(header.Name, "..") { - continue - } + tarReader := tar.NewReader(layerReader) + for { + header, err := tarReader.Next() + if errors.Is(err, io.EOF) { + break + } + if err != nil { + return fmt.Errorf("reading tar: %w", err) + } - // Reject symlinks and hardlinks that point outside the extraction - // root. An attacker can create a symlink to /etc and then write - // files through it in a subsequent layer entry. - if header.Typeflag == tar.TypeSymlink || header.Typeflag == tar.TypeLink { - linkTarget := filepath.Clean(header.Linkname) - if strings.HasPrefix(linkTarget, "..") || filepath.IsAbs(linkTarget) { + // Some tools prepend everything with "./", so if we don't Clean the + // name, we may have duplicate entries, which angers tar-split. + header.Name = filepath.Clean(header.Name) + + // Reject relative symlinks and hardlinks whose targets escape the + // image rootfs. Relative targets are resolved against the symlink's + // own directory: if the clean result starts with ".." the link would + // leave the rootfs. Relative symlinks that stay within the rootfs + // (common for glibc, C toolchains, etc.) are preserved unchanged. + // Absolute targets are left as-is; see #2238 for ongoing discussion + // on whether they should be pruned. + if header.Typeflag == tar.TypeSymlink || header.Typeflag == tar.TypeLink { + if !filepath.IsAbs(header.Linkname) { + resolved := filepath.Clean(filepath.Join(filepath.Dir(header.Name), header.Linkname)) //nolint:gosec // G305: path is only used for validation, not file I/O + if strings.HasPrefix(resolved, "..") { continue } } + } - // force PAX format to remove Name/Linkname length limit of 100 characters - // required by USTAR and to not depend on internal tar package guess which - // prefers USTAR over PAX - header.Format = tar.FormatPAX + // force PAX format to remove Name/Linkname length limit of 100 characters + // required by USTAR and to not depend on internal tar package guess which + // prefers USTAR over PAX + header.Format = tar.FormatPAX - basename := filepath.Base(header.Name) - dirname := filepath.Dir(header.Name) - tombstone := strings.HasPrefix(basename, whiteoutPrefix) - if tombstone { - basename = basename[len(whiteoutPrefix):] - } + basename := filepath.Base(header.Name) + dirname := filepath.Dir(header.Name) + tombstone := strings.HasPrefix(basename, whiteoutPrefix) + if tombstone { + basename = basename[len(whiteoutPrefix):] + } - // check if we have seen value before - // if we're checking a directory, don't filepath.Join names - var name string - if header.Typeflag == tar.TypeDir { - name = header.Name - } else { - name = filepath.Join(dirname, basename) - } + // check if we have seen value before + // if we're checking a directory, don't filepath.Join names + var name string + if header.Typeflag == tar.TypeDir { + name = header.Name + } else { + name = filepath.Join(dirname, basename) + } - if _, ok := fileMap[name]; ok && !tombstone { - continue - } + if _, ok := fileMap[name]; ok && !tombstone { + continue + } - // check for a whited out parent directory - if inWhiteoutDir(fileMap, name) { - continue - } + // check for a whited out parent directory + if inWhiteoutDir(fileMap, name) { + continue + } - // mark file as handled. non-directory implicitly tombstones - // any entries with a matching (or child) name - fileMap[name] = tombstone || (header.Typeflag != tar.TypeDir) - if !tombstone { - if err := tarWriter.WriteHeader(header); err != nil { + // mark file as handled. non-directory implicitly tombstones + // any entries with a matching (or child) name + fileMap[name] = tombstone || (header.Typeflag != tar.TypeDir) + if !tombstone { + if err := tarWriter.WriteHeader(header); err != nil { + return err + } + if header.Size > 0 { + if _, err := io.CopyN(tarWriter, tarReader, header.Size); err != nil { return err } - if header.Size > 0 { - if _, err := io.CopyN(tarWriter, tarReader, header.Size); err != nil { - return err - } - } } } } + + // Drain any bytes the tar.Reader did not consume (trailing data after the + // end-of-archive marker) so the underlying verifying reader reaches io.EOF + // and the layer's digest is verified. Without this, a layer whose contents + // do not match the manifest's layer digest is extracted without error. + // pkg/v1/validate/layer.go performs the same drain. + if _, err := io.Copy(io.Discard, layerReader); err != nil { + return fmt.Errorf("verifying layer: %w", err) + } return nil } @@ -500,6 +510,12 @@ func layerTime(layer v1.Layer, t time.Time) (v1.Layer, error) { } } + // Drain trailing bytes so the underlying verifying reader reaches io.EOF + // and the layer digest is verified (see extractLayer). + if _, err := io.Copy(io.Discard, layerReader); err != nil { + return nil, fmt.Errorf("verifying layer: %w", err) + } + if err := tarWriter.Close(); err != nil { return nil, err } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go index c8b22b3f95..e83b4a8825 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go @@ -337,8 +337,12 @@ func Descriptor(d Describable) (*v1.Descriptor, error) { mf, _ := Manifest(wrm) // Failing to parse as a manifest should just be ignored. // The manifest might not be valid, and that's okay. - if mf != nil && !mf.Config.MediaType.IsConfig() { - desc.ArtifactType = string(mf.Config.MediaType) + if mf != nil { + if mf.ArtifactType != "" { + desc.ArtifactType = mf.ArtifactType + } else { + desc.ArtifactType = string(mf.Config.MediaType) + } } } } @@ -429,7 +433,10 @@ func ArtifactType(w WithManifest) (string, error) { mf, _ := w.Manifest() // Failing to parse as a manifest should just be ignored. // The manifest might not be valid, and that's okay. - if mf != nil && !mf.Config.MediaType.IsConfig() { + if mf != nil { + if mf.ArtifactType != "" { + return mf.ArtifactType, nil + } return string(mf.Config.MediaType), nil } return "", nil diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go index a0281b9fd2..7b9cc0e247 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go @@ -122,7 +122,7 @@ func (f *fetcher) catalogPage(ctx context.Context, reg name.Registry, next strin return nil, err } - uri, err := getNextPageURL(resp) + uri, err := getNextPageURLForRegistry(resp, reg) if err != nil { return nil, err } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go index d77b37c0c2..4b238d1290 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go @@ -19,10 +19,12 @@ import ( "context" "fmt" "io" + "net" "net/http" "net/url" "strings" + "github.com/google/go-containerregistry/internal/limit" "github.com/google/go-containerregistry/internal/redact" "github.com/google/go-containerregistry/internal/verify" "github.com/google/go-containerregistry/pkg/authn" @@ -40,8 +42,9 @@ const ( // fetcher implements methods for reading from a registry. type fetcher struct { - target resource - client *http.Client + target resource + client *http.Client + limiter *pullLimiter } func makeFetcher(ctx context.Context, target resource, o *options) (*fetcher, error) { @@ -69,10 +72,40 @@ func makeFetcher(ctx context.Context, target resource, o *options) (*fetcher, er } return &fetcher{ target: target, - client: &http.Client{Transport: tr}, + client: &http.Client{ + Transport: tr, + CheckRedirect: checkRedirectSSRF, + }, + limiter: o.limiter, }, nil } +// checkRedirectSSRF rejects HTTP redirects that cross from a public host to a +// private or link-local IP literal. This prevents a malicious registry from +// issuing a 302 to a cloud instance metadata service (e.g. 169.254.169.254) +// or another internal network address during blob or manifest downloads. +// +// Same-host redirects and redirects to non-IP hostnames (including DNS names +// that may resolve to private addresses) are allowed. The first redirect in +// the chain uses the original request URL as the "origin host" via +// req.Response.Request, falling back to req.URL when no prior response exists. +func checkRedirectSSRF(req *http.Request, via []*http.Request) error { + if len(via) == 0 || req.Response == nil { + return nil + } + origHost := via[0].URL.Hostname() + destHost := req.URL.Hostname() + if destHost == origHost { + return nil // same-host redirect is always allowed + } + if ip := net.ParseIP(destHost); ip != nil { + if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() || ip.IsPrivate() || ip.IsUnspecified() { + return fmt.Errorf("SSRF protection: redirect from %q to private/link-local host %q denied", origHost, destHost) + } + } + return nil +} + func (f *fetcher) Do(req *http.Request) (*http.Response, error) { return f.client.Do(req) } @@ -136,7 +169,7 @@ func (f *fetcher) fetchManifest(ctx context.Context, ref name.Reference, accepta return nil, nil, err } - manifest, err := io.ReadAll(io.LimitReader(resp.Body, manifestLimit)) + manifest, err := limit.ReadAll(resp.Body, manifestLimit) if err != nil { return nil, nil, err } @@ -162,11 +195,20 @@ func (f *fetcher) fetchManifest(ctx context.Context, ref name.Reference, accepta } var artifactType string + var annotations map[string]string mf, _ := v1.ParseManifest(bytes.NewReader(manifest)) // Failing to parse as a manifest should just be ignored. // The manifest might not be valid, and that's okay. - if mf != nil && !mf.Config.MediaType.IsConfig() { - artifactType = string(mf.Config.MediaType) + if mf != nil { + // Per the OCI distribution spec, artifactType on the descriptor is + // set to the manifest's artifactType if present, otherwise it falls + // back to the config descriptor's mediaType. + if mf.ArtifactType != "" { + artifactType = mf.ArtifactType + } else { + artifactType = string(mf.Config.MediaType) + } + annotations = mf.Annotations } // Do nothing for tags; I give up. @@ -183,6 +225,7 @@ func (f *fetcher) fetchManifest(ctx context.Context, ref name.Reference, accepta Size: size, MediaType: mediaType, ArtifactType: artifactType, + Annotations: annotations, } return manifest, &desc, nil @@ -247,18 +290,30 @@ func (f *fetcher) headManifest(ctx context.Context, ref name.Reference, acceptab func (f *fetcher) fetchBlob(ctx context.Context, size int64, h v1.Hash) (io.ReadCloser, error) { u := f.url("blobs", h.String()) + return f.fetchBlobURL(ctx, u, size, h) +} + +func (f *fetcher) fetchBlobURL(ctx context.Context, u url.URL, size int64, h v1.Hash) (io.ReadCloser, error) { + release, err := f.limiter.acquire(ctx) + if err != nil { + return nil, err + } + req, err := http.NewRequest(http.MethodGet, u.String(), nil) if err != nil { + release() return nil, err } resp, err := f.client.Do(req.WithContext(ctx)) if err != nil { + release() return nil, redact.Error(err) } if err := transport.CheckError(resp, http.StatusOK); err != nil { resp.Body.Close() + release() return nil, err } @@ -269,11 +324,22 @@ func (f *fetcher) fetchBlob(ctx context.Context, size int64, h v1.Hash) (io.Read if size == verify.SizeUnknown { size = hsize } else if hsize != size { + resp.Body.Close() + release() return nil, fmt.Errorf("GET %s: Content-Length header %d does not match expected size %d", u.String(), hsize, size) } } - return verify.ReadCloser(resp.Body, size, h) + rc, err := verify.ReadCloser(resp.Body, size, h) + if err != nil { + resp.Body.Close() + release() + return nil, err + } + return &limitedReadCloser{ + ReadCloser: rc, + release: release, + }, nil } func (f *fetcher) headBlob(ctx context.Context, h v1.Hash) (*http.Response, error) { @@ -296,6 +362,57 @@ func (f *fetcher) headBlob(ctx context.Context, h v1.Hash) (*http.Response, erro return resp, nil } +// validateForeignURL rejects foreign layer URLs that use a disallowed scheme +// or resolve to a private / link-local IP address (SSRF protection). DNS-based +// SSRF is out of scope, matching transport.validateRealmURL. +func validateForeignURL(rawURL string, insecure bool) error { + u, err := url.Parse(rawURL) + if err != nil { + return fmt.Errorf("parsing foreign layer URL %q: %w", rawURL, err) + } + switch u.Scheme { + case "https": + case "http": + if !insecure { + return fmt.Errorf("foreign layer URL scheme %q not allowed for a secure registry; use https", u.Scheme) + } + default: + return fmt.Errorf("foreign layer URL scheme %q not allowed; must be https (or http for insecure registries)", u.Scheme) + } + host := u.Hostname() + if ip := net.ParseIP(host); ip != nil { + if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() || ip.IsPrivate() || ip.IsUnspecified() { + return fmt.Errorf("foreign layer URL host %q is a private or link-local address", host) + } + } + return nil +} + +// fetchForeignBlobURL fetches a foreign-layer blob, validating every redirect +// destination through validateForeignURL (SSRF protection). +func (f *fetcher) fetchForeignBlobURL(ctx context.Context, u url.URL, size int64, h v1.Hash, insecure bool) (io.ReadCloser, error) { + safeClient := &http.Client{ + Transport: f.client.Transport, + CheckRedirect: func(req *http.Request, _ []*http.Request) error { + return validateForeignURL(req.URL.String(), insecure) + }, + } + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, u.String(), nil) + if err != nil { + return nil, err + } + resp, err := safeClient.Do(req) + if err != nil { + return nil, err + } + if resp.StatusCode != http.StatusOK { + resp.Body.Close() + return nil, fmt.Errorf("GET %s: unexpected status %s", u.String(), resp.Status) + } + return verify.ReadCloser(resp.Body, size, h) +} + func (f *fetcher) blobExists(ctx context.Context, h v1.Hash) (bool, error) { u := f.url("blobs", h.String()) req, err := http.NewRequest(http.MethodHead, u.String(), nil) diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go index f085967ed5..d39a0e71f0 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go @@ -18,7 +18,6 @@ import ( "bytes" "context" "io" - "net/http" "net/url" "sync" @@ -27,7 +26,6 @@ import ( "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/partial" - "github.com/google/go-containerregistry/pkg/v1/remote/transport" "github.com/google/go-containerregistry/pkg/v1/types" ) @@ -172,7 +170,7 @@ func (rl *remoteImageLayer) Digest() (v1.Hash, error) { // Compressed implements partial.CompressedLayer func (rl *remoteImageLayer) Compressed() (io.ReadCloser, error) { - urls := []url.URL{rl.ri.fetcher.url("blobs", rl.digest.String())} + u := rl.ri.fetcher.url("blobs", rl.digest.String()) // Add alternative layer sources from URLs (usually none). d, err := partial.BlobDescriptor(rl, rl.digest) @@ -187,38 +185,38 @@ func (rl *remoteImageLayer) Compressed() (io.ReadCloser, error) { // We don't want to log binary layers -- this can break terminals. ctx := redact.NewContext(rl.ctx, "omitting binary blobs from logs") - for _, s := range d.URLs { - u, err := url.Parse(s) - if err != nil { - return nil, err - } - urls = append(urls, *u) - } + insecure := rl.ri.fetcher.target.Scheme() == "http" // The lastErr for most pulls will be the same (the first error), but for // foreign layers we'll want to surface the last one, since we try to pull // from the registry first, which would often fail. // TODO: Maybe we don't want to try pulling from the registry first? var lastErr error - for _, u := range urls { - req, err := http.NewRequest(http.MethodGet, u.String(), nil) - if err != nil { + rc, err := rl.ri.fetcher.fetchBlobURL(ctx, u, d.Size, rl.digest) + if err == nil { + return rc, nil + } + lastErr = err + + foreignURLs := make([]url.URL, 0, len(d.URLs)) + for _, s := range d.URLs { + if err := validateForeignURL(s, insecure); err != nil { return nil, err } - - resp, err := rl.ri.fetcher.Do(req.WithContext(ctx)) + fu, err := url.Parse(s) if err != nil { - lastErr = err - continue + return nil, err } + foreignURLs = append(foreignURLs, *fu) + } - if err := transport.CheckError(resp, http.StatusOK); err != nil { - resp.Body.Close() + for _, fu := range foreignURLs { + rc, err := rl.ri.fetcher.fetchForeignBlobURL(ctx, fu, d.Size, rl.digest, insecure) + if err != nil { lastErr = err continue } - - return verify.ReadCloser(resp.Body, d.Size, rl.digest) + return rc, nil } return nil, lastErr diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go index b80972c80e..3956a38e69 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go @@ -225,8 +225,12 @@ func (r *remoteIndex) childDescriptor(child v1.Descriptor, platform v1.Platform) mf, _ := v1.ParseManifest(bytes.NewReader(manifest)) // Failing to parse as a manifest should just be ignored. // The manifest might not be valid, and that's okay. - if mf != nil && !mf.Config.MediaType.IsConfig() { - child.ArtifactType = string(mf.Config.MediaType) + if mf != nil { + if mf.ArtifactType != "" { + child.ArtifactType = mf.ArtifactType + } else { + child.ArtifactType = string(mf.Config.MediaType) + } } } diff --git a/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/internal/authchallenge/authchallenge.go similarity index 65% rename from vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go rename to vendor/github.com/google/go-containerregistry/pkg/v1/remote/internal/authchallenge/authchallenge.go index fe238210cd..9084377c2f 100644 --- a/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/internal/authchallenge/authchallenge.go @@ -1,91 +1,26 @@ -package challenge +// Copyright 2014 Docker, Inc. +// Copyright 2021-2026 The Distribution contributors +// Copyright 2026 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package authchallenge import ( - "fmt" "net/http" - "net/url" "strings" - "sync" ) -// Challenge carries information from a WWW-Authenticate response header. -// See RFC 2617. -type Challenge struct { - // Scheme is the auth-scheme according to RFC 2617 - Scheme string - - // Parameters are the auth-params according to RFC 2617 - Parameters map[string]string -} - -// Manager manages the challenges for endpoints. -// The challenges are pulled out of HTTP responses. Only -// responses which expect challenges should be added to -// the manager, since a non-unauthorized request will be -// viewed as not requiring challenges. -type Manager interface { - // GetChallenges returns the challenges for the given - // endpoint URL. - GetChallenges(endpoint url.URL) ([]Challenge, error) - - // AddResponse adds the response to the challenge - // manager. The challenges will be parsed out of - // the WWW-Authenicate headers and added to the - // URL which was produced the response. If the - // response was authorized, any challenges for the - // endpoint will be cleared. - AddResponse(resp *http.Response) error -} - -// NewSimpleManager returns an instance of -// Manger which only maps endpoints to challenges -// based on the responses which have been added the -// manager. The simple manager will make no attempt to -// perform requests on the endpoints or cache the responses -// to a backend. -func NewSimpleManager() Manager { - return &simpleManager{ - Challenges: make(map[string][]Challenge), - } -} - -type simpleManager struct { - sync.RWMutex - Challenges map[string][]Challenge -} - -func normalizeURL(endpoint *url.URL) { - endpoint.Host = strings.ToLower(endpoint.Host) - endpoint.Host = canonicalAddr(endpoint) -} - -func (m *simpleManager) GetChallenges(endpoint url.URL) ([]Challenge, error) { - normalizeURL(&endpoint) - - m.RLock() - defer m.RUnlock() - challenges := m.Challenges[endpoint.String()] - return challenges, nil -} - -func (m *simpleManager) AddResponse(resp *http.Response) error { - challenges := ResponseChallenges(resp) - if resp.Request == nil { - return fmt.Errorf("missing request reference") - } - urlCopy := url.URL{ - Path: resp.Request.URL.Path, - Host: resp.Request.URL.Host, - Scheme: resp.Request.URL.Scheme, - } - normalizeURL(&urlCopy) - - m.Lock() - defer m.Unlock() - m.Challenges[urlCopy.String()] = challenges - return nil -} - // Octet types from RFC 2616. type octetType byte @@ -113,7 +48,7 @@ func init() { // token = 1* // qdtext = > - for c := 0; c < 256; c++ { + for c := range 256 { var t octetType isCtl := c <= 31 || c == 127 isChar := 0 <= c && c <= 127 @@ -128,6 +63,16 @@ func init() { } } +// Challenge carries information from a WWW-Authenticate response header. +// See RFC 2617. +type Challenge struct { + // Scheme is the auth-scheme according to RFC 2617 + Scheme string + + // Parameters are the auth-params according to RFC 2617 + Parameters map[string]string +} + // ResponseChallenges returns a list of authorization challenges // for the given http Response. Challenges are only checked if // the response status code was a 401. diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/limiter.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/limiter.go new file mode 100644 index 0000000000..54ec3b28dc --- /dev/null +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/limiter.go @@ -0,0 +1,55 @@ +// Copyright 2026 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package remote + +import ( + "context" + "io" + "sync" +) + +type pullLimiter struct { + tokens chan struct{} +} + +func newPullLimiter(jobs int) *pullLimiter { + return &pullLimiter{ + tokens: make(chan struct{}, jobs), + } +} + +func (l *pullLimiter) acquire(ctx context.Context) (func(), error) { + if l == nil { + return func() {}, nil + } + select { + case l.tokens <- struct{}{}: + return func() { <-l.tokens }, nil + case <-ctx.Done(): + return nil, ctx.Err() + } +} + +type limitedReadCloser struct { + io.ReadCloser + release func() + once sync.Once +} + +func (l *limitedReadCloser) Close() error { + err := l.ReadCloser.Close() + l.once.Do(l.release) + return err +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go index 910d2a94c7..9beff7dc24 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go @@ -17,6 +17,7 @@ package remote import ( "context" "encoding/json" + "errors" "fmt" "net/http" "net/url" @@ -85,7 +86,7 @@ func (f *fetcher) listPage(ctx context.Context, repo name.Repository, next strin return nil, err } - uri, err := getNextPageURL(resp) + uri, err := getNextPageURL(resp, repo) if err != nil { return nil, err } @@ -99,8 +100,9 @@ func (f *fetcher) listPage(ctx context.Context, repo name.Repository, next strin // getNextPageURL checks if there is a Link header in a http.Response which // contains a link to the next page. If yes it returns the url.URL of the next -// page otherwise it returns nil. -func getNextPageURL(resp *http.Response) (*url.URL, error) { +// page otherwise it returns nil. It validates that the resolved URL points +// to the same registry to prevent SSRF attacks. +func getNextPageURL(resp *http.Response, repo name.Repository) (*url.URL, error) { link := resp.Header.Get("Link") if link == "" { return nil, nil @@ -115,6 +117,9 @@ func getNextPageURL(resp *http.Response) (*url.URL, error) { return nil, fmt.Errorf("failed to parse link header: missing '>' in: %s", link) } link = link[1:end] + if link == "" { + return nil, nil + } linkURL, err := url.Parse(link) if err != nil { @@ -124,9 +129,31 @@ func getNextPageURL(resp *http.Response) (*url.URL, error) { return nil, nil } linkURL = resp.Request.URL.ResolveReference(linkURL) + + // Validate that the pagination URL points to the same registry to prevent SSRF. + if err := validatePaginationURL(linkURL, repo); err != nil { + return nil, err + } + return linkURL, nil } +// validatePaginationURL checks that a pagination URL is safe to follow. +func validatePaginationURL(u *url.URL, repo name.Repository) error { + return validatePaginationURLHost(u, repo.Scheme(), repo.RegistryStr()) +} + +// validatePaginationURLHost checks that a pagination URL is safe to follow. +func validatePaginationURLHost(u *url.URL, scheme, host string) error { + if u.Scheme != scheme { + return fmt.Errorf("pagination URL scheme %q does not match registry scheme %q", u.Scheme, scheme) + } + if u.Host != host { + return errors.New("pagination URL host does not match registry host: potential SSRF attack") + } + return nil +} + type Lister struct { f *fetcher repo name.Repository @@ -150,3 +177,40 @@ func (l *Lister) Next(ctx context.Context) (*Tags, error) { func (l *Lister) HasNext() bool { return l.page != nil && (!l.needMore || l.page.Next != "") } + +// getNextPageURLForRegistry is like getNextPageURL but for name.Registry. +func getNextPageURLForRegistry(resp *http.Response, reg name.Registry) (*url.URL, error) { + link := resp.Header.Get("Link") + if link == "" { + return nil, nil + } + + if link[0] != '<' { + return nil, fmt.Errorf("failed to parse link header: missing '<' in: %s", link) + } + + end := strings.Index(link, ">") + if end == -1 { + return nil, fmt.Errorf("failed to parse link header: missing '>' in: %s", link) + } + link = link[1:end] + if link == "" { + return nil, nil + } + + linkURL, err := url.Parse(link) + if err != nil { + return nil, err + } + if resp.Request == nil || resp.Request.URL == nil { + return nil, nil + } + linkURL = resp.Request.URL.ResolveReference(linkURL) + + // Validate that the pagination URL points to the same registry to prevent SSRF. + if err := validatePaginationURLHost(linkURL, reg.Scheme(), reg.RegistryStr()); err != nil { + return nil, err + } + + return linkURL, nil +} diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go index 15b7da1e41..3d8bb8ddfd 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go @@ -45,6 +45,7 @@ type options struct { retryBackoff Backoff retryPredicate retry.Predicate retryStatusCodes []int + limiter *pullLimiter // Only these options can overwrite Reuse()d options. platform v1.Platform @@ -92,6 +93,7 @@ var fastBackoff = Backoff{ var defaultRetryStatusCodes = []int{ http.StatusRequestTimeout, + http.StatusTooManyRequests, // 429: OCI distribution-spec rate limit; TooManyRequestsErrorCode is already classified temporary in transport/error.go http.StatusInternalServerError, http.StatusBadGateway, http.StatusServiceUnavailable, @@ -142,6 +144,7 @@ func makeOptions(opts ...Option) (*options, error) { return nil, err } } + o.limiter = newPullLimiter(o.jobs) switch { case o.auth != nil && o.keychain != nil: diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/pusher.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/pusher.go index 47e3b806ee..5675c97c8f 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/pusher.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/pusher.go @@ -156,7 +156,11 @@ func (p *Pusher) Upload(ctx context.Context, repo name.Repository, l v1.Layer) e } func (p *Pusher) Delete(ctx context.Context, ref name.Reference) error { - w, err := p.writer(ctx, ref.Context(), p.o) + // Use a transport scoped for delete. Requesting DeleteScope (which + // includes the "delete" action) allows registries that require an + // explicit delete permission—such as IBM Cloud Container Registry—to + // grant access. + client, err := makeDeleteClient(ctx, ref.Context(), p.o) if err != nil { return err } @@ -172,7 +176,7 @@ func (p *Pusher) Delete(ctx context.Context, ref name.Reference) error { return err } - resp, err := w.w.client.Do(req.WithContext(ctx)) + resp, err := client.Do(req.WithContext(ctx)) if err != nil { return err } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/referrers.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/referrers.go index 4bc6f70a85..c23e1d83b6 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/referrers.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/referrers.go @@ -18,10 +18,10 @@ import ( "bytes" "context" "errors" - "io" "net/http" "strings" + "github.com/google/go-containerregistry/internal/limit" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/empty" @@ -67,7 +67,7 @@ func (f *fetcher) fetchReferrers(ctx context.Context, filter map[string]string, var b []byte if resp.StatusCode == http.StatusOK && resp.Header.Get("Content-Type") == string(types.OCIImageIndex) { - b, err = io.ReadAll(resp.Body) + b, err = limit.ReadAll(resp.Body, manifestLimit) if err != nil { return nil, err } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go index ea652d4ae8..cbc2b1d4f9 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go @@ -19,21 +19,24 @@ import ( "encoding/json" "errors" "fmt" - "io" "net" "net/http" "net/url" "strings" "sync" - authchallenge "github.com/docker/distribution/registry/client/auth/challenge" - + "github.com/google/go-containerregistry/internal/limit" "github.com/google/go-containerregistry/internal/redact" "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/logs" "github.com/google/go-containerregistry/pkg/name" + "github.com/google/go-containerregistry/pkg/v1/remote/internal/authchallenge" ) +// maxTokenBodySize limits bearer token response body reads to prevent OOM +// when a token endpoint returns an unexpectedly large body. +const maxTokenBodySize = 64 * 1024 // 64 KiB + type Token struct { Token string `json:"token"` AccessToken string `json:"access_token,omitempty"` @@ -83,6 +86,13 @@ func fromChallenge(reg name.Registry, auth authn.Authenticator, t http.RoundTrip if !ok { return nil, fmt.Errorf("malformed www-authenticate, missing realm: %v", pr.Parameters) } + // Validate the realm URL before storing it. A malicious or compromised + // registry can supply a realm pointing at an internal service or cloud + // metadata endpoint (e.g. 169.254.169.254), causing SSRF when the client + // subsequently fetches a token. + if err := validateRealmURL(realm, reg.RegistryStr(), pr.Insecure); err != nil { + return nil, fmt.Errorf("invalid realm in www-authenticate: %w", err) + } service := pr.Parameters["service"] scheme := "https" if pr.Insecure { @@ -99,6 +109,56 @@ func fromChallenge(reg name.Registry, auth authn.Authenticator, t http.RoundTrip }, nil } +// realmRedirectCheck mimics the default http.Client redirect policy but also +// validates each redirect URL with validateRealmURL. +func realmRedirectCheck(registryHost string, insecure bool) func(*http.Request, []*http.Request) error { + return func(req *http.Request, via []*http.Request) error { + if len(via) >= 10 { + return fmt.Errorf("stopped after 10 redirects") + } + if err := validateRealmURL(req.URL.String(), registryHost, insecure); err != nil { + return fmt.Errorf("refusing token-server redirect to %q: %w", req.URL, err) + } + return nil + } +} + +// validateRealmURL returns an error if the realm URL uses a disallowed scheme +// or resolves to a private / link-local IP address. Realm URLs matching the +// registry host:port are always allowed. See #2258. +func validateRealmURL(realm, registryHost string, insecure bool) error { + u, err := url.Parse(realm) + if err != nil { + return fmt.Errorf("parsing realm %q: %w", realm, err) + } + switch u.Scheme { + case "https": + // always allowed + case "http": + if !insecure { + return fmt.Errorf("realm scheme %q not allowed for a secure registry; use https", u.Scheme) + } + default: + return fmt.Errorf("realm scheme %q not allowed; must be https (or http for insecure registries)", u.Scheme) + } + // Always allow realms matching the registry host:port. + if registryHost != "" && u.Host == registryHost { + return nil + } + // Reject IP literals that resolve to private or link-local ranges. + // This blocks direct references to RFC 1918 addresses, loopback, and + // link-local ranges including the cloud instance metadata service + // (169.254.169.254 / fd00:ec2::254). DNS-based SSRF is out of scope + // here; callers should apply network-level controls if needed. + host := u.Hostname() + if ip := net.ParseIP(host); ip != nil { + if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() || ip.IsPrivate() || ip.IsUnspecified() { + return fmt.Errorf("realm host %q is a private or link-local address", host) + } + } + return nil +} + type bearerTransport struct { mx sync.RWMutex // Wrapped by bearerTransport. @@ -187,7 +247,23 @@ func (bt *bearerTransport) RoundTrip(in *http.Request) (*http.Response, error) { if err = bt.refresh(in.Context()); err != nil { return nil, err } - return sendRequest() + // Re-attach the freshly fetched token, but only when the request is + // still talking to the registry we authenticated against. matchesHost + // guards against forwarding the Authorization header across an + // http.Client-level redirect to a different host: a malicious or + // compromised registry can 302 the request to an attacker-controlled + // host, answer the follow-up with a Bearer challenge, and harvest the + // token if we re-attach it unconditionally. For a cross-host request + // fall back to sendRequest(), which omits the credential, rather than + // leaking it to a host we never logged in to. + if !matchesHost(bt.registry.RegistryStr(), in, bt.scheme) { + return sendRequest() + } + bt.mx.RLock() + tok := bt.bearer.RegistryToken + bt.mx.RUnlock() + in.Header.Set("Authorization", fmt.Sprintf("Bearer %s", tok)) + return bt.inner.RoundTrip(in) } return res, err @@ -336,7 +412,8 @@ func (bt *bearerTransport) refreshOauth(ctx context.Context) ([]byte, error) { v.Set("access_type", "offline") } - client := http.Client{Transport: bt.inner} + allowInsecure := bt.scheme == "http" + client := http.Client{Transport: bt.inner, CheckRedirect: realmRedirectCheck(bt.registry.RegistryStr(), allowInsecure)} req, err := http.NewRequest(http.MethodPost, u.String(), strings.NewReader(v.Encode())) if err != nil { return nil, err @@ -359,7 +436,7 @@ func (bt *bearerTransport) refreshOauth(ctx context.Context) ([]byte, error) { return nil, err } - return io.ReadAll(resp.Body) + return limit.ReadAll(resp.Body, maxTokenBodySize) } // https://docs.docker.com/registry/spec/auth/token/ @@ -373,7 +450,8 @@ func (bt *bearerTransport) refreshBasic(ctx context.Context) ([]byte, error) { auth: bt.basic, target: u.Host, } - client := http.Client{Transport: b} + allowInsecure := bt.scheme == "http" + client := http.Client{Transport: b, CheckRedirect: realmRedirectCheck(bt.registry.RegistryStr(), allowInsecure)} v := u.Query() bt.mx.RLock() @@ -403,5 +481,5 @@ func (bt *bearerTransport) refreshBasic(ctx context.Context) ([]byte, error) { return nil, err } - return io.ReadAll(resp.Body) + return limit.ReadAll(resp.Body, maxTokenBodySize) } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go index d38e676249..7b14b8c413 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go @@ -15,12 +15,14 @@ package transport import ( + "bytes" "encoding/json" "fmt" "io" "net/http" "strings" + "github.com/google/go-containerregistry/internal/limit" "github.com/google/go-containerregistry/internal/redact" ) @@ -112,6 +114,10 @@ type ErrorCode string // The set of error conditions a registry may return: // https://github.com/distribution/distribution/blob/aac2f6c8b7c5a6c60190848bab5cbeed2b5ba0a9/docs/spec/api.md#errors-2 +// maxErrorBodySize limits HTTP error response body reads to prevent OOM when +// a registry returns an unexpectedly large error body. +const maxErrorBodySize = 64 * 1024 // 64 KiB + const ( BlobUnknownErrorCode ErrorCode = "BLOB_UNKNOWN" BlobUploadInvalidErrorCode ErrorCode = "BLOB_UPLOAD_INVALID" @@ -146,6 +152,7 @@ var temporaryErrorCodes = map[ErrorCode]struct{}{ var temporaryStatusCodes = map[int]struct{}{ http.StatusRequestTimeout: {}, + http.StatusTooManyRequests: {}, // matches TooManyRequestsErrorCode in temporaryErrorCodes http.StatusInternalServerError: {}, http.StatusBadGateway: {}, http.StatusServiceUnavailable: {}, @@ -161,7 +168,7 @@ func CheckError(resp *http.Response, codes ...int) error { } } - b, err := io.ReadAll(resp.Body) + b, err := limit.ReadAll(resp.Body, maxErrorBodySize) if err != nil { return err } @@ -185,11 +192,16 @@ func makeError(resp *http.Response, body []byte) *Error { } func retryError(resp *http.Response) error { - b, err := io.ReadAll(resp.Body) + b, err := limit.ReadAll(resp.Body, maxErrorBodySize) if err != nil { return err } + // Restore the body so that a subsequent CheckError call (after the + // retry loop exhausts its retries) can still read and parse the + // structured registry error from the response. + resp.Body = io.NopCloser(bytes.NewReader(b)) + rerr := makeError(resp, b) rerr.temporary = true return rerr diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go index 325874399b..6d5cba6d40 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go @@ -24,9 +24,9 @@ import ( "strings" "time" - authchallenge "github.com/docker/distribution/registry/client/auth/challenge" "github.com/google/go-containerregistry/pkg/logs" "github.com/google/go-containerregistry/pkg/name" + "github.com/google/go-containerregistry/pkg/v1/remote/internal/authchallenge" ) // 300ms is the default fallback period for go's DNS dialer but we could make this configurable. diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go index c3b56f7a41..6ee7782b7f 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go @@ -18,7 +18,9 @@ package transport const ( PullScope string = "pull" PushScope string = "push,pull" - // For now DELETE is PUSH, which is the read/write ACL. - DeleteScope string = PushScope + // DeleteScope requests "delete" in addition to push/pull so that + // registries requiring an explicit delete action (e.g. IBM Cloud + // Container Registry) grant the necessary access. + DeleteScope string = "push,pull,delete" CatalogScope string = "catalog" ) diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go index 58adfd8d33..4ff30a8cb1 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go @@ -21,6 +21,7 @@ import ( "errors" "fmt" "io" + "net" "net/http" "net/url" "sort" @@ -66,6 +67,25 @@ type writer struct { scopes []string } +// makeDeleteClient returns an HTTP client whose token includes the "delete" +// action so that registries requiring an explicit delete permission grant +// access for manifest deletion. +func makeDeleteClient(ctx context.Context, repo name.Repository, o *options) (*http.Client, error) { + auth := o.auth + if o.keychain != nil { + kauth, err := authn.Resolve(ctx, o.keychain, repo) + if err != nil { + return nil, err + } + auth = kauth + } + tr, err := transport.NewWithContext(ctx, repo.Registry, auth, o.transport, []string{repo.Scope(transport.DeleteScope)}) + if err != nil { + return nil, err + } + return &http.Client{Transport: tr}, nil +} + func makeWriter(ctx context.Context, repo name.Repository, ls []v1.Layer, o *options) (*writer, error) { auth := o.auth if o.keychain != nil { @@ -148,7 +168,29 @@ func (w *writer) nextLocation(resp *http.Response) (string, error) { // If the location header returned is just a url path, then fully qualify it. // We cannot simply call w.url, since there might be an embedded query string. - return resp.Request.URL.ResolveReference(u).String(), nil + resolved := resp.Request.URL.ResolveReference(u) + + // Reject Location headers that redirect to a DIFFERENT host that resolves to + // a private or link-local IP literal. A malicious or compromised registry can + // respond to a blob upload initiation (POST /v2/.../blobs/uploads/) with a + // crafted Location header pointing at an internal service, causing the client + // to send subsequent PATCH/PUT requests (including the layer data as the body) + // to that internal address. Pre-signed blob URLs from cloud storage providers + // (GCS, S3, Azure Blob) use public hostnames, so legitimate cross-host + // redirects are unaffected. + // + // Same-host redirects (e.g. a different path on the registry itself) are + // always allowed regardless of whether the registry IP is private. + origHost := resp.Request.URL.Hostname() + if destHost := resolved.Hostname(); destHost != origHost { + if ip := net.ParseIP(destHost); ip != nil { + if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() || ip.IsPrivate() || ip.IsUnspecified() { + return "", fmt.Errorf("SSRF protection: Location header redirects to private/link-local host %q", destHost) + } + } + } + + return resolved.String(), nil } // checkExistingBlob checks if a blob exists already in the repository by making a @@ -555,9 +597,10 @@ func (w *writer) commitManifest(ctx context.Context, t Taggable, ref name.Refere return err } var mf struct { - MediaType types.MediaType `json:"mediaType"` - Subject *v1.Descriptor `json:"subject,omitempty"` - Config struct { + MediaType types.MediaType `json:"mediaType"` + Subject *v1.Descriptor `json:"subject,omitempty"` + ArtifactType string `json:"artifactType,omitempty"` + Config struct { MediaType types.MediaType `json:"mediaType"` } `json:"config"` } @@ -599,10 +642,14 @@ func (w *writer) commitManifest(ctx context.Context, t Taggable, ref name.Refere return err } desc := v1.Descriptor{ - ArtifactType: string(mf.Config.MediaType), - MediaType: mf.MediaType, - Digest: h, - Size: size, + MediaType: mf.MediaType, + Digest: h, + Size: size, + } + if mf.ArtifactType != "" { + desc.ArtifactType = mf.ArtifactType + } else { + desc.ArtifactType = string(mf.Config.MediaType) } if err := w.commitSubjectReferrers(ctx, ref.Context().Digest(mf.Subject.Digest.String()), diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go index 96c0cce49d..9b0350b121 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go @@ -248,7 +248,7 @@ func followLinks(opener Opener, filePath string, visited map[string]bool) (io.Re if err != nil { return nil, err } - if hdr.Name == filePath { + if path.Clean(hdr.Name) == path.Clean(filePath) { if hdr.Typeflag == tar.TypeSymlink || hdr.Typeflag == tar.TypeLink { currentDir := filepath.Dir(filePath) return followLinks(opener, path.Join(currentDir, path.Clean(hdr.Linkname)), visited) @@ -374,6 +374,9 @@ func (c *compressedImage) Manifest() (*v1.Manifest, error) { if err != nil { return nil, err } + if i >= len(cfg.RootFS.DiffIDs) { + return nil, fmt.Errorf("tarball manifest references %d layer(s) but config has %d rootfs.diff_ids; the config may not describe a runnable image (for example, a buildkit cacheconfig)", len(c.imgDescriptor.Layers), len(cfg.RootFS.DiffIDs)) + } diffid := cfg.RootFS.DiffIDs[i] if d, ok := c.imgDescriptor.LayerSources[diffid]; ok { // If it's a foreign layer, just append the descriptor so we can avoid diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go index 8a26309618..5e63d52d52 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go @@ -22,10 +22,7 @@ import ( "os" "sync" - "github.com/containerd/stargz-snapshotter/estargz" - "github.com/google/go-containerregistry/internal/and" comp "github.com/google/go-containerregistry/internal/compression" - gestargz "github.com/google/go-containerregistry/internal/estargz" ggzip "github.com/google/go-containerregistry/internal/gzip" "github.com/google/go-containerregistry/internal/zstd" "github.com/google/go-containerregistry/pkg/compression" @@ -43,7 +40,6 @@ type layer struct { compression compression.Compression compressionLevel int annotations map[string]string - estgzopts []estargz.Option mediaType types.MediaType } @@ -161,53 +157,15 @@ func WithCompressedCaching(l *layer) { // through estargz.Options to the underlying compression layer. This is // only meaningful when estargz is enabled. // -// Deprecated: WithEstargz is deprecated, and will be removed in a future release. -func WithEstargzOptions(opts ...estargz.Option) LayerOption { - return func(l *layer) { - l.estgzopts = opts - } +// Deprecated: WithEstargz is deprecated; it is a no-op. +func WithEstargzOptions(...any) LayerOption { + return func(*layer) {} } // WithEstargz is a functional option that explicitly enables estargz support. // -// Deprecated: WithEstargz is deprecated, and will be removed in a future release. -func WithEstargz(l *layer) { - oguncompressed := l.uncompressedopener - estargz := func() (io.ReadCloser, error) { - crc, err := oguncompressed() - if err != nil { - return nil, err - } - eopts := append(l.estgzopts, estargz.WithCompressionLevel(l.compressionLevel)) - rc, h, err := gestargz.ReadCloser(crc, eopts...) - if err != nil { - return nil, err - } - l.annotations[estargz.TOCJSONDigestAnnotation] = h.String() - return &and.ReadCloser{ - Reader: rc, - CloseFunc: func() error { - err := rc.Close() - if err != nil { - return err - } - // As an optimization, leverage the DiffID exposed by the estargz ReadCloser - l.diffID, err = v1.NewHash(rc.DiffID().String()) - return err - }, - }, nil - } - uncompressed := func() (io.ReadCloser, error) { - urc, err := estargz() - if err != nil { - return nil, err - } - return ggzip.UnzipReadCloser(urc) - } - - l.compressedopener = estargz - l.uncompressedopener = uncompressed -} +// Deprecated: WithEstargz is deprecated; it is a no-op. +func WithEstargz(*layer) {} // LayerFromFile returns a v1.Layer given a tarball func LayerFromFile(path string, opts ...LayerOption) (v1.Layer, error) { @@ -241,11 +199,6 @@ func LayerFromOpener(opener Opener, opts ...LayerOption) (v1.Layer, error) { mediaType: types.DockerLayer, } - if estgz := os.Getenv("GGCR_EXPERIMENT_ESTARGZ"); estgz == "1" { - logs.Warn.Println("GGCR_EXPERIMENT_ESTARGZ is deprecated, and will be removed in a future release.") - opts = append([]LayerOption{WithEstargz}, opts...) - } - switch comp { case compression.GZip: layer.compressedopener = opener diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go index e607df164a..062268a5b9 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go @@ -191,16 +191,7 @@ func writeImagesToTar(imageToTags map[v1.Image][]string, m []byte, size int64, w } seenLayerDigests[hex] = struct{}{} - r, err := l.Compressed() - if err != nil { - return sendProgressWriterReturn(pw, err) - } - blobSize, err := l.Size() - if err != nil { - return sendProgressWriterReturn(pw, err) - } - - if err := writeTarEntry(tf, layerFiles[i], r, blobSize); err != nil { + if err := writeLayer(tf, layerFiles[i], l); err != nil { return sendProgressWriterReturn(pw, err) } } @@ -380,6 +371,23 @@ func writeTarEntry(tf *tar.Writer, path string, r io.Reader, size int64) error { return err } +// writeLayer streams a layer's compressed blob into the tar writer and closes +// the reader before returning. The close releases any pull-limiter slot held +// by a remote-backed layer (remote.WithJobs); leaving it open would deadlock +// the write loop after defaultJobs layers. +func writeLayer(tf *tar.Writer, name string, l v1.Layer) error { + r, err := l.Compressed() + if err != nil { + return err + } + defer r.Close() + blobSize, err := l.Size() + if err != nil { + return err + } + return writeTarEntry(tf, name, r, blobSize) +} + // ComputeManifest get the manifest.json that will be written to the tarball // for multiple references func ComputeManifest(refToImage map[name.Reference]v1.Image) (Manifest, error) { diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go index ea5beb5aa7..c0600808a3 100644 --- a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go +++ b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go @@ -118,7 +118,7 @@ func (k *Key) Public() crypto.PublicKey { // Sign signs a message digest, using the specified signer opts. Implements crypto.Signer interface. func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed []byte, err error) { if opts != nil && opts.HashFunc() != 0 && len(digest) != opts.HashFunc().Size() { - return nil, fmt.Errorf("Digest length of %v bytes does not match Hash function size of %v bytes", len(digest), opts.HashFunc().Size()) + return nil, fmt.Errorf("digest length of %v bytes does not match Hash function size of %v bytes", len(digest), opts.HashFunc().Size()) } err = k.client.Call(signAPI, SignArgs{Digest: digest, Opts: opts}, &signed) return @@ -138,7 +138,7 @@ func (k *Key) Decrypt(_ io.Reader, msg []byte, opts crypto.DecrypterOpts) (plain // ErrCredUnavailable is a sentinel error that indicates ECP Cred is unavailable, // possibly due to missing config or missing binary path. -var ErrCredUnavailable = errors.New("Cred is unavailable") +var ErrCredUnavailable = errors.New("cred is unavailable") // Cred spawns a signer subprocess that listens on stdin/stdout to perform certificate // related operations, including signing messages with the private key. diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go index f374a7f55f..ef76e1f047 100644 --- a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go +++ b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go @@ -39,7 +39,7 @@ type Libs struct { // ErrConfigUnavailable is a sentinel error that indicates ECP config is unavailable, // possibly due to entire config missing or missing binary path. -var ErrConfigUnavailable = errors.New("Config is unavailable") +var ErrConfigUnavailable = errors.New("config is unavailable") // LoadSignerBinaryPath retrieves the path of the signer binary from the config file. func LoadSignerBinaryPath(configFilePath string) (path string, err error) { diff --git a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md index 6c39f72854..ed27c5ee71 100644 --- a/vendor/github.com/googleapis/gax-go/v2/CHANGES.md +++ b/vendor/github.com/googleapis/gax-go/v2/CHANGES.md @@ -1,5 +1,14 @@ # Changes +## [2.22.0](https://github.com/googleapis/google-cloud-go/releases/tag/v2.22.0) (2026-04-14) + +## [2.21.0](https://github.com/googleapis/google-cloud-go/releases/tag/v2.21.0) (2026-04-01) + +### Features + +* hook transport telemetry into gax.Invoke and record (#496) ([d531001](https://github.com/googleapis/google-cloud-go/commit/d5310019d6c635956b61558627b13c2c2419044e)) +* update IsFeatureEnabled to not require EXPERIMENTAL (#497) ([a2a329e](https://github.com/googleapis/google-cloud-go/commit/a2a329e31d8ef8348a1ef7bea1c7072f8abcc145)) + ## [2.20.0](https://github.com/googleapis/google-cloud-go/releases/tag/v2.20.0) (2026-03-25) ### Features diff --git a/vendor/github.com/googleapis/gax-go/v2/feature.go b/vendor/github.com/googleapis/gax-go/v2/feature.go index 32e05a3234..c7a9ec88bb 100644 --- a/vendor/github.com/googleapis/gax-go/v2/feature.go +++ b/vendor/github.com/googleapis/gax-go/v2/feature.go @@ -51,11 +51,17 @@ func IsFeatureEnabled(name string) bool { featureEnabledOnce.Do(func() { featureEnabledStore = make(map[string]bool) for _, env := range os.Environ() { + prefix := "" if strings.HasPrefix(env, "GOOGLE_SDK_GO_EXPERIMENTAL_") { + prefix = "GOOGLE_SDK_GO_EXPERIMENTAL_" + } else if strings.HasPrefix(env, "GOOGLE_SDK_GO_") { + prefix = "GOOGLE_SDK_GO_" + } + if prefix != "" { // Parse "KEY=VALUE" kv := strings.SplitN(env, "=", 2) if len(kv) == 2 && strings.ToLower(kv[1]) == "true" { - key := strings.TrimPrefix(kv[0], "GOOGLE_SDK_GO_EXPERIMENTAL_") + key := strings.TrimPrefix(kv[0], prefix) featureEnabledStore[key] = true } } diff --git a/vendor/github.com/googleapis/gax-go/v2/internal/version.go b/vendor/github.com/googleapis/gax-go/v2/internal/version.go index 54dbcd337a..f324d1ab82 100644 --- a/vendor/github.com/googleapis/gax-go/v2/internal/version.go +++ b/vendor/github.com/googleapis/gax-go/v2/internal/version.go @@ -17,4 +17,4 @@ package internal // Version is the current tagged release of the library. -const Version = "2.20.0" +const Version = "2.22.0" diff --git a/vendor/github.com/googleapis/gax-go/v2/invoke.go b/vendor/github.com/googleapis/gax-go/v2/invoke.go index 7975dae367..ea16c3c5ac 100644 --- a/vendor/github.com/googleapis/gax-go/v2/invoke.go +++ b/vendor/github.com/googleapis/gax-go/v2/invoke.go @@ -91,6 +91,7 @@ func invoke(ctx context.Context, call APICall, settings CallSettings, sp sleeper if IsFeatureEnabled("METRICS") { start := time.Now() + ctx = InjectTransportTelemetry(ctx, &TransportTelemetryData{}) defer func() { recordMetric(ctx, settings, time.Since(start), err) }() diff --git a/vendor/github.com/googleapis/gax-go/v2/telemetry.go b/vendor/github.com/googleapis/gax-go/v2/telemetry.go index f3be81d4f6..b849b36919 100644 --- a/vendor/github.com/googleapis/gax-go/v2/telemetry.go +++ b/vendor/github.com/googleapis/gax-go/v2/telemetry.go @@ -54,9 +54,8 @@ import ( // regardless of any other documented package stability guarantees. // It should not be used by external consumers. type TransportTelemetryData struct { - serverAddress string - serverPort int - responseStatusCode int + serverAddress string + serverPort int } // SetServerAddress sets the server address. @@ -79,16 +78,6 @@ func (d *TransportTelemetryData) SetServerPort(port int) { d.serverPort = port } // regardless of any other documented package stability guarantees. func (d *TransportTelemetryData) ServerPort() int { return d.serverPort } -// SetResponseStatusCode sets the response status code. -// Experimental: This function is experimental and may be modified or removed in future versions, -// regardless of any other documented package stability guarantees. -func (d *TransportTelemetryData) SetResponseStatusCode(code int) { d.responseStatusCode = code } - -// ResponseStatusCode returns the response status code. -// Experimental: This function is experimental and may be modified or removed in future versions, -// regardless of any other documented package stability guarantees. -func (d *TransportTelemetryData) ResponseStatusCode() int { return d.responseStatusCode } - // transportTelemetryKey is the private context key used to inject TransportTelemetryData type transportTelemetryKey struct{} @@ -453,9 +442,20 @@ func recordMetric(ctx context.Context, settings CallSettings, d time.Duration, e attrs = append(attrs, settings.clientMetrics.attributes()...) errInfo := ExtractTelemetryErrorInfo(ctx, err) + + if td := ExtractTransportTelemetry(ctx); td != nil { + if td.ServerAddress() != "" { + attrs = append(attrs, attribute.String("server.address", td.ServerAddress())) + } + if td.ServerPort() != 0 { + attrs = append(attrs, attribute.Int("server.port", td.ServerPort())) + } + } + if errInfo.ErrorType != "" { attrs = append(attrs, attribute.String("error.type", errInfo.ErrorType)) } + attrs = append(attrs, attribute.String("rpc.response.status_code", errInfo.StatusCode)) if rpcMethod, ok := callctx.TelemetryFromContext(ctx, "rpc_method"); ok && rpcMethod != "" { diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/BUILD.bazel index d71991e6e8..58bdc76570 100644 --- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/BUILD.bazel +++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options/BUILD.bazel @@ -1,6 +1,6 @@ +load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library") load("@io_bazel_rules_go//go:def.bzl", "go_library") load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library") -load("@rules_proto//proto:defs.bzl", "proto_library") package(default_visibility = ["//visibility:public"]) diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go index 4e684c7de6..69edf5eff8 100644 --- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go +++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go @@ -71,6 +71,7 @@ type ServeMux struct { streamErrorHandler StreamErrorHandlerFunc routingErrorHandler RoutingErrorHandlerFunc disablePathLengthFallback bool + disableHTTPMethodOverride bool unescapingMode UnescapingMode writeContentLength bool disableChunkedEncoding bool @@ -271,6 +272,19 @@ func WithDisablePathLengthFallback() ServeMuxOption { } } +// WithDisableHTTPMethodOverride returns a ServeMuxOption that disables the +// X-HTTP-Method-Override header handling. +// +// When this option is used, the mux will no longer allow POST requests with +// the X-HTTP-Method-Override header to override the HTTP method. The path +// length fallback (POST with application/x-www-form-urlencoded falling back +// to a matching GET handler) is not affected by this option. +func WithDisableHTTPMethodOverride() ServeMuxOption { + return func(serveMux *ServeMux) { + serveMux.disableHTTPMethodOverride = true + } +} + // WithWriteContentLength returns a ServeMuxOption to enable writing content length on non-streaming responses func WithWriteContentLength() ServeMuxOption { return func(serveMux *ServeMux) { @@ -405,7 +419,7 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) { path = r.URL.RawPath } - if override := r.Header.Get("X-HTTP-Method-Override"); override != "" && s.isPathLengthFallback(r) { + if override := r.Header.Get("X-HTTP-Method-Override"); override != "" && !s.disableHTTPMethodOverride && s.isPathLengthFallback(r) { if err := r.ParseForm(); err != nil { _, outboundMarshaler := MarshalerForRequest(s, r) sterr := status.Error(codes.InvalidArgument, err.Error()) @@ -467,6 +481,7 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) { HTTPStatus: http.StatusBadRequest, Err: mse, }) + return } continue } @@ -509,6 +524,7 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) { HTTPStatus: http.StatusBadRequest, Err: mse, }) + return } continue } diff --git a/vendor/github.com/hairyhenderson/go-which/.release-please-manifest.json b/vendor/github.com/hairyhenderson/go-which/.release-please-manifest.json index 9d47a3df2d..c4302872b8 100644 --- a/vendor/github.com/hairyhenderson/go-which/.release-please-manifest.json +++ b/vendor/github.com/hairyhenderson/go-which/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "0.2.2" + ".": "0.2.3" } diff --git a/vendor/github.com/hairyhenderson/go-which/CHANGELOG.md b/vendor/github.com/hairyhenderson/go-which/CHANGELOG.md index a7e4b9ccdc..912c819061 100644 --- a/vendor/github.com/hairyhenderson/go-which/CHANGELOG.md +++ b/vendor/github.com/hairyhenderson/go-which/CHANGELOG.md @@ -1,5 +1,20 @@ # Changelog +## [0.2.3](https://github.com/hairyhenderson/go-which/compare/v0.2.2...v0.2.3) (2026-05-11) + + +### Dependencies + +* **actions:** bump googleapis/release-please-action from 4 to 5 ([#170](https://github.com/hairyhenderson/go-which/issues/170)) ([9432854](https://github.com/hairyhenderson/go-which/commit/9432854d85fd2f4fbd28db9d05920f80fa6fd870)) +* **actions:** Bump the actions group across 1 directory with 3 updates ([#164](https://github.com/hairyhenderson/go-which/issues/164)) ([3ed527c](https://github.com/hairyhenderson/go-which/commit/3ed527c9df78e0631a3fd2519931f94808af9a91)) +* **actions:** Bump webiny/action-conventional-commits ([#167](https://github.com/hairyhenderson/go-which/issues/167)) ([611c57a](https://github.com/hairyhenderson/go-which/commit/611c57a5262b9349df3496b3e0065f70d5ebb606)) +* **actions:** bump webiny/action-conventional-commits ([#171](https://github.com/hairyhenderson/go-which/issues/171)) ([bae3c34](https://github.com/hairyhenderson/go-which/commit/bae3c34e5038542a7d2a4ad31bdf6f7537718771)) +* **docker:** Bump alpine from 3.21 to 3.22 ([#157](https://github.com/hairyhenderson/go-which/issues/157)) ([3b6a4cc](https://github.com/hairyhenderson/go-which/commit/3b6a4cc403fe8ac34be4e408dee955fcd55050ce)) +* **docker:** Bump alpine from 3.22 to 3.23 ([#166](https://github.com/hairyhenderson/go-which/issues/166)) ([d2ad67a](https://github.com/hairyhenderson/go-which/commit/d2ad67a5196a425932c52411a684d16dbfea527d)) +* **docker:** Bump golang from 1.24-alpine to 1.26-alpine ([#168](https://github.com/hairyhenderson/go-which/issues/168)) ([1895cbd](https://github.com/hairyhenderson/go-which/commit/1895cbd51ae6b20e3deb07e41731b216f7ac1705)) +* **go:** Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 ([#162](https://github.com/hairyhenderson/go-which/issues/162)) ([c9bd910](https://github.com/hairyhenderson/go-which/commit/c9bd91028042381aa713eff0d22e245be7f9f486)) +* **go:** Bump to supported Go version ([#172](https://github.com/hairyhenderson/go-which/issues/172)) ([1904f89](https://github.com/hairyhenderson/go-which/commit/1904f8948d7841803dc2aca2ff64f25d6e06372e)) + ## [0.2.2](https://github.com/hairyhenderson/go-which/compare/v0.2.1...v0.2.2) (2025-04-20) diff --git a/vendor/github.com/hairyhenderson/go-which/Dockerfile b/vendor/github.com/hairyhenderson/go-which/Dockerfile index 0bb6b60ed1..d92b135d1f 100644 --- a/vendor/github.com/hairyhenderson/go-which/Dockerfile +++ b/vendor/github.com/hairyhenderson/go-which/Dockerfile @@ -1,6 +1,6 @@ FROM hairyhenderson/upx:3.96 AS upx -FROM golang:1.24-alpine AS build +FROM golang:1.26-alpine AS build RUN apk add --no-cache \ make \ @@ -49,7 +49,7 @@ LABEL org.opencontainers.image.revision=$VCS_REF \ ENTRYPOINT [ "/which" ] -FROM alpine:3.21 AS alpine +FROM alpine:3.23 AS alpine ARG OS=linux ARG ARCH=amd64 diff --git a/vendor/github.com/jedisct1/go-minisign/minisign.go b/vendor/github.com/jedisct1/go-minisign/minisign.go index 3e79646abb..102ce49a7c 100644 --- a/vendor/github.com/jedisct1/go-minisign/minisign.go +++ b/vendor/github.com/jedisct1/go-minisign/minisign.go @@ -1,13 +1,13 @@ package minisign import ( + "crypto/ed25519" "encoding/base64" "errors" - "io/ioutil" + "os" "strings" "golang.org/x/crypto/blake2b" - "golang.org/x/crypto/ed25519" ) type PublicKey struct { @@ -75,7 +75,7 @@ func DecodeSignature(in string) (Signature, error) { func NewPublicKeyFromFile(file string) (PublicKey, error) { var publicKey PublicKey - bin, err := ioutil.ReadFile(file) + bin, err := os.ReadFile(file) if err != nil { return publicKey, err } @@ -84,7 +84,7 @@ func NewPublicKeyFromFile(file string) (PublicKey, error) { func NewSignatureFromFile(file string) (Signature, error) { var signature Signature - bin, err := ioutil.ReadFile(file) + bin, err := os.ReadFile(file) if err != nil { return signature, err } @@ -125,7 +125,7 @@ func (publicKey *PublicKey) Verify(bin []byte, signature Signature) (bool, error } func (publicKey *PublicKey) VerifyFromFile(file string, signature Signature) (bool, error) { - bin, err := ioutil.ReadFile(file) + bin, err := os.ReadFile(file) if err != nil { return false, err } diff --git a/vendor/github.com/jedisct1/go-minisign/sign.go b/vendor/github.com/jedisct1/go-minisign/sign.go new file mode 100644 index 0000000000..a8cf920974 --- /dev/null +++ b/vendor/github.com/jedisct1/go-minisign/sign.go @@ -0,0 +1,383 @@ +package minisign + +import ( + "bytes" + "crypto/ed25519" + "crypto/subtle" + "encoding/base64" + "encoding/binary" + "errors" + "fmt" + "io" + "os" + "path/filepath" + "strings" + "time" + + "golang.org/x/crypto/blake2b" + "golang.org/x/crypto/scrypt" +) + +const ( + sigAlgEd = "Ed" + kdfAlgScrypt = "Sc" + chkAlgBlake2b = "B2" + commentPrefix = "untrusted comment: " + trustedPrefix = "trusted comment: " + defaultSigUntrusted = "signature from minisign secret key" + secretKeyLen = 158 + streamLen = 104 + + // trustedCommentMaxLen mirrors TRUSTEDCOMMENTMAXBYTES in the C + // reference: any longer line cannot be read back by minisign(1). + trustedCommentMaxLen = 8192 - len(trustedPrefix) +) + +// PrivateKey is a minisign Ed25519 secret key. It may be stored in encrypted +// form; call Decrypt with the passphrase before signing in that case. +type PrivateKey struct { + UntrustedComment string + SignatureAlgorithm [2]byte + KDFAlgorithm [2]byte + ChecksumAlgorithm [2]byte + KDFSalt [32]byte + KDFOpsLimit uint64 + KDFMemLimit uint64 + KeyId [8]byte + SecretKey [64]byte + Checksum [32]byte +} + +// IsEncrypted reports whether the key material is still encrypted under a +// passphrase. Calling Sign on an encrypted key returns an error. +func (sk *PrivateKey) IsEncrypted() bool { + return sk.KDFAlgorithm != [2]byte{0, 0} +} + +// NewPrivateKey parses a single base64-encoded private key payload. +func NewPrivateKey(in string) (PrivateKey, error) { + var sk PrivateKey + bin, err := base64.StdEncoding.DecodeString(trimCarriageReturn(in)) + if err != nil || len(bin) != secretKeyLen { + return sk, errors.New("Invalid encoded secret key") + } + copy(sk.SignatureAlgorithm[:], bin[0:2]) + copy(sk.KDFAlgorithm[:], bin[2:4]) + copy(sk.ChecksumAlgorithm[:], bin[4:6]) + copy(sk.KDFSalt[:], bin[6:38]) + sk.KDFOpsLimit = binary.LittleEndian.Uint64(bin[38:46]) + sk.KDFMemLimit = binary.LittleEndian.Uint64(bin[46:54]) + copy(sk.KeyId[:], bin[54:62]) + copy(sk.SecretKey[:], bin[62:126]) + copy(sk.Checksum[:], bin[126:158]) + if string(sk.SignatureAlgorithm[:]) != sigAlgEd { + return sk, errors.New("Unsupported signature algorithm") + } + if string(sk.ChecksumAlgorithm[:]) != chkAlgBlake2b { + return sk, errors.New("Unsupported checksum algorithm") + } + return sk, nil +} + +// DecodePrivateKey parses a full minisign secret key file (comment line + +// base64 payload). +func DecodePrivateKey(in string) (PrivateKey, error) { + lines := strings.SplitN(in, "\n", 2) + if len(lines) < 2 { + return PrivateKey{}, errors.New("Incomplete encoded secret key") + } + sk, err := NewPrivateKey(lines[1]) + if err != nil { + return sk, err + } + sk.UntrustedComment = trimCarriageReturn(lines[0]) + return sk, nil +} + +// NewPrivateKeyFromFile reads and parses a minisign secret key file. +func NewPrivateKeyFromFile(file string) (PrivateKey, error) { + bin, err := os.ReadFile(file) + if err != nil { + return PrivateKey{}, err + } + return DecodePrivateKey(string(bin)) +} + +// scryptParamsFromLimits ports libsodium's pwhash_scryptsalsa208sha256 +// pickparams logic so that scrypt parameters match what the minisign C +// reference implementation uses for the same opslimit and memlimit. +func scryptParamsFromLimits(opslimit, memlimit uint64) (N, r, p int, err error) { + if opslimit < 32768 { + opslimit = 32768 + } + r = 8 + pick := func(maxN uint64) int { + ln := 1 + for ln < 63 && uint64(1)< 0x3fffffff { + maxrp = 0x3fffffff + } + p = int(maxrp / uint64(r)) + } + if ln >= 63 { + return 0, 0, 0, errors.New("Invalid scrypt parameters") + } + N = 1 << ln + return N, r, p, nil +} + +// Decrypt decrypts the secret key in place. It is a no-op on an unencrypted +// key. The passphrase is verified against the stored Blake2b-256 checksum. +func (sk *PrivateKey) Decrypt(password string) error { + if !sk.IsEncrypted() { + return nil + } + if string(sk.KDFAlgorithm[:]) != kdfAlgScrypt { + return errors.New("Unsupported KDF algorithm") + } + N, r, p, err := scryptParamsFromLimits(sk.KDFOpsLimit, sk.KDFMemLimit) + if err != nil { + return err + } + stream, err := scrypt.Key([]byte(password), sk.KDFSalt[:], N, r, p, streamLen) + if err != nil { + return err + } + defer wipe(stream) + + var keyId [8]byte + var secret [64]byte + var chk [32]byte + defer wipe(secret[:]) + defer wipe(chk[:]) + for i := range keyId { + keyId[i] = sk.KeyId[i] ^ stream[i] + } + for i := range secret { + secret[i] = sk.SecretKey[i] ^ stream[8+i] + } + for i := range chk { + chk[i] = sk.Checksum[i] ^ stream[72+i] + } + + h, _ := blake2b.New256(nil) + h.Write(sk.SignatureAlgorithm[:]) + h.Write(keyId[:]) + h.Write(secret[:]) + expected := h.Sum(nil) + if subtle.ConstantTimeCompare(expected, chk[:]) != 1 { + return errors.New("Wrong password") + } + sk.KeyId = keyId + sk.SecretKey = secret + sk.Checksum = chk + sk.KDFAlgorithm = [2]byte{0, 0} + return nil +} + +// Wipe overwrites the in-memory secret key, checksum and key id with zeros. +// Call this when the key is no longer needed; the buffer will not be usable +// for signing afterwards. +func (sk *PrivateKey) Wipe() { + wipe(sk.SecretKey[:]) + wipe(sk.Checksum[:]) + wipe(sk.KeyId[:]) +} + +func wipe(b []byte) { + for i := range b { + b[i] = 0 + } +} + +// isPrintable matches the C reference's is_printable so that trusted comments +// we emit are accepted when read back. +func isPrintable(s string) bool { + for i := 0; i < len(s); i++ { + c := s[i] + if c == '\t' { + continue + } + if c < 0x20 || c >= 0x7f { + return false + } + } + return true +} + +// PublicKey derives the public key from the (decrypted) secret key. +func (sk *PrivateKey) PublicKey() PublicKey { + var pk PublicKey + pk.SignatureAlgorithm = [2]byte{'E', 'd'} + pk.KeyId = sk.KeyId + copy(pk.PublicKey[:], sk.SecretKey[32:64]) + return pk +} + +// SignOptions configures a signing operation. +type SignOptions struct { + // UntrustedComment is written as the first line of the .minisig file. + // Empty defaults to "signature from minisign secret key". + UntrustedComment string + + // TrustedComment is signed as part of the global signature. + // Empty defaults to "timestamp:". + TrustedComment string + + // Hashed selects the prehashed signature variant ("ED"), in which the + // signature is computed over a Blake2b-512 hash of the message. This is + // the recommended mode and is required for streaming signers. When + // false, the signature is computed directly over the message bytes + // (legacy "Ed" mode). + Hashed bool +} + +// Sign produces a minisign signature over data. The returned Signature can be +// serialized with Encode. +func (sk *PrivateKey) Sign(data []byte, opts SignOptions) (Signature, error) { + if opts.Hashed { + h, _ := blake2b.New512(nil) + h.Write(data) + return sk.signRaw(h.Sum(nil), true, opts) + } + return sk.signRaw(data, false, opts) +} + +func (sk *PrivateKey) signRaw(message []byte, hashed bool, opts SignOptions) (Signature, error) { + if sk.IsEncrypted() { + return Signature{}, errors.New("Secret key is encrypted; call Decrypt first") + } + if string(sk.SignatureAlgorithm[:]) != sigAlgEd { + return Signature{}, errors.New("Unsupported signature algorithm") + } + + untrusted := opts.UntrustedComment + if untrusted == "" { + untrusted = defaultSigUntrusted + } + if hasNewline(untrusted) { + return Signature{}, errors.New("Untrusted comment must fit on a single line") + } + trusted := opts.TrustedComment + if trusted == "" { + trusted = fmt.Sprintf("timestamp:%d", time.Now().Unix()) + } + if hasNewline(trusted) { + return Signature{}, errors.New("Trusted comment must fit on a single line") + } + if !isPrintable(trusted) { + return Signature{}, errors.New("Trusted comment contains unprintable characters") + } + if len(trusted) > trustedCommentMaxLen { + return Signature{}, errors.New("Trusted comment too long") + } + + var sig Signature + sig.KeyId = sk.KeyId + sig.UntrustedComment = commentPrefix + untrusted + sig.TrustedComment = trustedPrefix + trusted + if hashed { + sig.SignatureAlgorithm = [2]byte{'E', 'D'} + } else { + sig.SignatureAlgorithm = [2]byte{'E', 'd'} + } + + edSK := ed25519.PrivateKey(sk.SecretKey[:]) + raw := ed25519.Sign(edSK, message) + copy(sig.Signature[:], raw) + + global := make([]byte, 0, len(raw)+len(trusted)) + global = append(global, raw...) + global = append(global, trusted...) + copy(sig.GlobalSignature[:], ed25519.Sign(edSK, global)) + + return sig, nil +} + +// SignFile signs the contents of a file. In Hashed mode the file is streamed +// through Blake2b-512 with constant memory; in legacy mode the file is loaded +// into memory because Ed25519 needs the message twice. +// +// If opts.TrustedComment is empty, a default of "timestamp:\tfile:" +// (with "\thashed" appended for prehashed signatures) is used — matching what +// the reference minisign(1) CLI writes. +func (sk *PrivateKey) SignFile(file string, opts SignOptions) (Signature, error) { + if opts.TrustedComment == "" { + opts.TrustedComment = defaultTrustedComment(filepath.Base(file), opts.Hashed) + } + if !opts.Hashed { + data, err := os.ReadFile(file) + if err != nil { + return Signature{}, err + } + return sk.signRaw(data, false, opts) + } + f, err := os.Open(file) + if err != nil { + return Signature{}, err + } + defer f.Close() + h, _ := blake2b.New512(nil) + if _, err := io.Copy(h, f); err != nil { + return Signature{}, err + } + return sk.signRaw(h.Sum(nil), true, opts) +} + +func defaultTrustedComment(basename string, hashed bool) string { + suffix := "" + if hashed { + suffix = "\thashed" + } + return fmt.Sprintf("timestamp:%d\tfile:%s%s", time.Now().Unix(), basename, suffix) +} + +// Encode serializes the signature into the textual minisign .minisig format. +func (sig Signature) Encode() []byte { + bin1 := make([]byte, 0, 74) + bin1 = append(bin1, sig.SignatureAlgorithm[:]...) + bin1 = append(bin1, sig.KeyId[:]...) + bin1 = append(bin1, sig.Signature[:]...) + + untrusted := sig.UntrustedComment + if untrusted == "" { + untrusted = commentPrefix + defaultSigUntrusted + } else if !strings.HasPrefix(untrusted, commentPrefix) { + untrusted = commentPrefix + untrusted + } + trusted := sig.TrustedComment + if !strings.HasPrefix(trusted, trustedPrefix) { + trusted = trustedPrefix + trusted + } + + var buf bytes.Buffer + buf.WriteString(untrusted) + buf.WriteByte('\n') + buf.WriteString(base64.StdEncoding.EncodeToString(bin1)) + buf.WriteByte('\n') + buf.WriteString(trusted) + buf.WriteByte('\n') + buf.WriteString(base64.StdEncoding.EncodeToString(sig.GlobalSignature[:])) + buf.WriteByte('\n') + return buf.Bytes() +} + +// MarshalText implements encoding.TextMarshaler. +func (sig Signature) MarshalText() ([]byte, error) { + return sig.Encode(), nil +} + +func hasNewline(s string) bool { + return strings.ContainsAny(s, "\r\n") +} diff --git a/vendor/github.com/jellydator/ttlcache/v3/README.md b/vendor/github.com/jellydator/ttlcache/v3/README.md index d941495fa2..b010bbcd2d 100644 --- a/vendor/github.com/jellydator/ttlcache/v3/README.md +++ b/vendor/github.com/jellydator/ttlcache/v3/README.md @@ -20,10 +20,6 @@ go get github.com/jellydator/ttlcache/v3 ``` -## Status -The `ttlcache` package is stable and used by [Jellydator](https://jellydator.com/), -as well as thousands of other projects and organizations in production. - ## Usage The main type of `ttlcache` is `Cache`. It represents a single in-memory data store. @@ -162,7 +158,7 @@ func main() { ttlcache.WithMaxCost[string, string](5120, func(item ttlcache.CostItem[string, string]) uint64 { // Note: The below line doesn't include memory used by internal // structures or string metadata for the key and the value. - return len(item.Key) + len(item.Value) + return uint64(len(item.Key) + len(item.Value)) }), ) @@ -170,11 +166,7 @@ func main() { } ``` -## Examples & Tutorials +## Examples See the [example](https://github.com/jellydator/ttlcache/tree/v3/examples) directory for applications demonstrating how to use `ttlcache`. - -If you want to learn and follow along as these example applications are -built, check out the tutorials below: -- [Speeding Up HTTP Endpoints with Response Caching in Go](https://jellydator.com/blog/speeding-up-http-endpoints-with-response-caching-in-go/) diff --git a/vendor/github.com/jellydator/ttlcache/v3/cache.go b/vendor/github.com/jellydator/ttlcache/v3/cache.go index 1cfcaf9141..d860225765 100644 --- a/vendor/github.com/jellydator/ttlcache/v3/cache.go +++ b/vendor/github.com/jellydator/ttlcache/v3/cache.go @@ -88,14 +88,11 @@ func New[K comparable, V any](opts ...Option[K, V]) *Cache[K, V] { // updateExpirations updates the expiration queue and notifies // the cache auto cleaner if needed. +// 'oldExpiresAt' should reflect the front of the expiration queue +// before any item mutations. // Not safe for concurrent use by multiple goroutines without additional // locking. -func (c *Cache[K, V]) updateExpirations(fresh bool, elem *list.Element) { - var oldExpiresAt time.Time - - if !c.items.expQueue.isEmpty() { - oldExpiresAt = c.items.expQueue[0].Value.(*Item[K, V]).expiresAt - } +func (c *Cache[K, V]) updateExpirations(fresh bool, elem *list.Element, oldExpiresAt time.Time) { if fresh { c.items.expQueue.push(elem) @@ -151,9 +148,14 @@ func (c *Cache[K, V]) set(key K, value V, ttl time.Duration) *Item[K, V] { item := elem.Value.(*Item[K, V]) oldItemCost := item.cost + var oldExpiresAt time.Time + if !c.items.expQueue.isEmpty() { + oldExpiresAt = c.items.expQueue[0].Value.(*Item[K, V]).expiresAt + } + item.update(value, ttl) - c.updateExpirations(false, elem) + c.updateExpirations(false, elem, oldExpiresAt) if c.options.maxCost != 0 { c.cost = c.cost - oldItemCost + item.cost @@ -185,11 +187,16 @@ func (c *Cache[K, V]) set(key K, value V, ttl time.Duration) *Item[K, V] { ttl = c.options.ttl } + var oldExpiresAt time.Time + if !c.items.expQueue.isEmpty() { + oldExpiresAt = c.items.expQueue[0].Value.(*Item[K, V]).expiresAt + } + // create a new item item := NewItemWithOpts(key, value, ttl, c.options.itemOpts...) elem = c.items.lru.PushFront(item) c.items.values[key] = elem - c.updateExpirations(true, elem) + c.updateExpirations(true, elem, oldExpiresAt) if c.options.maxCost != 0 { c.cost += item.cost @@ -231,8 +238,13 @@ func (c *Cache[K, V]) get(key K, touch bool, includeExpired bool) *list.Element c.items.lru.MoveToFront(elem) if touch && item.ttl > 0 { + var oldExpiresAt time.Time + if !c.items.expQueue.isEmpty() { + oldExpiresAt = c.items.expQueue[0].Value.(*Item[K, V]).expiresAt + } + item.touch() - c.updateExpirations(false, elem) + c.updateExpirations(false, elem, oldExpiresAt) } return elem diff --git a/vendor/github.com/klauspost/compress/.gitattributes b/vendor/github.com/klauspost/compress/.gitattributes index 402433593c..57aa6487c5 100644 --- a/vendor/github.com/klauspost/compress/.gitattributes +++ b/vendor/github.com/klauspost/compress/.gitattributes @@ -1,2 +1,3 @@ * -text *.bin -text -diff +*.md text eol=lf diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md index e839fe9c60..fb023f2cf2 100644 --- a/vendor/github.com/klauspost/compress/README.md +++ b/vendor/github.com/klauspost/compress/README.md @@ -1,700 +1,700 @@ -# compress - -This package provides various compression algorithms. - -* [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression and decompression in pure Go. -* [S2](https://github.com/klauspost/compress/tree/master/s2#s2-compression) is a high performance replacement for Snappy. -* Optimized [deflate](https://godoc.org/github.com/klauspost/compress/flate) packages which can be used as a dropin replacement for [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip) and [zlib](https://godoc.org/github.com/klauspost/compress/zlib). -* [snappy](https://github.com/klauspost/compress/tree/master/snappy) is a drop-in replacement for `github.com/golang/snappy` offering better compression and concurrent streams. -* [huff0](https://github.com/klauspost/compress/tree/master/huff0) and [FSE](https://github.com/klauspost/compress/tree/master/fse) implementations for raw entropy encoding. -* [gzhttp](https://github.com/klauspost/compress/tree/master/gzhttp) Provides client and server wrappers for handling gzipped/zstd HTTP requests efficiently. -* [pgzip](https://github.com/klauspost/pgzip) is a separate package that provides a very fast parallel gzip implementation. - -[![Go Reference](https://pkg.go.dev/badge/klauspost/compress.svg)](https://pkg.go.dev/github.com/klauspost/compress?tab=subdirectories) -[![Go](https://github.com/klauspost/compress/actions/workflows/go.yml/badge.svg)](https://github.com/klauspost/compress/actions/workflows/go.yml) -[![Sourcegraph Badge](https://sourcegraph.com/github.com/klauspost/compress/-/badge.svg)](https://sourcegraph.com/github.com/klauspost/compress?badge) - -# package usage - -Use `go get github.com/klauspost/compress@latest` to add it to your project. - -This package will support the current Go version and 2 versions back. - -* Use the `nounsafe` tag to disable all use of the "unsafe" package. -* Use the `noasm` tag to disable all assembly across packages. - -Use the links above for more information on each. - -# changelog - -* Feb 9th, 2026 [1.18.4](https://github.com/klauspost/compress/releases/tag/v1.18.4) - * gzhttp: Add zstandard to server handler wrapper https://github.com/klauspost/compress/pull/1121 - * zstd: Add ResetWithOptions to encoder/decoder https://github.com/klauspost/compress/pull/1122 - * gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @analytically in https://github.com/klauspost/compress/pull/1116 - -* Jan 16th, 2026 [1.18.3](https://github.com/klauspost/compress/releases/tag/v1.18.3) - * Downstream CVE-2025-61728. See [golang/go#77102](https://github.com/golang/go/issues/77102). - -* Dec 1st, 2025 - [1.18.2](https://github.com/klauspost/compress/releases/tag/v1.18.2) - * flate: Fix invalid encoding on level 9 with single value input in https://github.com/klauspost/compress/pull/1115 - * flate: reduce stateless allocations by @RXamzin in https://github.com/klauspost/compress/pull/1106 - -* Oct 20, 2025 - [1.18.1](https://github.com/klauspost/compress/releases/tag/v1.18.1) - RETRACTED - * zstd: Add simple zstd EncodeTo/DecodeTo functions https://github.com/klauspost/compress/pull/1079 - * zstd: Fix incorrect buffer size in dictionary encodes https://github.com/klauspost/compress/pull/1059 - * s2: check for cap, not len of buffer in EncodeBetter/Best by @vdarulis in https://github.com/klauspost/compress/pull/1080 - * zlib: Avoiding extra allocation in zlib.reader.Reset by @travelpolicy in https://github.com/klauspost/compress/pull/1086 - * gzhttp: remove redundant err check in zstdReader by @ryanfowler in https://github.com/klauspost/compress/pull/1090 - * flate: Faster load+store https://github.com/klauspost/compress/pull/1104 - * flate: Simplify matchlen https://github.com/klauspost/compress/pull/1101 - * flate: Use exact sizes for huffman tables https://github.com/klauspost/compress/pull/1103 - -* Feb 19th, 2025 - [1.18.0](https://github.com/klauspost/compress/releases/tag/v1.18.0) - * Add unsafe little endian loaders https://github.com/klauspost/compress/pull/1036 - * fix: check `r.err != nil` but return a nil value error `err` by @alingse in https://github.com/klauspost/compress/pull/1028 - * flate: Simplify L4-6 loading https://github.com/klauspost/compress/pull/1043 - * flate: Simplify matchlen (remove asm) https://github.com/klauspost/compress/pull/1045 - * s2: Improve small block compression speed w/o asm https://github.com/klauspost/compress/pull/1048 - * flate: Fix matchlen L5+L6 https://github.com/klauspost/compress/pull/1049 - * flate: Cleanup & reduce casts https://github.com/klauspost/compress/pull/1050 - -
- See changes to v1.17.x - -* Oct 11th, 2024 - [1.17.11](https://github.com/klauspost/compress/releases/tag/v1.17.11) - * zstd: Fix extra CRC written with multiple Close calls https://github.com/klauspost/compress/pull/1017 - * s2: Don't use stack for index tables https://github.com/klauspost/compress/pull/1014 - * gzhttp: No content-type on no body response code by @juliens in https://github.com/klauspost/compress/pull/1011 - * gzhttp: Do not set the content-type when response has no body by @kevinpollet in https://github.com/klauspost/compress/pull/1013 - -* Sep 23rd, 2024 - [1.17.10](https://github.com/klauspost/compress/releases/tag/v1.17.10) - * gzhttp: Add TransportAlwaysDecompress option. https://github.com/klauspost/compress/pull/978 - * gzhttp: Add supported decompress request body by @mirecl in https://github.com/klauspost/compress/pull/1002 - * s2: Add EncodeBuffer buffer recycling callback https://github.com/klauspost/compress/pull/982 - * zstd: Improve memory usage on small streaming encodes https://github.com/klauspost/compress/pull/1007 - * flate: read data written with partial flush by @vajexal in https://github.com/klauspost/compress/pull/996 - -* Jun 12th, 2024 - [1.17.9](https://github.com/klauspost/compress/releases/tag/v1.17.9) - * s2: Reduce ReadFrom temporary allocations https://github.com/klauspost/compress/pull/949 - * flate, zstd: Shave some bytes off amd64 matchLen by @greatroar in https://github.com/klauspost/compress/pull/963 - * Upgrade zip/zlib to 1.22.4 upstream https://github.com/klauspost/compress/pull/970 https://github.com/klauspost/compress/pull/971 - * zstd: BuildDict fails with RLE table https://github.com/klauspost/compress/pull/951 - -* Apr 9th, 2024 - [1.17.8](https://github.com/klauspost/compress/releases/tag/v1.17.8) - * zstd: Reject blocks where reserved values are not 0 https://github.com/klauspost/compress/pull/885 - * zstd: Add RLE detection+encoding https://github.com/klauspost/compress/pull/938 - -* Feb 21st, 2024 - [1.17.7](https://github.com/klauspost/compress/releases/tag/v1.17.7) - * s2: Add AsyncFlush method: Complete the block without flushing by @Jille in https://github.com/klauspost/compress/pull/927 - * s2: Fix literal+repeat exceeds dst crash https://github.com/klauspost/compress/pull/930 - -* Feb 5th, 2024 - [1.17.6](https://github.com/klauspost/compress/releases/tag/v1.17.6) - * zstd: Fix incorrect repeat coding in best mode https://github.com/klauspost/compress/pull/923 - * s2: Fix DecodeConcurrent deadlock on errors https://github.com/klauspost/compress/pull/925 - -* Jan 26th, 2024 - [v1.17.5](https://github.com/klauspost/compress/releases/tag/v1.17.5) - * flate: Fix reset with dictionary on custom window encodes https://github.com/klauspost/compress/pull/912 - * zstd: Add Frame header encoding and stripping https://github.com/klauspost/compress/pull/908 - * zstd: Limit better/best default window to 8MB https://github.com/klauspost/compress/pull/913 - * zstd: Speed improvements by @greatroar in https://github.com/klauspost/compress/pull/896 https://github.com/klauspost/compress/pull/910 - * s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) by @Jille in https://github.com/klauspost/compress/pull/916 https://github.com/klauspost/compress/pull/917 -https://github.com/klauspost/compress/pull/919 https://github.com/klauspost/compress/pull/918 - -* Dec 1st, 2023 - [v1.17.4](https://github.com/klauspost/compress/releases/tag/v1.17.4) - * huff0: Speed up symbol counting by @greatroar in https://github.com/klauspost/compress/pull/887 - * huff0: Remove byteReader by @greatroar in https://github.com/klauspost/compress/pull/886 - * gzhttp: Allow overriding decompression on transport https://github.com/klauspost/compress/pull/892 - * gzhttp: Clamp compression level https://github.com/klauspost/compress/pull/890 - * gzip: Error out if reserved bits are set https://github.com/klauspost/compress/pull/891 - -* Nov 15th, 2023 - [v1.17.3](https://github.com/klauspost/compress/releases/tag/v1.17.3) - * fse: Fix max header size https://github.com/klauspost/compress/pull/881 - * zstd: Improve better/best compression https://github.com/klauspost/compress/pull/877 - * gzhttp: Fix missing content type on Close https://github.com/klauspost/compress/pull/883 - -* Oct 22nd, 2023 - [v1.17.2](https://github.com/klauspost/compress/releases/tag/v1.17.2) - * zstd: Fix rare *CORRUPTION* output in "best" mode. See https://github.com/klauspost/compress/pull/876 - -* Oct 14th, 2023 - [v1.17.1](https://github.com/klauspost/compress/releases/tag/v1.17.1) - * s2: Fix S2 "best" dictionary wrong encoding https://github.com/klauspost/compress/pull/871 - * flate: Reduce allocations in decompressor and minor code improvements by @fakefloordiv in https://github.com/klauspost/compress/pull/869 - * s2: Fix EstimateBlockSize on 6&7 length input https://github.com/klauspost/compress/pull/867 - -* Sept 19th, 2023 - [v1.17.0](https://github.com/klauspost/compress/releases/tag/v1.17.0) - * Add experimental dictionary builder https://github.com/klauspost/compress/pull/853 - * Add xerial snappy read/writer https://github.com/klauspost/compress/pull/838 - * flate: Add limited window compression https://github.com/klauspost/compress/pull/843 - * s2: Do 2 overlapping match checks https://github.com/klauspost/compress/pull/839 - * flate: Add amd64 assembly matchlen https://github.com/klauspost/compress/pull/837 - * gzip: Copy bufio.Reader on Reset by @thatguystone in https://github.com/klauspost/compress/pull/860 - -
-
- See changes to v1.16.x - - -* July 1st, 2023 - [v1.16.7](https://github.com/klauspost/compress/releases/tag/v1.16.7) - * zstd: Fix default level first dictionary encode https://github.com/klauspost/compress/pull/829 - * s2: add GetBufferCapacity() method by @GiedriusS in https://github.com/klauspost/compress/pull/832 - -* June 13, 2023 - [v1.16.6](https://github.com/klauspost/compress/releases/tag/v1.16.6) - * zstd: correctly ignore WithEncoderPadding(1) by @ianlancetaylor in https://github.com/klauspost/compress/pull/806 - * zstd: Add amd64 match length assembly https://github.com/klauspost/compress/pull/824 - * gzhttp: Handle informational headers by @rtribotte in https://github.com/klauspost/compress/pull/815 - * s2: Improve Better compression slightly https://github.com/klauspost/compress/pull/663 - -* Apr 16, 2023 - [v1.16.5](https://github.com/klauspost/compress/releases/tag/v1.16.5) - * zstd: readByte needs to use io.ReadFull by @jnoxon in https://github.com/klauspost/compress/pull/802 - * gzip: Fix WriterTo after initial read https://github.com/klauspost/compress/pull/804 - -* Apr 5, 2023 - [v1.16.4](https://github.com/klauspost/compress/releases/tag/v1.16.4) - * zstd: Improve zstd best efficiency by @greatroar and @klauspost in https://github.com/klauspost/compress/pull/784 - * zstd: Respect WithAllLitEntropyCompression https://github.com/klauspost/compress/pull/792 - * zstd: Fix amd64 not always detecting corrupt data https://github.com/klauspost/compress/pull/785 - * zstd: Various minor improvements by @greatroar in https://github.com/klauspost/compress/pull/788 https://github.com/klauspost/compress/pull/794 https://github.com/klauspost/compress/pull/795 - * s2: Fix huge block overflow https://github.com/klauspost/compress/pull/779 - * s2: Allow CustomEncoder fallback https://github.com/klauspost/compress/pull/780 - * gzhttp: Support ResponseWriter Unwrap() in gzhttp handler by @jgimenez in https://github.com/klauspost/compress/pull/799 - -* Mar 13, 2023 - [v1.16.1](https://github.com/klauspost/compress/releases/tag/v1.16.1) - * zstd: Speed up + improve best encoder by @greatroar in https://github.com/klauspost/compress/pull/776 - * gzhttp: Add optional [BREACH mitigation](https://github.com/klauspost/compress/tree/master/gzhttp#breach-mitigation). https://github.com/klauspost/compress/pull/762 https://github.com/klauspost/compress/pull/768 https://github.com/klauspost/compress/pull/769 https://github.com/klauspost/compress/pull/770 https://github.com/klauspost/compress/pull/767 - * s2: Add Intel LZ4s converter https://github.com/klauspost/compress/pull/766 - * zstd: Minor bug fixes https://github.com/klauspost/compress/pull/771 https://github.com/klauspost/compress/pull/772 https://github.com/klauspost/compress/pull/773 - * huff0: Speed up compress1xDo by @greatroar in https://github.com/klauspost/compress/pull/774 - -* Feb 26, 2023 - [v1.16.0](https://github.com/klauspost/compress/releases/tag/v1.16.0) - * s2: Add [Dictionary](https://github.com/klauspost/compress/tree/master/s2#dictionaries) support. https://github.com/klauspost/compress/pull/685 - * s2: Add Compression Size Estimate. https://github.com/klauspost/compress/pull/752 - * s2: Add support for custom stream encoder. https://github.com/klauspost/compress/pull/755 - * s2: Add LZ4 block converter. https://github.com/klauspost/compress/pull/748 - * s2: Support io.ReaderAt in ReadSeeker. https://github.com/klauspost/compress/pull/747 - * s2c/s2sx: Use concurrent decoding. https://github.com/klauspost/compress/pull/746 -
- -
- See changes to v1.15.x - -* Jan 21st, 2023 (v1.15.15) - * deflate: Improve level 7-9 https://github.com/klauspost/compress/pull/739 - * zstd: Add delta encoding support by @greatroar in https://github.com/klauspost/compress/pull/728 - * zstd: Various speed improvements by @greatroar https://github.com/klauspost/compress/pull/741 https://github.com/klauspost/compress/pull/734 https://github.com/klauspost/compress/pull/736 https://github.com/klauspost/compress/pull/744 https://github.com/klauspost/compress/pull/743 https://github.com/klauspost/compress/pull/745 - * gzhttp: Add SuffixETag() and DropETag() options to prevent ETag collisions on compressed responses by @willbicks in https://github.com/klauspost/compress/pull/740 - -* Jan 3rd, 2023 (v1.15.14) - - * flate: Improve speed in big stateless blocks https://github.com/klauspost/compress/pull/718 - * zstd: Minor speed tweaks by @greatroar in https://github.com/klauspost/compress/pull/716 https://github.com/klauspost/compress/pull/720 - * export NoGzipResponseWriter for custom ResponseWriter wrappers by @harshavardhana in https://github.com/klauspost/compress/pull/722 - * s2: Add example for indexing and existing stream https://github.com/klauspost/compress/pull/723 - -* Dec 11, 2022 (v1.15.13) - * zstd: Add [MaxEncodedSize](https://pkg.go.dev/github.com/klauspost/compress@v1.15.13/zstd#Encoder.MaxEncodedSize) to encoder https://github.com/klauspost/compress/pull/691 - * zstd: Various tweaks and improvements https://github.com/klauspost/compress/pull/693 https://github.com/klauspost/compress/pull/695 https://github.com/klauspost/compress/pull/696 https://github.com/klauspost/compress/pull/701 https://github.com/klauspost/compress/pull/702 https://github.com/klauspost/compress/pull/703 https://github.com/klauspost/compress/pull/704 https://github.com/klauspost/compress/pull/705 https://github.com/klauspost/compress/pull/706 https://github.com/klauspost/compress/pull/707 https://github.com/klauspost/compress/pull/708 - -* Oct 26, 2022 (v1.15.12) - - * zstd: Tweak decoder allocs. https://github.com/klauspost/compress/pull/680 - * gzhttp: Always delete `HeaderNoCompression` https://github.com/klauspost/compress/pull/683 - -* Sept 26, 2022 (v1.15.11) - - * flate: Improve level 1-3 compression https://github.com/klauspost/compress/pull/678 - * zstd: Improve "best" compression by @nightwolfz in https://github.com/klauspost/compress/pull/677 - * zstd: Fix+reduce decompression allocations https://github.com/klauspost/compress/pull/668 - * zstd: Fix non-effective noescape tag https://github.com/klauspost/compress/pull/667 - -* Sept 16, 2022 (v1.15.10) - - * zstd: Add [WithDecodeAllCapLimit](https://pkg.go.dev/github.com/klauspost/compress@v1.15.10/zstd#WithDecodeAllCapLimit) https://github.com/klauspost/compress/pull/649 - * Add Go 1.19 - deprecate Go 1.16 https://github.com/klauspost/compress/pull/651 - * flate: Improve level 5+6 compression https://github.com/klauspost/compress/pull/656 - * zstd: Improve "better" compression https://github.com/klauspost/compress/pull/657 - * s2: Improve "best" compression https://github.com/klauspost/compress/pull/658 - * s2: Improve "better" compression. https://github.com/klauspost/compress/pull/635 - * s2: Slightly faster non-assembly decompression https://github.com/klauspost/compress/pull/646 - * Use arrays for constant size copies https://github.com/klauspost/compress/pull/659 - -* July 21, 2022 (v1.15.9) - - * zstd: Fix decoder crash on amd64 (no BMI) on invalid input https://github.com/klauspost/compress/pull/645 - * zstd: Disable decoder extended memory copies (amd64) due to possible crashes https://github.com/klauspost/compress/pull/644 - * zstd: Allow single segments up to "max decoded size" https://github.com/klauspost/compress/pull/643 - -* July 13, 2022 (v1.15.8) - - * gzip: fix stack exhaustion bug in Reader.Read https://github.com/klauspost/compress/pull/641 - * s2: Add Index header trim/restore https://github.com/klauspost/compress/pull/638 - * zstd: Optimize seqdeq amd64 asm by @greatroar in https://github.com/klauspost/compress/pull/636 - * zstd: Improve decoder memcopy https://github.com/klauspost/compress/pull/637 - * huff0: Pass a single bitReader pointer to asm by @greatroar in https://github.com/klauspost/compress/pull/634 - * zstd: Branchless getBits for amd64 w/o BMI2 by @greatroar in https://github.com/klauspost/compress/pull/640 - * gzhttp: Remove header before writing https://github.com/klauspost/compress/pull/639 - -* June 29, 2022 (v1.15.7) - - * s2: Fix absolute forward seeks https://github.com/klauspost/compress/pull/633 - * zip: Merge upstream https://github.com/klauspost/compress/pull/631 - * zip: Re-add zip64 fix https://github.com/klauspost/compress/pull/624 - * zstd: translate fseDecoder.buildDtable into asm by @WojciechMula in https://github.com/klauspost/compress/pull/598 - * flate: Faster histograms https://github.com/klauspost/compress/pull/620 - * deflate: Use compound hcode https://github.com/klauspost/compress/pull/622 - -* June 3, 2022 (v1.15.6) - * s2: Improve coding for long, close matches https://github.com/klauspost/compress/pull/613 - * s2c: Add Snappy/S2 stream recompression https://github.com/klauspost/compress/pull/611 - * zstd: Always use configured block size https://github.com/klauspost/compress/pull/605 - * zstd: Fix incorrect hash table placement for dict encoding in default https://github.com/klauspost/compress/pull/606 - * zstd: Apply default config to ZipDecompressor without options https://github.com/klauspost/compress/pull/608 - * gzhttp: Exclude more common archive formats https://github.com/klauspost/compress/pull/612 - * s2: Add ReaderIgnoreCRC https://github.com/klauspost/compress/pull/609 - * s2: Remove sanity load on index creation https://github.com/klauspost/compress/pull/607 - * snappy: Use dedicated function for scoring https://github.com/klauspost/compress/pull/614 - * s2c+s2d: Use official snappy framed extension https://github.com/klauspost/compress/pull/610 - -* May 25, 2022 (v1.15.5) - * s2: Add concurrent stream decompression https://github.com/klauspost/compress/pull/602 - * s2: Fix final emit oob read crash on amd64 https://github.com/klauspost/compress/pull/601 - * huff0: asm implementation of Decompress1X by @WojciechMula https://github.com/klauspost/compress/pull/596 - * zstd: Use 1 less goroutine for stream decoding https://github.com/klauspost/compress/pull/588 - * zstd: Copy literal in 16 byte blocks when possible https://github.com/klauspost/compress/pull/592 - * zstd: Speed up when WithDecoderLowmem(false) https://github.com/klauspost/compress/pull/599 - * zstd: faster next state update in BMI2 version of decode by @WojciechMula in https://github.com/klauspost/compress/pull/593 - * huff0: Do not check max size when reading table. https://github.com/klauspost/compress/pull/586 - * flate: Inplace hashing for level 7-9 https://github.com/klauspost/compress/pull/590 - - -* May 11, 2022 (v1.15.4) - * huff0: decompress directly into output by @WojciechMula in [#577](https://github.com/klauspost/compress/pull/577) - * inflate: Keep dict on stack [#581](https://github.com/klauspost/compress/pull/581) - * zstd: Faster decoding memcopy in asm [#583](https://github.com/klauspost/compress/pull/583) - * zstd: Fix ignored crc [#580](https://github.com/klauspost/compress/pull/580) - -* May 5, 2022 (v1.15.3) - * zstd: Allow to ignore checksum checking by @WojciechMula [#572](https://github.com/klauspost/compress/pull/572) - * s2: Fix incorrect seek for io.SeekEnd in [#575](https://github.com/klauspost/compress/pull/575) - -* Apr 26, 2022 (v1.15.2) - * zstd: Add x86-64 assembly for decompression on streams and blocks. Contributed by [@WojciechMula](https://github.com/WojciechMula). Typically 2x faster. [#528](https://github.com/klauspost/compress/pull/528) [#531](https://github.com/klauspost/compress/pull/531) [#545](https://github.com/klauspost/compress/pull/545) [#537](https://github.com/klauspost/compress/pull/537) - * zstd: Add options to ZipDecompressor and fixes [#539](https://github.com/klauspost/compress/pull/539) - * s2: Use sorted search for index [#555](https://github.com/klauspost/compress/pull/555) - * Minimum version is Go 1.16, added CI test on 1.18. - -* Mar 11, 2022 (v1.15.1) - * huff0: Add x86 assembly of Decode4X by @WojciechMula in [#512](https://github.com/klauspost/compress/pull/512) - * zstd: Reuse zip decoders in [#514](https://github.com/klauspost/compress/pull/514) - * zstd: Detect extra block data and report as corrupted in [#520](https://github.com/klauspost/compress/pull/520) - * zstd: Handle zero sized frame content size stricter in [#521](https://github.com/klauspost/compress/pull/521) - * zstd: Add stricter block size checks in [#523](https://github.com/klauspost/compress/pull/523) - -* Mar 3, 2022 (v1.15.0) - * zstd: Refactor decoder [#498](https://github.com/klauspost/compress/pull/498) - * zstd: Add stream encoding without goroutines [#505](https://github.com/klauspost/compress/pull/505) - * huff0: Prevent single blocks exceeding 16 bits by @klauspost in[#507](https://github.com/klauspost/compress/pull/507) - * flate: Inline literal emission [#509](https://github.com/klauspost/compress/pull/509) - * gzhttp: Add zstd to transport [#400](https://github.com/klauspost/compress/pull/400) - * gzhttp: Make content-type optional [#510](https://github.com/klauspost/compress/pull/510) - -Both compression and decompression now supports "synchronous" stream operations. This means that whenever "concurrency" is set to 1, they will operate without spawning goroutines. - -Stream decompression is now faster on asynchronous, since the goroutine allocation much more effectively splits the workload. On typical streams this will typically use 2 cores fully for decompression. When a stream has finished decoding no goroutines will be left over, so decoders can now safely be pooled and still be garbage collected. - -While the release has been extensively tested, it is recommended to testing when upgrading. - -
- -
- See changes to v1.14.x - -* Feb 22, 2022 (v1.14.4) - * flate: Fix rare huffman only (-2) corruption. [#503](https://github.com/klauspost/compress/pull/503) - * zip: Update deprecated CreateHeaderRaw to correctly call CreateRaw by @saracen in [#502](https://github.com/klauspost/compress/pull/502) - * zip: don't read data descriptor early by @saracen in [#501](https://github.com/klauspost/compress/pull/501) #501 - * huff0: Use static decompression buffer up to 30% faster [#499](https://github.com/klauspost/compress/pull/499) [#500](https://github.com/klauspost/compress/pull/500) - -* Feb 17, 2022 (v1.14.3) - * flate: Improve fastest levels compression speed ~10% more throughput. [#482](https://github.com/klauspost/compress/pull/482) [#489](https://github.com/klauspost/compress/pull/489) [#490](https://github.com/klauspost/compress/pull/490) [#491](https://github.com/klauspost/compress/pull/491) [#494](https://github.com/klauspost/compress/pull/494) [#478](https://github.com/klauspost/compress/pull/478) - * flate: Faster decompression speed, ~5-10%. [#483](https://github.com/klauspost/compress/pull/483) - * s2: Faster compression with Go v1.18 and amd64 microarch level 3+. [#484](https://github.com/klauspost/compress/pull/484) [#486](https://github.com/klauspost/compress/pull/486) - -* Jan 25, 2022 (v1.14.2) - * zstd: improve header decoder by @dsnet [#476](https://github.com/klauspost/compress/pull/476) - * zstd: Add bigger default blocks [#469](https://github.com/klauspost/compress/pull/469) - * zstd: Remove unused decompression buffer [#470](https://github.com/klauspost/compress/pull/470) - * zstd: Fix logically dead code by @ningmingxiao [#472](https://github.com/klauspost/compress/pull/472) - * flate: Improve level 7-9 [#471](https://github.com/klauspost/compress/pull/471) [#473](https://github.com/klauspost/compress/pull/473) - * zstd: Add noasm tag for xxhash [#475](https://github.com/klauspost/compress/pull/475) - -* Jan 11, 2022 (v1.14.1) - * s2: Add stream index in [#462](https://github.com/klauspost/compress/pull/462) - * flate: Speed and efficiency improvements in [#439](https://github.com/klauspost/compress/pull/439) [#461](https://github.com/klauspost/compress/pull/461) [#455](https://github.com/klauspost/compress/pull/455) [#452](https://github.com/klauspost/compress/pull/452) [#458](https://github.com/klauspost/compress/pull/458) - * zstd: Performance improvement in [#420]( https://github.com/klauspost/compress/pull/420) [#456](https://github.com/klauspost/compress/pull/456) [#437](https://github.com/klauspost/compress/pull/437) [#467](https://github.com/klauspost/compress/pull/467) [#468](https://github.com/klauspost/compress/pull/468) - * zstd: add arm64 xxhash assembly in [#464](https://github.com/klauspost/compress/pull/464) - * Add garbled for binaries for s2 in [#445](https://github.com/klauspost/compress/pull/445) -
- -
- See changes to v1.13.x - -* Aug 30, 2021 (v1.13.5) - * gz/zlib/flate: Alias stdlib errors [#425](https://github.com/klauspost/compress/pull/425) - * s2: Add block support to commandline tools [#413](https://github.com/klauspost/compress/pull/413) - * zstd: pooledZipWriter should return Writers to the same pool [#426](https://github.com/klauspost/compress/pull/426) - * Removed golang/snappy as external dependency for tests [#421](https://github.com/klauspost/compress/pull/421) - -* Aug 12, 2021 (v1.13.4) - * Add [snappy replacement package](https://github.com/klauspost/compress/tree/master/snappy). - * zstd: Fix incorrect encoding in "best" mode [#415](https://github.com/klauspost/compress/pull/415) - -* Aug 3, 2021 (v1.13.3) - * zstd: Improve Best compression [#404](https://github.com/klauspost/compress/pull/404) - * zstd: Fix WriteTo error forwarding [#411](https://github.com/klauspost/compress/pull/411) - * gzhttp: Return http.HandlerFunc instead of http.Handler. Unlikely breaking change. [#406](https://github.com/klauspost/compress/pull/406) - * s2sx: Fix max size error [#399](https://github.com/klauspost/compress/pull/399) - * zstd: Add optional stream content size on reset [#401](https://github.com/klauspost/compress/pull/401) - * zstd: use SpeedBestCompression for level >= 10 [#410](https://github.com/klauspost/compress/pull/410) - -* Jun 14, 2021 (v1.13.1) - * s2: Add full Snappy output support [#396](https://github.com/klauspost/compress/pull/396) - * zstd: Add configurable [Decoder window](https://pkg.go.dev/github.com/klauspost/compress/zstd#WithDecoderMaxWindow) size [#394](https://github.com/klauspost/compress/pull/394) - * gzhttp: Add header to skip compression [#389](https://github.com/klauspost/compress/pull/389) - * s2: Improve speed with bigger output margin [#395](https://github.com/klauspost/compress/pull/395) - -* Jun 3, 2021 (v1.13.0) - * Added [gzhttp](https://github.com/klauspost/compress/tree/master/gzhttp#gzip-handler) which allows wrapping HTTP servers and clients with GZIP compressors. - * zstd: Detect short invalid signatures [#382](https://github.com/klauspost/compress/pull/382) - * zstd: Spawn decoder goroutine only if needed. [#380](https://github.com/klauspost/compress/pull/380) -
- - -
- See changes to v1.12.x - -* May 25, 2021 (v1.12.3) - * deflate: Better/faster Huffman encoding [#374](https://github.com/klauspost/compress/pull/374) - * deflate: Allocate less for history. [#375](https://github.com/klauspost/compress/pull/375) - * zstd: Forward read errors [#373](https://github.com/klauspost/compress/pull/373) - -* Apr 27, 2021 (v1.12.2) - * zstd: Improve better/best compression [#360](https://github.com/klauspost/compress/pull/360) [#364](https://github.com/klauspost/compress/pull/364) [#365](https://github.com/klauspost/compress/pull/365) - * zstd: Add helpers to compress/decompress zstd inside zip files [#363](https://github.com/klauspost/compress/pull/363) - * deflate: Improve level 5+6 compression [#367](https://github.com/klauspost/compress/pull/367) - * s2: Improve better/best compression [#358](https://github.com/klauspost/compress/pull/358) [#359](https://github.com/klauspost/compress/pull/358) - * s2: Load after checking src limit on amd64. [#362](https://github.com/klauspost/compress/pull/362) - * s2sx: Limit max executable size [#368](https://github.com/klauspost/compress/pull/368) - -* Apr 14, 2021 (v1.12.1) - * snappy package removed. Upstream added as dependency. - * s2: Better compression in "best" mode [#353](https://github.com/klauspost/compress/pull/353) - * s2sx: Add stdin input and detect pre-compressed from signature [#352](https://github.com/klauspost/compress/pull/352) - * s2c/s2d: Add http as possible input [#348](https://github.com/klauspost/compress/pull/348) - * s2c/s2d/s2sx: Always truncate when writing files [#352](https://github.com/klauspost/compress/pull/352) - * zstd: Reduce memory usage further when using [WithLowerEncoderMem](https://pkg.go.dev/github.com/klauspost/compress/zstd#WithLowerEncoderMem) [#346](https://github.com/klauspost/compress/pull/346) - * s2: Fix potential problem with amd64 assembly and profilers [#349](https://github.com/klauspost/compress/pull/349) -
- -
- See changes to v1.11.x - -* Mar 26, 2021 (v1.11.13) - * zstd: Big speedup on small dictionary encodes [#344](https://github.com/klauspost/compress/pull/344) [#345](https://github.com/klauspost/compress/pull/345) - * zstd: Add [WithLowerEncoderMem](https://pkg.go.dev/github.com/klauspost/compress/zstd#WithLowerEncoderMem) encoder option [#336](https://github.com/klauspost/compress/pull/336) - * deflate: Improve entropy compression [#338](https://github.com/klauspost/compress/pull/338) - * s2: Clean up and minor performance improvement in best [#341](https://github.com/klauspost/compress/pull/341) - -* Mar 5, 2021 (v1.11.12) - * s2: Add `s2sx` binary that creates [self extracting archives](https://github.com/klauspost/compress/tree/master/s2#s2sx-self-extracting-archives). - * s2: Speed up decompression on non-assembly platforms [#328](https://github.com/klauspost/compress/pull/328) - -* Mar 1, 2021 (v1.11.9) - * s2: Add ARM64 decompression assembly. Around 2x output speed. [#324](https://github.com/klauspost/compress/pull/324) - * s2: Improve "better" speed and efficiency. [#325](https://github.com/klauspost/compress/pull/325) - * s2: Fix binaries. - -* Feb 25, 2021 (v1.11.8) - * s2: Fixed occasional out-of-bounds write on amd64. Upgrade recommended. - * s2: Add AMD64 assembly for better mode. 25-50% faster. [#315](https://github.com/klauspost/compress/pull/315) - * s2: Less upfront decoder allocation. [#322](https://github.com/klauspost/compress/pull/322) - * zstd: Faster "compression" of incompressible data. [#314](https://github.com/klauspost/compress/pull/314) - * zip: Fix zip64 headers. [#313](https://github.com/klauspost/compress/pull/313) - -* Jan 14, 2021 (v1.11.7) - * Use Bytes() interface to get bytes across packages. [#309](https://github.com/klauspost/compress/pull/309) - * s2: Add 'best' compression option. [#310](https://github.com/klauspost/compress/pull/310) - * s2: Add ReaderMaxBlockSize, changes `s2.NewReader` signature to include varargs. [#311](https://github.com/klauspost/compress/pull/311) - * s2: Fix crash on small better buffers. [#308](https://github.com/klauspost/compress/pull/308) - * s2: Clean up decoder. [#312](https://github.com/klauspost/compress/pull/312) - -* Jan 7, 2021 (v1.11.6) - * zstd: Make decoder allocations smaller [#306](https://github.com/klauspost/compress/pull/306) - * zstd: Free Decoder resources when Reset is called with a nil io.Reader [#305](https://github.com/klauspost/compress/pull/305) - -* Dec 20, 2020 (v1.11.4) - * zstd: Add Best compression mode [#304](https://github.com/klauspost/compress/pull/304) - * Add header decoder [#299](https://github.com/klauspost/compress/pull/299) - * s2: Add uncompressed stream option [#297](https://github.com/klauspost/compress/pull/297) - * Simplify/speed up small blocks with known max size. [#300](https://github.com/klauspost/compress/pull/300) - * zstd: Always reset literal dict encoder [#303](https://github.com/klauspost/compress/pull/303) - -* Nov 15, 2020 (v1.11.3) - * inflate: 10-15% faster decompression [#293](https://github.com/klauspost/compress/pull/293) - * zstd: Tweak DecodeAll default allocation [#295](https://github.com/klauspost/compress/pull/295) - -* Oct 11, 2020 (v1.11.2) - * s2: Fix out of bounds read in "better" block compression [#291](https://github.com/klauspost/compress/pull/291) - -* Oct 1, 2020 (v1.11.1) - * zstd: Set allLitEntropy true in default configuration [#286](https://github.com/klauspost/compress/pull/286) - -* Sept 8, 2020 (v1.11.0) - * zstd: Add experimental compression [dictionaries](https://github.com/klauspost/compress/tree/master/zstd#dictionaries) [#281](https://github.com/klauspost/compress/pull/281) - * zstd: Fix mixed Write and ReadFrom calls [#282](https://github.com/klauspost/compress/pull/282) - * inflate/gz: Limit variable shifts, ~5% faster decompression [#274](https://github.com/klauspost/compress/pull/274) -
- -
- See changes to v1.10.x - -* July 8, 2020 (v1.10.11) - * zstd: Fix extra block when compressing with ReadFrom. [#278](https://github.com/klauspost/compress/pull/278) - * huff0: Also populate compression table when reading decoding table. [#275](https://github.com/klauspost/compress/pull/275) - -* June 23, 2020 (v1.10.10) - * zstd: Skip entropy compression in fastest mode when no matches. [#270](https://github.com/klauspost/compress/pull/270) - -* June 16, 2020 (v1.10.9): - * zstd: API change for specifying dictionaries. See [#268](https://github.com/klauspost/compress/pull/268) - * zip: update CreateHeaderRaw to handle zip64 fields. [#266](https://github.com/klauspost/compress/pull/266) - * Fuzzit tests removed. The service has been purchased and is no longer available. - -* June 5, 2020 (v1.10.8): - * 1.15x faster zstd block decompression. [#265](https://github.com/klauspost/compress/pull/265) - -* June 1, 2020 (v1.10.7): - * Added zstd decompression [dictionary support](https://github.com/klauspost/compress/tree/master/zstd#dictionaries) - * Increase zstd decompression speed up to 1.19x. [#259](https://github.com/klauspost/compress/pull/259) - * Remove internal reset call in zstd compression and reduce allocations. [#263](https://github.com/klauspost/compress/pull/263) - -* May 21, 2020: (v1.10.6) - * zstd: Reduce allocations while decoding. [#258](https://github.com/klauspost/compress/pull/258), [#252](https://github.com/klauspost/compress/pull/252) - * zstd: Stricter decompression checks. - -* April 12, 2020: (v1.10.5) - * s2-commands: Flush output when receiving SIGINT. [#239](https://github.com/klauspost/compress/pull/239) - -* Apr 8, 2020: (v1.10.4) - * zstd: Minor/special case optimizations. [#251](https://github.com/klauspost/compress/pull/251), [#250](https://github.com/klauspost/compress/pull/250), [#249](https://github.com/klauspost/compress/pull/249), [#247](https://github.com/klauspost/compress/pull/247) -* Mar 11, 2020: (v1.10.3) - * s2: Use S2 encoder in pure Go mode for Snappy output as well. [#245](https://github.com/klauspost/compress/pull/245) - * s2: Fix pure Go block encoder. [#244](https://github.com/klauspost/compress/pull/244) - * zstd: Added "better compression" mode. [#240](https://github.com/klauspost/compress/pull/240) - * zstd: Improve speed of fastest compression mode by 5-10% [#241](https://github.com/klauspost/compress/pull/241) - * zstd: Skip creating encoders when not needed. [#238](https://github.com/klauspost/compress/pull/238) - -* Feb 27, 2020: (v1.10.2) - * Close to 50% speedup in inflate (gzip/zip decompression). [#236](https://github.com/klauspost/compress/pull/236) [#234](https://github.com/klauspost/compress/pull/234) [#232](https://github.com/klauspost/compress/pull/232) - * Reduce deflate level 1-6 memory usage up to 59%. [#227](https://github.com/klauspost/compress/pull/227) - -* Feb 18, 2020: (v1.10.1) - * Fix zstd crash when resetting multiple times without sending data. [#226](https://github.com/klauspost/compress/pull/226) - * deflate: Fix dictionary use on level 1-6. [#224](https://github.com/klauspost/compress/pull/224) - * Remove deflate writer reference when closing. [#224](https://github.com/klauspost/compress/pull/224) - -* Feb 4, 2020: (v1.10.0) - * Add optional dictionary to [stateless deflate](https://pkg.go.dev/github.com/klauspost/compress/flate?tab=doc#StatelessDeflate). Breaking change, send `nil` for previous behaviour. [#216](https://github.com/klauspost/compress/pull/216) - * Fix buffer overflow on repeated small block deflate. [#218](https://github.com/klauspost/compress/pull/218) - * Allow copying content from an existing ZIP file without decompressing+compressing. [#214](https://github.com/klauspost/compress/pull/214) - * Added [S2](https://github.com/klauspost/compress/tree/master/s2#s2-compression) AMD64 assembler and various optimizations. Stream speed >10GB/s. [#186](https://github.com/klauspost/compress/pull/186) - -
- -
- See changes prior to v1.10.0 - -* Jan 20,2020 (v1.9.8) Optimize gzip/deflate with better size estimates and faster table generation. [#207](https://github.com/klauspost/compress/pull/207) by [luyu6056](https://github.com/luyu6056), [#206](https://github.com/klauspost/compress/pull/206). -* Jan 11, 2020: S2 Encode/Decode will use provided buffer if capacity is big enough. [#204](https://github.com/klauspost/compress/pull/204) -* Jan 5, 2020: (v1.9.7) Fix another zstd regression in v1.9.5 - v1.9.6 removed. -* Jan 4, 2020: (v1.9.6) Regression in v1.9.5 fixed causing corrupt zstd encodes in rare cases. -* Jan 4, 2020: Faster IO in [s2c + s2d commandline tools](https://github.com/klauspost/compress/tree/master/s2#commandline-tools) compression/decompression. [#192](https://github.com/klauspost/compress/pull/192) -* Dec 29, 2019: Removed v1.9.5 since fuzz tests showed a compatibility problem with the reference zstandard decoder. -* Dec 29, 2019: (v1.9.5) zstd: 10-20% faster block compression. [#199](https://github.com/klauspost/compress/pull/199) -* Dec 29, 2019: [zip](https://godoc.org/github.com/klauspost/compress/zip) package updated with latest Go features -* Dec 29, 2019: zstd: Single segment flag condintions tweaked. [#197](https://github.com/klauspost/compress/pull/197) -* Dec 18, 2019: s2: Faster compression when ReadFrom is used. [#198](https://github.com/klauspost/compress/pull/198) -* Dec 10, 2019: s2: Fix repeat length output when just above at 16MB limit. -* Dec 10, 2019: zstd: Add function to get decoder as io.ReadCloser. [#191](https://github.com/klauspost/compress/pull/191) -* Dec 3, 2019: (v1.9.4) S2: limit max repeat length. [#188](https://github.com/klauspost/compress/pull/188) -* Dec 3, 2019: Add [WithNoEntropyCompression](https://godoc.org/github.com/klauspost/compress/zstd#WithNoEntropyCompression) to zstd [#187](https://github.com/klauspost/compress/pull/187) -* Dec 3, 2019: Reduce memory use for tests. Check for leaked goroutines. -* Nov 28, 2019 (v1.9.3) Less allocations in stateless deflate. -* Nov 28, 2019: 5-20% Faster huff0 decode. Impacts zstd as well. [#184](https://github.com/klauspost/compress/pull/184) -* Nov 12, 2019 (v1.9.2) Added [Stateless Compression](#stateless-compression) for gzip/deflate. -* Nov 12, 2019: Fixed zstd decompression of large single blocks. [#180](https://github.com/klauspost/compress/pull/180) -* Nov 11, 2019: Set default [s2c](https://github.com/klauspost/compress/tree/master/s2#commandline-tools) block size to 4MB. -* Nov 11, 2019: Reduce inflate memory use by 1KB. -* Nov 10, 2019: Less allocations in deflate bit writer. -* Nov 10, 2019: Fix inconsistent error returned by zstd decoder. -* Oct 28, 2019 (v1.9.1) ztsd: Fix crash when compressing blocks. [#174](https://github.com/klauspost/compress/pull/174) -* Oct 24, 2019 (v1.9.0) zstd: Fix rare data corruption [#173](https://github.com/klauspost/compress/pull/173) -* Oct 24, 2019 zstd: Fix huff0 out of buffer write [#171](https://github.com/klauspost/compress/pull/171) and always return errors [#172](https://github.com/klauspost/compress/pull/172) -* Oct 10, 2019: Big deflate rewrite, 30-40% faster with better compression [#105](https://github.com/klauspost/compress/pull/105) - -
- -
- See changes prior to v1.9.0 - -* Oct 10, 2019: (v1.8.6) zstd: Allow partial reads to get flushed data. [#169](https://github.com/klauspost/compress/pull/169) -* Oct 3, 2019: Fix inconsistent results on broken zstd streams. -* Sep 25, 2019: Added `-rm` (remove source files) and `-q` (no output except errors) to `s2c` and `s2d` [commands](https://github.com/klauspost/compress/tree/master/s2#commandline-tools) -* Sep 16, 2019: (v1.8.4) Add `s2c` and `s2d` [commandline tools](https://github.com/klauspost/compress/tree/master/s2#commandline-tools). -* Sep 10, 2019: (v1.8.3) Fix s2 decoder [Skip](https://godoc.org/github.com/klauspost/compress/s2#Reader.Skip). -* Sep 7, 2019: zstd: Added [WithWindowSize](https://godoc.org/github.com/klauspost/compress/zstd#WithWindowSize), contributed by [ianwilkes](https://github.com/ianwilkes). -* Sep 5, 2019: (v1.8.2) Add [WithZeroFrames](https://godoc.org/github.com/klauspost/compress/zstd#WithZeroFrames) which adds full zero payload block encoding option. -* Sep 5, 2019: Lazy initialization of zstandard predefined en/decoder tables. -* Aug 26, 2019: (v1.8.1) S2: 1-2% compression increase in "better" compression mode. -* Aug 26, 2019: zstd: Check maximum size of Huffman 1X compressed literals while decoding. -* Aug 24, 2019: (v1.8.0) Added [S2 compression](https://github.com/klauspost/compress/tree/master/s2#s2-compression), a high performance replacement for Snappy. -* Aug 21, 2019: (v1.7.6) Fixed minor issues found by fuzzer. One could lead to zstd not decompressing. -* Aug 18, 2019: Add [fuzzit](https://fuzzit.dev/) continuous fuzzing. -* Aug 14, 2019: zstd: Skip incompressible data 2x faster. [#147](https://github.com/klauspost/compress/pull/147) -* Aug 4, 2019 (v1.7.5): Better literal compression. [#146](https://github.com/klauspost/compress/pull/146) -* Aug 4, 2019: Faster zstd compression. [#143](https://github.com/klauspost/compress/pull/143) [#144](https://github.com/klauspost/compress/pull/144) -* Aug 4, 2019: Faster zstd decompression. [#145](https://github.com/klauspost/compress/pull/145) [#143](https://github.com/klauspost/compress/pull/143) [#142](https://github.com/klauspost/compress/pull/142) -* July 15, 2019 (v1.7.4): Fix double EOF block in rare cases on zstd encoder. -* July 15, 2019 (v1.7.3): Minor speedup/compression increase in default zstd encoder. -* July 14, 2019: zstd decoder: Fix decompression error on multiple uses with mixed content. -* July 7, 2019 (v1.7.2): Snappy update, zstd decoder potential race fix. -* June 17, 2019: zstd decompression bugfix. -* June 17, 2019: fix 32 bit builds. -* June 17, 2019: Easier use in modules (less dependencies). -* June 9, 2019: New stronger "default" [zstd](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression mode. Matches zstd default compression ratio. -* June 5, 2019: 20-40% throughput in [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression and better compression. -* June 5, 2019: deflate/gzip compression: Reduce memory usage of lower compression levels. -* June 2, 2019: Added [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression! -* May 25, 2019: deflate/gzip: 10% faster bit writer, mostly visible in lower levels. -* Apr 22, 2019: [zstd](https://github.com/klauspost/compress/tree/master/zstd#zstd) decompression added. -* Aug 1, 2018: Added [huff0 README](https://github.com/klauspost/compress/tree/master/huff0#huff0-entropy-compression). -* Jul 8, 2018: Added [Performance Update 2018](#performance-update-2018) below. -* Jun 23, 2018: Merged [Go 1.11 inflate optimizations](https://go-review.googlesource.com/c/go/+/102235). Go 1.9 is now required. Backwards compatible version tagged with [v1.3.0](https://github.com/klauspost/compress/releases/tag/v1.3.0). -* Apr 2, 2018: Added [huff0](https://godoc.org/github.com/klauspost/compress/huff0) en/decoder. Experimental for now, API may change. -* Mar 4, 2018: Added [FSE Entropy](https://godoc.org/github.com/klauspost/compress/fse) en/decoder. Experimental for now, API may change. -* Nov 3, 2017: Add compression [Estimate](https://godoc.org/github.com/klauspost/compress#Estimate) function. -* May 28, 2017: Reduce allocations when resetting decoder. -* Apr 02, 2017: Change back to official crc32, since changes were merged in Go 1.7. -* Jan 14, 2017: Reduce stack pressure due to array copies. See [Issue #18625](https://github.com/golang/go/issues/18625). -* Oct 25, 2016: Level 2-4 have been rewritten and now offers significantly better performance than before. -* Oct 20, 2016: Port zlib changes from Go 1.7 to fix zlib writer issue. Please update. -* Oct 16, 2016: Go 1.7 changes merged. Apples to apples this package is a few percent faster, but has a significantly better balance between speed and compression per level. -* Mar 24, 2016: Always attempt Huffman encoding on level 4-7. This improves base 64 encoded data compression. -* Mar 24, 2016: Small speedup for level 1-3. -* Feb 19, 2016: Faster bit writer, level -2 is 15% faster, level 1 is 4% faster. -* Feb 19, 2016: Handle small payloads faster in level 1-3. -* Feb 19, 2016: Added faster level 2 + 3 compression modes. -* Feb 19, 2016: [Rebalanced compression levels](https://blog.klauspost.com/rebalancing-deflate-compression-levels/), so there is a more even progression in terms of compression. New default level is 5. -* Feb 14, 2016: Snappy: Merge upstream changes. -* Feb 14, 2016: Snappy: Fix aggressive skipping. -* Feb 14, 2016: Snappy: Update benchmark. -* Feb 13, 2016: Deflate: Fixed assembler problem that could lead to sub-optimal compression. -* Feb 12, 2016: Snappy: Added AMD64 SSE 4.2 optimizations to matching, which makes easy to compress material run faster. Typical speedup is around 25%. -* Feb 9, 2016: Added Snappy package fork. This version is 5-7% faster, much more on hard to compress content. -* Jan 30, 2016: Optimize level 1 to 3 by not considering static dictionary or storing uncompressed. ~4-5% speedup. -* Jan 16, 2016: Optimization on deflate level 1,2,3 compression. -* Jan 8 2016: Merge [CL 18317](https://go-review.googlesource.com/#/c/18317): fix reading, writing of zip64 archives. -* Dec 8 2015: Make level 1 and -2 deterministic even if write size differs. -* Dec 8 2015: Split encoding functions, so hashing and matching can potentially be inlined. 1-3% faster on AMD64. 5% faster on other platforms. -* Dec 8 2015: Fixed rare [one byte out-of bounds read](https://github.com/klauspost/compress/issues/20). Please update! -* Nov 23 2015: Optimization on token writer. ~2-4% faster. Contributed by [@dsnet](https://github.com/dsnet). -* Nov 20 2015: Small optimization to bit writer on 64 bit systems. -* Nov 17 2015: Fixed out-of-bound errors if the underlying Writer returned an error. See [#15](https://github.com/klauspost/compress/issues/15). -* Nov 12 2015: Added [io.WriterTo](https://golang.org/pkg/io/#WriterTo) support to gzip/inflate. -* Nov 11 2015: Merged [CL 16669](https://go-review.googlesource.com/#/c/16669/4): archive/zip: enable overriding (de)compressors per file -* Oct 15 2015: Added skipping on uncompressible data. Random data speed up >5x. - -
- -# deflate usage - -The packages are drop-in replacements for standard library [deflate](https://godoc.org/github.com/klauspost/compress/flate), [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip), and [zlib](https://godoc.org/github.com/klauspost/compress/zlib). Simply replace the import path to use them: - -Typical speed is about 2x of the standard library packages. - -| old import | new import | Documentation | -|------------------|---------------------------------------|-------------------------------------------------------------------------| -| `compress/gzip` | `github.com/klauspost/compress/gzip` | [gzip](https://pkg.go.dev/github.com/klauspost/compress/gzip?tab=doc) | -| `compress/zlib` | `github.com/klauspost/compress/zlib` | [zlib](https://pkg.go.dev/github.com/klauspost/compress/zlib?tab=doc) | -| `archive/zip` | `github.com/klauspost/compress/zip` | [zip](https://pkg.go.dev/github.com/klauspost/compress/zip?tab=doc) | -| `compress/flate` | `github.com/klauspost/compress/flate` | [flate](https://pkg.go.dev/github.com/klauspost/compress/flate?tab=doc) | - -You may also be interested in [pgzip](https://github.com/klauspost/pgzip), which is a drop-in replacement for gzip, which support multithreaded compression on big files and the optimized [crc32](https://github.com/klauspost/crc32) package used by these packages. - -The packages implement the same API as the standard library, so you can use the original godoc documentation: [gzip](http://golang.org/pkg/compress/gzip/), [zip](http://golang.org/pkg/archive/zip/), [zlib](http://golang.org/pkg/compress/zlib/), [flate](http://golang.org/pkg/compress/flate/). - -Currently there is only minor speedup on decompression (mostly CRC32 calculation). - -Memory usage is typically 1MB for a Writer. stdlib is in the same range. -If you expect to have a lot of concurrently allocated Writers consider using -the stateless compression described below. - -For compression performance, see: [this spreadsheet](https://docs.google.com/spreadsheets/d/1nuNE2nPfuINCZJRMt6wFWhKpToF95I47XjSsc-1rbPQ/edit?usp=sharing). - -To disable all assembly add `-tags=noasm`. This works across all packages. - -# Stateless compression - -This package offers stateless compression as a special option for gzip/deflate. -It will do compression but without maintaining any state between Write calls. - -This means there will be no memory kept between Write calls, but compression and speed will be suboptimal. - -This is only relevant in cases where you expect to run many thousands of compressors concurrently, -but with very little activity. This is *not* intended for regular web servers serving individual requests. - -Because of this, the size of actual Write calls will affect output size. - -In gzip, specify level `-3` / `gzip.StatelessCompression` to enable. - -For direct deflate use, NewStatelessWriter and StatelessDeflate are available. See [documentation](https://godoc.org/github.com/klauspost/compress/flate#NewStatelessWriter) - -A `bufio.Writer` can of course be used to control write sizes. For example, to use a 4KB buffer: - -```go - // replace 'ioutil.Discard' with your output. - gzw, err := gzip.NewWriterLevel(ioutil.Discard, gzip.StatelessCompression) - if err != nil { - return err - } - defer gzw.Close() - - w := bufio.NewWriterSize(gzw, 4096) - defer w.Flush() - - // Write to 'w' -``` - -This will only use up to 4KB in memory when the writer is idle. - -Compression is almost always worse than the fastest compression level -and each write will allocate (a little) memory. - - -# Other packages - -Here are other packages of good quality and pure Go (no cgo wrappers or autoconverted code): - -* [github.com/pierrec/lz4](https://github.com/pierrec/lz4) - strong multithreaded LZ4 compression. -* [github.com/cosnicolaou/pbzip2](https://github.com/cosnicolaou/pbzip2) - multithreaded bzip2 decompression. -* [github.com/dsnet/compress](https://github.com/dsnet/compress) - brotli decompression, bzip2 writer. -* [github.com/ronanh/intcomp](https://github.com/ronanh/intcomp) - Integer compression. -* [github.com/spenczar/fpc](https://github.com/spenczar/fpc) - Float compression. -* [github.com/minio/zipindex](https://github.com/minio/zipindex) - External ZIP directory index. -* [github.com/ybirader/pzip](https://github.com/ybirader/pzip) - Fast concurrent zip archiver and extractor. - -# license - -This code is licensed under the same conditions as the original Go code. See LICENSE file. - - - - - +# compress + +This package provides various compression algorithms. + +* [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression and decompression in pure Go. +* [S2](https://github.com/klauspost/compress/tree/master/s2#s2-compression) is a high performance replacement for Snappy. +* Optimized [deflate](https://godoc.org/github.com/klauspost/compress/flate) packages which can be used as a dropin replacement for [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip) and [zlib](https://godoc.org/github.com/klauspost/compress/zlib). +* [snappy](https://github.com/klauspost/compress/tree/master/snappy) is a drop-in replacement for `github.com/golang/snappy` offering better compression and concurrent streams. +* [huff0](https://github.com/klauspost/compress/tree/master/huff0) and [FSE](https://github.com/klauspost/compress/tree/master/fse) implementations for raw entropy encoding. +* [gzhttp](https://github.com/klauspost/compress/tree/master/gzhttp) Provides client and server wrappers for handling gzipped/zstd HTTP requests efficiently. +* [pgzip](https://github.com/klauspost/pgzip) is a separate package that provides a very fast parallel gzip implementation. + +[![Go Reference](https://pkg.go.dev/badge/klauspost/compress.svg)](https://pkg.go.dev/github.com/klauspost/compress?tab=subdirectories) +[![Go](https://github.com/klauspost/compress/actions/workflows/go.yml/badge.svg)](https://github.com/klauspost/compress/actions/workflows/go.yml) +[![Sourcegraph Badge](https://sourcegraph.com/github.com/klauspost/compress/-/badge.svg)](https://sourcegraph.com/github.com/klauspost/compress?badge) + +# package usage + +Use `go get github.com/klauspost/compress@latest` to add it to your project. + +This package will support the current Go version and 2 versions back. + +* Use the `nounsafe` tag to disable all use of the "unsafe" package. +* Use the `noasm` tag to disable all assembly across packages. + +Use the links above for more information on each. + +# changelog + +* Feb 9th, 2026 [1.18.4](https://github.com/klauspost/compress/releases/tag/v1.18.4) + * gzhttp: Add zstandard to server handler wrapper https://github.com/klauspost/compress/pull/1121 + * zstd: Add ResetWithOptions to encoder/decoder https://github.com/klauspost/compress/pull/1122 + * gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @analytically in https://github.com/klauspost/compress/pull/1116 + +* Jan 16th, 2026 [1.18.3](https://github.com/klauspost/compress/releases/tag/v1.18.3) + * Downstream CVE-2025-61728. See [golang/go#77102](https://github.com/golang/go/issues/77102). + +* Dec 1st, 2025 - [1.18.2](https://github.com/klauspost/compress/releases/tag/v1.18.2) + * flate: Fix invalid encoding on level 9 with single value input in https://github.com/klauspost/compress/pull/1115 + * flate: reduce stateless allocations by @RXamzin in https://github.com/klauspost/compress/pull/1106 + +* Oct 20, 2025 - [1.18.1](https://github.com/klauspost/compress/releases/tag/v1.18.1) - RETRACTED + * zstd: Add simple zstd EncodeTo/DecodeTo functions https://github.com/klauspost/compress/pull/1079 + * zstd: Fix incorrect buffer size in dictionary encodes https://github.com/klauspost/compress/pull/1059 + * s2: check for cap, not len of buffer in EncodeBetter/Best by @vdarulis in https://github.com/klauspost/compress/pull/1080 + * zlib: Avoiding extra allocation in zlib.reader.Reset by @travelpolicy in https://github.com/klauspost/compress/pull/1086 + * gzhttp: remove redundant err check in zstdReader by @ryanfowler in https://github.com/klauspost/compress/pull/1090 + * flate: Faster load+store https://github.com/klauspost/compress/pull/1104 + * flate: Simplify matchlen https://github.com/klauspost/compress/pull/1101 + * flate: Use exact sizes for huffman tables https://github.com/klauspost/compress/pull/1103 + +* Feb 19th, 2025 - [1.18.0](https://github.com/klauspost/compress/releases/tag/v1.18.0) + * Add unsafe little endian loaders https://github.com/klauspost/compress/pull/1036 + * fix: check `r.err != nil` but return a nil value error `err` by @alingse in https://github.com/klauspost/compress/pull/1028 + * flate: Simplify L4-6 loading https://github.com/klauspost/compress/pull/1043 + * flate: Simplify matchlen (remove asm) https://github.com/klauspost/compress/pull/1045 + * s2: Improve small block compression speed w/o asm https://github.com/klauspost/compress/pull/1048 + * flate: Fix matchlen L5+L6 https://github.com/klauspost/compress/pull/1049 + * flate: Cleanup & reduce casts https://github.com/klauspost/compress/pull/1050 + +
+ See changes to v1.17.x + +* Oct 11th, 2024 - [1.17.11](https://github.com/klauspost/compress/releases/tag/v1.17.11) + * zstd: Fix extra CRC written with multiple Close calls https://github.com/klauspost/compress/pull/1017 + * s2: Don't use stack for index tables https://github.com/klauspost/compress/pull/1014 + * gzhttp: No content-type on no body response code by @juliens in https://github.com/klauspost/compress/pull/1011 + * gzhttp: Do not set the content-type when response has no body by @kevinpollet in https://github.com/klauspost/compress/pull/1013 + +* Sep 23rd, 2024 - [1.17.10](https://github.com/klauspost/compress/releases/tag/v1.17.10) + * gzhttp: Add TransportAlwaysDecompress option. https://github.com/klauspost/compress/pull/978 + * gzhttp: Add supported decompress request body by @mirecl in https://github.com/klauspost/compress/pull/1002 + * s2: Add EncodeBuffer buffer recycling callback https://github.com/klauspost/compress/pull/982 + * zstd: Improve memory usage on small streaming encodes https://github.com/klauspost/compress/pull/1007 + * flate: read data written with partial flush by @vajexal in https://github.com/klauspost/compress/pull/996 + +* Jun 12th, 2024 - [1.17.9](https://github.com/klauspost/compress/releases/tag/v1.17.9) + * s2: Reduce ReadFrom temporary allocations https://github.com/klauspost/compress/pull/949 + * flate, zstd: Shave some bytes off amd64 matchLen by @greatroar in https://github.com/klauspost/compress/pull/963 + * Upgrade zip/zlib to 1.22.4 upstream https://github.com/klauspost/compress/pull/970 https://github.com/klauspost/compress/pull/971 + * zstd: BuildDict fails with RLE table https://github.com/klauspost/compress/pull/951 + +* Apr 9th, 2024 - [1.17.8](https://github.com/klauspost/compress/releases/tag/v1.17.8) + * zstd: Reject blocks where reserved values are not 0 https://github.com/klauspost/compress/pull/885 + * zstd: Add RLE detection+encoding https://github.com/klauspost/compress/pull/938 + +* Feb 21st, 2024 - [1.17.7](https://github.com/klauspost/compress/releases/tag/v1.17.7) + * s2: Add AsyncFlush method: Complete the block without flushing by @Jille in https://github.com/klauspost/compress/pull/927 + * s2: Fix literal+repeat exceeds dst crash https://github.com/klauspost/compress/pull/930 + +* Feb 5th, 2024 - [1.17.6](https://github.com/klauspost/compress/releases/tag/v1.17.6) + * zstd: Fix incorrect repeat coding in best mode https://github.com/klauspost/compress/pull/923 + * s2: Fix DecodeConcurrent deadlock on errors https://github.com/klauspost/compress/pull/925 + +* Jan 26th, 2024 - [v1.17.5](https://github.com/klauspost/compress/releases/tag/v1.17.5) + * flate: Fix reset with dictionary on custom window encodes https://github.com/klauspost/compress/pull/912 + * zstd: Add Frame header encoding and stripping https://github.com/klauspost/compress/pull/908 + * zstd: Limit better/best default window to 8MB https://github.com/klauspost/compress/pull/913 + * zstd: Speed improvements by @greatroar in https://github.com/klauspost/compress/pull/896 https://github.com/klauspost/compress/pull/910 + * s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) by @Jille in https://github.com/klauspost/compress/pull/916 https://github.com/klauspost/compress/pull/917 +https://github.com/klauspost/compress/pull/919 https://github.com/klauspost/compress/pull/918 + +* Dec 1st, 2023 - [v1.17.4](https://github.com/klauspost/compress/releases/tag/v1.17.4) + * huff0: Speed up symbol counting by @greatroar in https://github.com/klauspost/compress/pull/887 + * huff0: Remove byteReader by @greatroar in https://github.com/klauspost/compress/pull/886 + * gzhttp: Allow overriding decompression on transport https://github.com/klauspost/compress/pull/892 + * gzhttp: Clamp compression level https://github.com/klauspost/compress/pull/890 + * gzip: Error out if reserved bits are set https://github.com/klauspost/compress/pull/891 + +* Nov 15th, 2023 - [v1.17.3](https://github.com/klauspost/compress/releases/tag/v1.17.3) + * fse: Fix max header size https://github.com/klauspost/compress/pull/881 + * zstd: Improve better/best compression https://github.com/klauspost/compress/pull/877 + * gzhttp: Fix missing content type on Close https://github.com/klauspost/compress/pull/883 + +* Oct 22nd, 2023 - [v1.17.2](https://github.com/klauspost/compress/releases/tag/v1.17.2) + * zstd: Fix rare *CORRUPTION* output in "best" mode. See https://github.com/klauspost/compress/pull/876 + +* Oct 14th, 2023 - [v1.17.1](https://github.com/klauspost/compress/releases/tag/v1.17.1) + * s2: Fix S2 "best" dictionary wrong encoding https://github.com/klauspost/compress/pull/871 + * flate: Reduce allocations in decompressor and minor code improvements by @fakefloordiv in https://github.com/klauspost/compress/pull/869 + * s2: Fix EstimateBlockSize on 6&7 length input https://github.com/klauspost/compress/pull/867 + +* Sept 19th, 2023 - [v1.17.0](https://github.com/klauspost/compress/releases/tag/v1.17.0) + * Add experimental dictionary builder https://github.com/klauspost/compress/pull/853 + * Add xerial snappy read/writer https://github.com/klauspost/compress/pull/838 + * flate: Add limited window compression https://github.com/klauspost/compress/pull/843 + * s2: Do 2 overlapping match checks https://github.com/klauspost/compress/pull/839 + * flate: Add amd64 assembly matchlen https://github.com/klauspost/compress/pull/837 + * gzip: Copy bufio.Reader on Reset by @thatguystone in https://github.com/klauspost/compress/pull/860 + +
+
+ See changes to v1.16.x + + +* July 1st, 2023 - [v1.16.7](https://github.com/klauspost/compress/releases/tag/v1.16.7) + * zstd: Fix default level first dictionary encode https://github.com/klauspost/compress/pull/829 + * s2: add GetBufferCapacity() method by @GiedriusS in https://github.com/klauspost/compress/pull/832 + +* June 13, 2023 - [v1.16.6](https://github.com/klauspost/compress/releases/tag/v1.16.6) + * zstd: correctly ignore WithEncoderPadding(1) by @ianlancetaylor in https://github.com/klauspost/compress/pull/806 + * zstd: Add amd64 match length assembly https://github.com/klauspost/compress/pull/824 + * gzhttp: Handle informational headers by @rtribotte in https://github.com/klauspost/compress/pull/815 + * s2: Improve Better compression slightly https://github.com/klauspost/compress/pull/663 + +* Apr 16, 2023 - [v1.16.5](https://github.com/klauspost/compress/releases/tag/v1.16.5) + * zstd: readByte needs to use io.ReadFull by @jnoxon in https://github.com/klauspost/compress/pull/802 + * gzip: Fix WriterTo after initial read https://github.com/klauspost/compress/pull/804 + +* Apr 5, 2023 - [v1.16.4](https://github.com/klauspost/compress/releases/tag/v1.16.4) + * zstd: Improve zstd best efficiency by @greatroar and @klauspost in https://github.com/klauspost/compress/pull/784 + * zstd: Respect WithAllLitEntropyCompression https://github.com/klauspost/compress/pull/792 + * zstd: Fix amd64 not always detecting corrupt data https://github.com/klauspost/compress/pull/785 + * zstd: Various minor improvements by @greatroar in https://github.com/klauspost/compress/pull/788 https://github.com/klauspost/compress/pull/794 https://github.com/klauspost/compress/pull/795 + * s2: Fix huge block overflow https://github.com/klauspost/compress/pull/779 + * s2: Allow CustomEncoder fallback https://github.com/klauspost/compress/pull/780 + * gzhttp: Support ResponseWriter Unwrap() in gzhttp handler by @jgimenez in https://github.com/klauspost/compress/pull/799 + +* Mar 13, 2023 - [v1.16.1](https://github.com/klauspost/compress/releases/tag/v1.16.1) + * zstd: Speed up + improve best encoder by @greatroar in https://github.com/klauspost/compress/pull/776 + * gzhttp: Add optional [BREACH mitigation](https://github.com/klauspost/compress/tree/master/gzhttp#breach-mitigation). https://github.com/klauspost/compress/pull/762 https://github.com/klauspost/compress/pull/768 https://github.com/klauspost/compress/pull/769 https://github.com/klauspost/compress/pull/770 https://github.com/klauspost/compress/pull/767 + * s2: Add Intel LZ4s converter https://github.com/klauspost/compress/pull/766 + * zstd: Minor bug fixes https://github.com/klauspost/compress/pull/771 https://github.com/klauspost/compress/pull/772 https://github.com/klauspost/compress/pull/773 + * huff0: Speed up compress1xDo by @greatroar in https://github.com/klauspost/compress/pull/774 + +* Feb 26, 2023 - [v1.16.0](https://github.com/klauspost/compress/releases/tag/v1.16.0) + * s2: Add [Dictionary](https://github.com/klauspost/compress/tree/master/s2#dictionaries) support. https://github.com/klauspost/compress/pull/685 + * s2: Add Compression Size Estimate. https://github.com/klauspost/compress/pull/752 + * s2: Add support for custom stream encoder. https://github.com/klauspost/compress/pull/755 + * s2: Add LZ4 block converter. https://github.com/klauspost/compress/pull/748 + * s2: Support io.ReaderAt in ReadSeeker. https://github.com/klauspost/compress/pull/747 + * s2c/s2sx: Use concurrent decoding. https://github.com/klauspost/compress/pull/746 +
+ +
+ See changes to v1.15.x + +* Jan 21st, 2023 (v1.15.15) + * deflate: Improve level 7-9 https://github.com/klauspost/compress/pull/739 + * zstd: Add delta encoding support by @greatroar in https://github.com/klauspost/compress/pull/728 + * zstd: Various speed improvements by @greatroar https://github.com/klauspost/compress/pull/741 https://github.com/klauspost/compress/pull/734 https://github.com/klauspost/compress/pull/736 https://github.com/klauspost/compress/pull/744 https://github.com/klauspost/compress/pull/743 https://github.com/klauspost/compress/pull/745 + * gzhttp: Add SuffixETag() and DropETag() options to prevent ETag collisions on compressed responses by @willbicks in https://github.com/klauspost/compress/pull/740 + +* Jan 3rd, 2023 (v1.15.14) + + * flate: Improve speed in big stateless blocks https://github.com/klauspost/compress/pull/718 + * zstd: Minor speed tweaks by @greatroar in https://github.com/klauspost/compress/pull/716 https://github.com/klauspost/compress/pull/720 + * export NoGzipResponseWriter for custom ResponseWriter wrappers by @harshavardhana in https://github.com/klauspost/compress/pull/722 + * s2: Add example for indexing and existing stream https://github.com/klauspost/compress/pull/723 + +* Dec 11, 2022 (v1.15.13) + * zstd: Add [MaxEncodedSize](https://pkg.go.dev/github.com/klauspost/compress@v1.15.13/zstd#Encoder.MaxEncodedSize) to encoder https://github.com/klauspost/compress/pull/691 + * zstd: Various tweaks and improvements https://github.com/klauspost/compress/pull/693 https://github.com/klauspost/compress/pull/695 https://github.com/klauspost/compress/pull/696 https://github.com/klauspost/compress/pull/701 https://github.com/klauspost/compress/pull/702 https://github.com/klauspost/compress/pull/703 https://github.com/klauspost/compress/pull/704 https://github.com/klauspost/compress/pull/705 https://github.com/klauspost/compress/pull/706 https://github.com/klauspost/compress/pull/707 https://github.com/klauspost/compress/pull/708 + +* Oct 26, 2022 (v1.15.12) + + * zstd: Tweak decoder allocs. https://github.com/klauspost/compress/pull/680 + * gzhttp: Always delete `HeaderNoCompression` https://github.com/klauspost/compress/pull/683 + +* Sept 26, 2022 (v1.15.11) + + * flate: Improve level 1-3 compression https://github.com/klauspost/compress/pull/678 + * zstd: Improve "best" compression by @nightwolfz in https://github.com/klauspost/compress/pull/677 + * zstd: Fix+reduce decompression allocations https://github.com/klauspost/compress/pull/668 + * zstd: Fix non-effective noescape tag https://github.com/klauspost/compress/pull/667 + +* Sept 16, 2022 (v1.15.10) + + * zstd: Add [WithDecodeAllCapLimit](https://pkg.go.dev/github.com/klauspost/compress@v1.15.10/zstd#WithDecodeAllCapLimit) https://github.com/klauspost/compress/pull/649 + * Add Go 1.19 - deprecate Go 1.16 https://github.com/klauspost/compress/pull/651 + * flate: Improve level 5+6 compression https://github.com/klauspost/compress/pull/656 + * zstd: Improve "better" compression https://github.com/klauspost/compress/pull/657 + * s2: Improve "best" compression https://github.com/klauspost/compress/pull/658 + * s2: Improve "better" compression. https://github.com/klauspost/compress/pull/635 + * s2: Slightly faster non-assembly decompression https://github.com/klauspost/compress/pull/646 + * Use arrays for constant size copies https://github.com/klauspost/compress/pull/659 + +* July 21, 2022 (v1.15.9) + + * zstd: Fix decoder crash on amd64 (no BMI) on invalid input https://github.com/klauspost/compress/pull/645 + * zstd: Disable decoder extended memory copies (amd64) due to possible crashes https://github.com/klauspost/compress/pull/644 + * zstd: Allow single segments up to "max decoded size" https://github.com/klauspost/compress/pull/643 + +* July 13, 2022 (v1.15.8) + + * gzip: fix stack exhaustion bug in Reader.Read https://github.com/klauspost/compress/pull/641 + * s2: Add Index header trim/restore https://github.com/klauspost/compress/pull/638 + * zstd: Optimize seqdeq amd64 asm by @greatroar in https://github.com/klauspost/compress/pull/636 + * zstd: Improve decoder memcopy https://github.com/klauspost/compress/pull/637 + * huff0: Pass a single bitReader pointer to asm by @greatroar in https://github.com/klauspost/compress/pull/634 + * zstd: Branchless getBits for amd64 w/o BMI2 by @greatroar in https://github.com/klauspost/compress/pull/640 + * gzhttp: Remove header before writing https://github.com/klauspost/compress/pull/639 + +* June 29, 2022 (v1.15.7) + + * s2: Fix absolute forward seeks https://github.com/klauspost/compress/pull/633 + * zip: Merge upstream https://github.com/klauspost/compress/pull/631 + * zip: Re-add zip64 fix https://github.com/klauspost/compress/pull/624 + * zstd: translate fseDecoder.buildDtable into asm by @WojciechMula in https://github.com/klauspost/compress/pull/598 + * flate: Faster histograms https://github.com/klauspost/compress/pull/620 + * deflate: Use compound hcode https://github.com/klauspost/compress/pull/622 + +* June 3, 2022 (v1.15.6) + * s2: Improve coding for long, close matches https://github.com/klauspost/compress/pull/613 + * s2c: Add Snappy/S2 stream recompression https://github.com/klauspost/compress/pull/611 + * zstd: Always use configured block size https://github.com/klauspost/compress/pull/605 + * zstd: Fix incorrect hash table placement for dict encoding in default https://github.com/klauspost/compress/pull/606 + * zstd: Apply default config to ZipDecompressor without options https://github.com/klauspost/compress/pull/608 + * gzhttp: Exclude more common archive formats https://github.com/klauspost/compress/pull/612 + * s2: Add ReaderIgnoreCRC https://github.com/klauspost/compress/pull/609 + * s2: Remove sanity load on index creation https://github.com/klauspost/compress/pull/607 + * snappy: Use dedicated function for scoring https://github.com/klauspost/compress/pull/614 + * s2c+s2d: Use official snappy framed extension https://github.com/klauspost/compress/pull/610 + +* May 25, 2022 (v1.15.5) + * s2: Add concurrent stream decompression https://github.com/klauspost/compress/pull/602 + * s2: Fix final emit oob read crash on amd64 https://github.com/klauspost/compress/pull/601 + * huff0: asm implementation of Decompress1X by @WojciechMula https://github.com/klauspost/compress/pull/596 + * zstd: Use 1 less goroutine for stream decoding https://github.com/klauspost/compress/pull/588 + * zstd: Copy literal in 16 byte blocks when possible https://github.com/klauspost/compress/pull/592 + * zstd: Speed up when WithDecoderLowmem(false) https://github.com/klauspost/compress/pull/599 + * zstd: faster next state update in BMI2 version of decode by @WojciechMula in https://github.com/klauspost/compress/pull/593 + * huff0: Do not check max size when reading table. https://github.com/klauspost/compress/pull/586 + * flate: Inplace hashing for level 7-9 https://github.com/klauspost/compress/pull/590 + + +* May 11, 2022 (v1.15.4) + * huff0: decompress directly into output by @WojciechMula in [#577](https://github.com/klauspost/compress/pull/577) + * inflate: Keep dict on stack [#581](https://github.com/klauspost/compress/pull/581) + * zstd: Faster decoding memcopy in asm [#583](https://github.com/klauspost/compress/pull/583) + * zstd: Fix ignored crc [#580](https://github.com/klauspost/compress/pull/580) + +* May 5, 2022 (v1.15.3) + * zstd: Allow to ignore checksum checking by @WojciechMula [#572](https://github.com/klauspost/compress/pull/572) + * s2: Fix incorrect seek for io.SeekEnd in [#575](https://github.com/klauspost/compress/pull/575) + +* Apr 26, 2022 (v1.15.2) + * zstd: Add x86-64 assembly for decompression on streams and blocks. Contributed by [@WojciechMula](https://github.com/WojciechMula). Typically 2x faster. [#528](https://github.com/klauspost/compress/pull/528) [#531](https://github.com/klauspost/compress/pull/531) [#545](https://github.com/klauspost/compress/pull/545) [#537](https://github.com/klauspost/compress/pull/537) + * zstd: Add options to ZipDecompressor and fixes [#539](https://github.com/klauspost/compress/pull/539) + * s2: Use sorted search for index [#555](https://github.com/klauspost/compress/pull/555) + * Minimum version is Go 1.16, added CI test on 1.18. + +* Mar 11, 2022 (v1.15.1) + * huff0: Add x86 assembly of Decode4X by @WojciechMula in [#512](https://github.com/klauspost/compress/pull/512) + * zstd: Reuse zip decoders in [#514](https://github.com/klauspost/compress/pull/514) + * zstd: Detect extra block data and report as corrupted in [#520](https://github.com/klauspost/compress/pull/520) + * zstd: Handle zero sized frame content size stricter in [#521](https://github.com/klauspost/compress/pull/521) + * zstd: Add stricter block size checks in [#523](https://github.com/klauspost/compress/pull/523) + +* Mar 3, 2022 (v1.15.0) + * zstd: Refactor decoder [#498](https://github.com/klauspost/compress/pull/498) + * zstd: Add stream encoding without goroutines [#505](https://github.com/klauspost/compress/pull/505) + * huff0: Prevent single blocks exceeding 16 bits by @klauspost in[#507](https://github.com/klauspost/compress/pull/507) + * flate: Inline literal emission [#509](https://github.com/klauspost/compress/pull/509) + * gzhttp: Add zstd to transport [#400](https://github.com/klauspost/compress/pull/400) + * gzhttp: Make content-type optional [#510](https://github.com/klauspost/compress/pull/510) + +Both compression and decompression now supports "synchronous" stream operations. This means that whenever "concurrency" is set to 1, they will operate without spawning goroutines. + +Stream decompression is now faster on asynchronous, since the goroutine allocation much more effectively splits the workload. On typical streams this will typically use 2 cores fully for decompression. When a stream has finished decoding no goroutines will be left over, so decoders can now safely be pooled and still be garbage collected. + +While the release has been extensively tested, it is recommended to testing when upgrading. + +
+ +
+ See changes to v1.14.x + +* Feb 22, 2022 (v1.14.4) + * flate: Fix rare huffman only (-2) corruption. [#503](https://github.com/klauspost/compress/pull/503) + * zip: Update deprecated CreateHeaderRaw to correctly call CreateRaw by @saracen in [#502](https://github.com/klauspost/compress/pull/502) + * zip: don't read data descriptor early by @saracen in [#501](https://github.com/klauspost/compress/pull/501) #501 + * huff0: Use static decompression buffer up to 30% faster [#499](https://github.com/klauspost/compress/pull/499) [#500](https://github.com/klauspost/compress/pull/500) + +* Feb 17, 2022 (v1.14.3) + * flate: Improve fastest levels compression speed ~10% more throughput. [#482](https://github.com/klauspost/compress/pull/482) [#489](https://github.com/klauspost/compress/pull/489) [#490](https://github.com/klauspost/compress/pull/490) [#491](https://github.com/klauspost/compress/pull/491) [#494](https://github.com/klauspost/compress/pull/494) [#478](https://github.com/klauspost/compress/pull/478) + * flate: Faster decompression speed, ~5-10%. [#483](https://github.com/klauspost/compress/pull/483) + * s2: Faster compression with Go v1.18 and amd64 microarch level 3+. [#484](https://github.com/klauspost/compress/pull/484) [#486](https://github.com/klauspost/compress/pull/486) + +* Jan 25, 2022 (v1.14.2) + * zstd: improve header decoder by @dsnet [#476](https://github.com/klauspost/compress/pull/476) + * zstd: Add bigger default blocks [#469](https://github.com/klauspost/compress/pull/469) + * zstd: Remove unused decompression buffer [#470](https://github.com/klauspost/compress/pull/470) + * zstd: Fix logically dead code by @ningmingxiao [#472](https://github.com/klauspost/compress/pull/472) + * flate: Improve level 7-9 [#471](https://github.com/klauspost/compress/pull/471) [#473](https://github.com/klauspost/compress/pull/473) + * zstd: Add noasm tag for xxhash [#475](https://github.com/klauspost/compress/pull/475) + +* Jan 11, 2022 (v1.14.1) + * s2: Add stream index in [#462](https://github.com/klauspost/compress/pull/462) + * flate: Speed and efficiency improvements in [#439](https://github.com/klauspost/compress/pull/439) [#461](https://github.com/klauspost/compress/pull/461) [#455](https://github.com/klauspost/compress/pull/455) [#452](https://github.com/klauspost/compress/pull/452) [#458](https://github.com/klauspost/compress/pull/458) + * zstd: Performance improvement in [#420]( https://github.com/klauspost/compress/pull/420) [#456](https://github.com/klauspost/compress/pull/456) [#437](https://github.com/klauspost/compress/pull/437) [#467](https://github.com/klauspost/compress/pull/467) [#468](https://github.com/klauspost/compress/pull/468) + * zstd: add arm64 xxhash assembly in [#464](https://github.com/klauspost/compress/pull/464) + * Add garbled for binaries for s2 in [#445](https://github.com/klauspost/compress/pull/445) +
+ +
+ See changes to v1.13.x + +* Aug 30, 2021 (v1.13.5) + * gz/zlib/flate: Alias stdlib errors [#425](https://github.com/klauspost/compress/pull/425) + * s2: Add block support to commandline tools [#413](https://github.com/klauspost/compress/pull/413) + * zstd: pooledZipWriter should return Writers to the same pool [#426](https://github.com/klauspost/compress/pull/426) + * Removed golang/snappy as external dependency for tests [#421](https://github.com/klauspost/compress/pull/421) + +* Aug 12, 2021 (v1.13.4) + * Add [snappy replacement package](https://github.com/klauspost/compress/tree/master/snappy). + * zstd: Fix incorrect encoding in "best" mode [#415](https://github.com/klauspost/compress/pull/415) + +* Aug 3, 2021 (v1.13.3) + * zstd: Improve Best compression [#404](https://github.com/klauspost/compress/pull/404) + * zstd: Fix WriteTo error forwarding [#411](https://github.com/klauspost/compress/pull/411) + * gzhttp: Return http.HandlerFunc instead of http.Handler. Unlikely breaking change. [#406](https://github.com/klauspost/compress/pull/406) + * s2sx: Fix max size error [#399](https://github.com/klauspost/compress/pull/399) + * zstd: Add optional stream content size on reset [#401](https://github.com/klauspost/compress/pull/401) + * zstd: use SpeedBestCompression for level >= 10 [#410](https://github.com/klauspost/compress/pull/410) + +* Jun 14, 2021 (v1.13.1) + * s2: Add full Snappy output support [#396](https://github.com/klauspost/compress/pull/396) + * zstd: Add configurable [Decoder window](https://pkg.go.dev/github.com/klauspost/compress/zstd#WithDecoderMaxWindow) size [#394](https://github.com/klauspost/compress/pull/394) + * gzhttp: Add header to skip compression [#389](https://github.com/klauspost/compress/pull/389) + * s2: Improve speed with bigger output margin [#395](https://github.com/klauspost/compress/pull/395) + +* Jun 3, 2021 (v1.13.0) + * Added [gzhttp](https://github.com/klauspost/compress/tree/master/gzhttp#gzip-handler) which allows wrapping HTTP servers and clients with GZIP compressors. + * zstd: Detect short invalid signatures [#382](https://github.com/klauspost/compress/pull/382) + * zstd: Spawn decoder goroutine only if needed. [#380](https://github.com/klauspost/compress/pull/380) +
+ + +
+ See changes to v1.12.x + +* May 25, 2021 (v1.12.3) + * deflate: Better/faster Huffman encoding [#374](https://github.com/klauspost/compress/pull/374) + * deflate: Allocate less for history. [#375](https://github.com/klauspost/compress/pull/375) + * zstd: Forward read errors [#373](https://github.com/klauspost/compress/pull/373) + +* Apr 27, 2021 (v1.12.2) + * zstd: Improve better/best compression [#360](https://github.com/klauspost/compress/pull/360) [#364](https://github.com/klauspost/compress/pull/364) [#365](https://github.com/klauspost/compress/pull/365) + * zstd: Add helpers to compress/decompress zstd inside zip files [#363](https://github.com/klauspost/compress/pull/363) + * deflate: Improve level 5+6 compression [#367](https://github.com/klauspost/compress/pull/367) + * s2: Improve better/best compression [#358](https://github.com/klauspost/compress/pull/358) [#359](https://github.com/klauspost/compress/pull/358) + * s2: Load after checking src limit on amd64. [#362](https://github.com/klauspost/compress/pull/362) + * s2sx: Limit max executable size [#368](https://github.com/klauspost/compress/pull/368) + +* Apr 14, 2021 (v1.12.1) + * snappy package removed. Upstream added as dependency. + * s2: Better compression in "best" mode [#353](https://github.com/klauspost/compress/pull/353) + * s2sx: Add stdin input and detect pre-compressed from signature [#352](https://github.com/klauspost/compress/pull/352) + * s2c/s2d: Add http as possible input [#348](https://github.com/klauspost/compress/pull/348) + * s2c/s2d/s2sx: Always truncate when writing files [#352](https://github.com/klauspost/compress/pull/352) + * zstd: Reduce memory usage further when using [WithLowerEncoderMem](https://pkg.go.dev/github.com/klauspost/compress/zstd#WithLowerEncoderMem) [#346](https://github.com/klauspost/compress/pull/346) + * s2: Fix potential problem with amd64 assembly and profilers [#349](https://github.com/klauspost/compress/pull/349) +
+ +
+ See changes to v1.11.x + +* Mar 26, 2021 (v1.11.13) + * zstd: Big speedup on small dictionary encodes [#344](https://github.com/klauspost/compress/pull/344) [#345](https://github.com/klauspost/compress/pull/345) + * zstd: Add [WithLowerEncoderMem](https://pkg.go.dev/github.com/klauspost/compress/zstd#WithLowerEncoderMem) encoder option [#336](https://github.com/klauspost/compress/pull/336) + * deflate: Improve entropy compression [#338](https://github.com/klauspost/compress/pull/338) + * s2: Clean up and minor performance improvement in best [#341](https://github.com/klauspost/compress/pull/341) + +* Mar 5, 2021 (v1.11.12) + * s2: Add `s2sx` binary that creates [self extracting archives](https://github.com/klauspost/compress/tree/master/s2#s2sx-self-extracting-archives). + * s2: Speed up decompression on non-assembly platforms [#328](https://github.com/klauspost/compress/pull/328) + +* Mar 1, 2021 (v1.11.9) + * s2: Add ARM64 decompression assembly. Around 2x output speed. [#324](https://github.com/klauspost/compress/pull/324) + * s2: Improve "better" speed and efficiency. [#325](https://github.com/klauspost/compress/pull/325) + * s2: Fix binaries. + +* Feb 25, 2021 (v1.11.8) + * s2: Fixed occasional out-of-bounds write on amd64. Upgrade recommended. + * s2: Add AMD64 assembly for better mode. 25-50% faster. [#315](https://github.com/klauspost/compress/pull/315) + * s2: Less upfront decoder allocation. [#322](https://github.com/klauspost/compress/pull/322) + * zstd: Faster "compression" of incompressible data. [#314](https://github.com/klauspost/compress/pull/314) + * zip: Fix zip64 headers. [#313](https://github.com/klauspost/compress/pull/313) + +* Jan 14, 2021 (v1.11.7) + * Use Bytes() interface to get bytes across packages. [#309](https://github.com/klauspost/compress/pull/309) + * s2: Add 'best' compression option. [#310](https://github.com/klauspost/compress/pull/310) + * s2: Add ReaderMaxBlockSize, changes `s2.NewReader` signature to include varargs. [#311](https://github.com/klauspost/compress/pull/311) + * s2: Fix crash on small better buffers. [#308](https://github.com/klauspost/compress/pull/308) + * s2: Clean up decoder. [#312](https://github.com/klauspost/compress/pull/312) + +* Jan 7, 2021 (v1.11.6) + * zstd: Make decoder allocations smaller [#306](https://github.com/klauspost/compress/pull/306) + * zstd: Free Decoder resources when Reset is called with a nil io.Reader [#305](https://github.com/klauspost/compress/pull/305) + +* Dec 20, 2020 (v1.11.4) + * zstd: Add Best compression mode [#304](https://github.com/klauspost/compress/pull/304) + * Add header decoder [#299](https://github.com/klauspost/compress/pull/299) + * s2: Add uncompressed stream option [#297](https://github.com/klauspost/compress/pull/297) + * Simplify/speed up small blocks with known max size. [#300](https://github.com/klauspost/compress/pull/300) + * zstd: Always reset literal dict encoder [#303](https://github.com/klauspost/compress/pull/303) + +* Nov 15, 2020 (v1.11.3) + * inflate: 10-15% faster decompression [#293](https://github.com/klauspost/compress/pull/293) + * zstd: Tweak DecodeAll default allocation [#295](https://github.com/klauspost/compress/pull/295) + +* Oct 11, 2020 (v1.11.2) + * s2: Fix out of bounds read in "better" block compression [#291](https://github.com/klauspost/compress/pull/291) + +* Oct 1, 2020 (v1.11.1) + * zstd: Set allLitEntropy true in default configuration [#286](https://github.com/klauspost/compress/pull/286) + +* Sept 8, 2020 (v1.11.0) + * zstd: Add experimental compression [dictionaries](https://github.com/klauspost/compress/tree/master/zstd#dictionaries) [#281](https://github.com/klauspost/compress/pull/281) + * zstd: Fix mixed Write and ReadFrom calls [#282](https://github.com/klauspost/compress/pull/282) + * inflate/gz: Limit variable shifts, ~5% faster decompression [#274](https://github.com/klauspost/compress/pull/274) +
+ +
+ See changes to v1.10.x + +* July 8, 2020 (v1.10.11) + * zstd: Fix extra block when compressing with ReadFrom. [#278](https://github.com/klauspost/compress/pull/278) + * huff0: Also populate compression table when reading decoding table. [#275](https://github.com/klauspost/compress/pull/275) + +* June 23, 2020 (v1.10.10) + * zstd: Skip entropy compression in fastest mode when no matches. [#270](https://github.com/klauspost/compress/pull/270) + +* June 16, 2020 (v1.10.9): + * zstd: API change for specifying dictionaries. See [#268](https://github.com/klauspost/compress/pull/268) + * zip: update CreateHeaderRaw to handle zip64 fields. [#266](https://github.com/klauspost/compress/pull/266) + * Fuzzit tests removed. The service has been purchased and is no longer available. + +* June 5, 2020 (v1.10.8): + * 1.15x faster zstd block decompression. [#265](https://github.com/klauspost/compress/pull/265) + +* June 1, 2020 (v1.10.7): + * Added zstd decompression [dictionary support](https://github.com/klauspost/compress/tree/master/zstd#dictionaries) + * Increase zstd decompression speed up to 1.19x. [#259](https://github.com/klauspost/compress/pull/259) + * Remove internal reset call in zstd compression and reduce allocations. [#263](https://github.com/klauspost/compress/pull/263) + +* May 21, 2020: (v1.10.6) + * zstd: Reduce allocations while decoding. [#258](https://github.com/klauspost/compress/pull/258), [#252](https://github.com/klauspost/compress/pull/252) + * zstd: Stricter decompression checks. + +* April 12, 2020: (v1.10.5) + * s2-commands: Flush output when receiving SIGINT. [#239](https://github.com/klauspost/compress/pull/239) + +* Apr 8, 2020: (v1.10.4) + * zstd: Minor/special case optimizations. [#251](https://github.com/klauspost/compress/pull/251), [#250](https://github.com/klauspost/compress/pull/250), [#249](https://github.com/klauspost/compress/pull/249), [#247](https://github.com/klauspost/compress/pull/247) +* Mar 11, 2020: (v1.10.3) + * s2: Use S2 encoder in pure Go mode for Snappy output as well. [#245](https://github.com/klauspost/compress/pull/245) + * s2: Fix pure Go block encoder. [#244](https://github.com/klauspost/compress/pull/244) + * zstd: Added "better compression" mode. [#240](https://github.com/klauspost/compress/pull/240) + * zstd: Improve speed of fastest compression mode by 5-10% [#241](https://github.com/klauspost/compress/pull/241) + * zstd: Skip creating encoders when not needed. [#238](https://github.com/klauspost/compress/pull/238) + +* Feb 27, 2020: (v1.10.2) + * Close to 50% speedup in inflate (gzip/zip decompression). [#236](https://github.com/klauspost/compress/pull/236) [#234](https://github.com/klauspost/compress/pull/234) [#232](https://github.com/klauspost/compress/pull/232) + * Reduce deflate level 1-6 memory usage up to 59%. [#227](https://github.com/klauspost/compress/pull/227) + +* Feb 18, 2020: (v1.10.1) + * Fix zstd crash when resetting multiple times without sending data. [#226](https://github.com/klauspost/compress/pull/226) + * deflate: Fix dictionary use on level 1-6. [#224](https://github.com/klauspost/compress/pull/224) + * Remove deflate writer reference when closing. [#224](https://github.com/klauspost/compress/pull/224) + +* Feb 4, 2020: (v1.10.0) + * Add optional dictionary to [stateless deflate](https://pkg.go.dev/github.com/klauspost/compress/flate?tab=doc#StatelessDeflate). Breaking change, send `nil` for previous behaviour. [#216](https://github.com/klauspost/compress/pull/216) + * Fix buffer overflow on repeated small block deflate. [#218](https://github.com/klauspost/compress/pull/218) + * Allow copying content from an existing ZIP file without decompressing+compressing. [#214](https://github.com/klauspost/compress/pull/214) + * Added [S2](https://github.com/klauspost/compress/tree/master/s2#s2-compression) AMD64 assembler and various optimizations. Stream speed >10GB/s. [#186](https://github.com/klauspost/compress/pull/186) + +
+ +
+ See changes prior to v1.10.0 + +* Jan 20,2020 (v1.9.8) Optimize gzip/deflate with better size estimates and faster table generation. [#207](https://github.com/klauspost/compress/pull/207) by [luyu6056](https://github.com/luyu6056), [#206](https://github.com/klauspost/compress/pull/206). +* Jan 11, 2020: S2 Encode/Decode will use provided buffer if capacity is big enough. [#204](https://github.com/klauspost/compress/pull/204) +* Jan 5, 2020: (v1.9.7) Fix another zstd regression in v1.9.5 - v1.9.6 removed. +* Jan 4, 2020: (v1.9.6) Regression in v1.9.5 fixed causing corrupt zstd encodes in rare cases. +* Jan 4, 2020: Faster IO in [s2c + s2d commandline tools](https://github.com/klauspost/compress/tree/master/s2#commandline-tools) compression/decompression. [#192](https://github.com/klauspost/compress/pull/192) +* Dec 29, 2019: Removed v1.9.5 since fuzz tests showed a compatibility problem with the reference zstandard decoder. +* Dec 29, 2019: (v1.9.5) zstd: 10-20% faster block compression. [#199](https://github.com/klauspost/compress/pull/199) +* Dec 29, 2019: [zip](https://godoc.org/github.com/klauspost/compress/zip) package updated with latest Go features +* Dec 29, 2019: zstd: Single segment flag condintions tweaked. [#197](https://github.com/klauspost/compress/pull/197) +* Dec 18, 2019: s2: Faster compression when ReadFrom is used. [#198](https://github.com/klauspost/compress/pull/198) +* Dec 10, 2019: s2: Fix repeat length output when just above at 16MB limit. +* Dec 10, 2019: zstd: Add function to get decoder as io.ReadCloser. [#191](https://github.com/klauspost/compress/pull/191) +* Dec 3, 2019: (v1.9.4) S2: limit max repeat length. [#188](https://github.com/klauspost/compress/pull/188) +* Dec 3, 2019: Add [WithNoEntropyCompression](https://godoc.org/github.com/klauspost/compress/zstd#WithNoEntropyCompression) to zstd [#187](https://github.com/klauspost/compress/pull/187) +* Dec 3, 2019: Reduce memory use for tests. Check for leaked goroutines. +* Nov 28, 2019 (v1.9.3) Less allocations in stateless deflate. +* Nov 28, 2019: 5-20% Faster huff0 decode. Impacts zstd as well. [#184](https://github.com/klauspost/compress/pull/184) +* Nov 12, 2019 (v1.9.2) Added [Stateless Compression](#stateless-compression) for gzip/deflate. +* Nov 12, 2019: Fixed zstd decompression of large single blocks. [#180](https://github.com/klauspost/compress/pull/180) +* Nov 11, 2019: Set default [s2c](https://github.com/klauspost/compress/tree/master/s2#commandline-tools) block size to 4MB. +* Nov 11, 2019: Reduce inflate memory use by 1KB. +* Nov 10, 2019: Less allocations in deflate bit writer. +* Nov 10, 2019: Fix inconsistent error returned by zstd decoder. +* Oct 28, 2019 (v1.9.1) ztsd: Fix crash when compressing blocks. [#174](https://github.com/klauspost/compress/pull/174) +* Oct 24, 2019 (v1.9.0) zstd: Fix rare data corruption [#173](https://github.com/klauspost/compress/pull/173) +* Oct 24, 2019 zstd: Fix huff0 out of buffer write [#171](https://github.com/klauspost/compress/pull/171) and always return errors [#172](https://github.com/klauspost/compress/pull/172) +* Oct 10, 2019: Big deflate rewrite, 30-40% faster with better compression [#105](https://github.com/klauspost/compress/pull/105) + +
+ +
+ See changes prior to v1.9.0 + +* Oct 10, 2019: (v1.8.6) zstd: Allow partial reads to get flushed data. [#169](https://github.com/klauspost/compress/pull/169) +* Oct 3, 2019: Fix inconsistent results on broken zstd streams. +* Sep 25, 2019: Added `-rm` (remove source files) and `-q` (no output except errors) to `s2c` and `s2d` [commands](https://github.com/klauspost/compress/tree/master/s2#commandline-tools) +* Sep 16, 2019: (v1.8.4) Add `s2c` and `s2d` [commandline tools](https://github.com/klauspost/compress/tree/master/s2#commandline-tools). +* Sep 10, 2019: (v1.8.3) Fix s2 decoder [Skip](https://godoc.org/github.com/klauspost/compress/s2#Reader.Skip). +* Sep 7, 2019: zstd: Added [WithWindowSize](https://godoc.org/github.com/klauspost/compress/zstd#WithWindowSize), contributed by [ianwilkes](https://github.com/ianwilkes). +* Sep 5, 2019: (v1.8.2) Add [WithZeroFrames](https://godoc.org/github.com/klauspost/compress/zstd#WithZeroFrames) which adds full zero payload block encoding option. +* Sep 5, 2019: Lazy initialization of zstandard predefined en/decoder tables. +* Aug 26, 2019: (v1.8.1) S2: 1-2% compression increase in "better" compression mode. +* Aug 26, 2019: zstd: Check maximum size of Huffman 1X compressed literals while decoding. +* Aug 24, 2019: (v1.8.0) Added [S2 compression](https://github.com/klauspost/compress/tree/master/s2#s2-compression), a high performance replacement for Snappy. +* Aug 21, 2019: (v1.7.6) Fixed minor issues found by fuzzer. One could lead to zstd not decompressing. +* Aug 18, 2019: Add [fuzzit](https://fuzzit.dev/) continuous fuzzing. +* Aug 14, 2019: zstd: Skip incompressible data 2x faster. [#147](https://github.com/klauspost/compress/pull/147) +* Aug 4, 2019 (v1.7.5): Better literal compression. [#146](https://github.com/klauspost/compress/pull/146) +* Aug 4, 2019: Faster zstd compression. [#143](https://github.com/klauspost/compress/pull/143) [#144](https://github.com/klauspost/compress/pull/144) +* Aug 4, 2019: Faster zstd decompression. [#145](https://github.com/klauspost/compress/pull/145) [#143](https://github.com/klauspost/compress/pull/143) [#142](https://github.com/klauspost/compress/pull/142) +* July 15, 2019 (v1.7.4): Fix double EOF block in rare cases on zstd encoder. +* July 15, 2019 (v1.7.3): Minor speedup/compression increase in default zstd encoder. +* July 14, 2019: zstd decoder: Fix decompression error on multiple uses with mixed content. +* July 7, 2019 (v1.7.2): Snappy update, zstd decoder potential race fix. +* June 17, 2019: zstd decompression bugfix. +* June 17, 2019: fix 32 bit builds. +* June 17, 2019: Easier use in modules (less dependencies). +* June 9, 2019: New stronger "default" [zstd](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression mode. Matches zstd default compression ratio. +* June 5, 2019: 20-40% throughput in [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression and better compression. +* June 5, 2019: deflate/gzip compression: Reduce memory usage of lower compression levels. +* June 2, 2019: Added [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression! +* May 25, 2019: deflate/gzip: 10% faster bit writer, mostly visible in lower levels. +* Apr 22, 2019: [zstd](https://github.com/klauspost/compress/tree/master/zstd#zstd) decompression added. +* Aug 1, 2018: Added [huff0 README](https://github.com/klauspost/compress/tree/master/huff0#huff0-entropy-compression). +* Jul 8, 2018: Added [Performance Update 2018](#performance-update-2018) below. +* Jun 23, 2018: Merged [Go 1.11 inflate optimizations](https://go-review.googlesource.com/c/go/+/102235). Go 1.9 is now required. Backwards compatible version tagged with [v1.3.0](https://github.com/klauspost/compress/releases/tag/v1.3.0). +* Apr 2, 2018: Added [huff0](https://godoc.org/github.com/klauspost/compress/huff0) en/decoder. Experimental for now, API may change. +* Mar 4, 2018: Added [FSE Entropy](https://godoc.org/github.com/klauspost/compress/fse) en/decoder. Experimental for now, API may change. +* Nov 3, 2017: Add compression [Estimate](https://godoc.org/github.com/klauspost/compress#Estimate) function. +* May 28, 2017: Reduce allocations when resetting decoder. +* Apr 02, 2017: Change back to official crc32, since changes were merged in Go 1.7. +* Jan 14, 2017: Reduce stack pressure due to array copies. See [Issue #18625](https://github.com/golang/go/issues/18625). +* Oct 25, 2016: Level 2-4 have been rewritten and now offers significantly better performance than before. +* Oct 20, 2016: Port zlib changes from Go 1.7 to fix zlib writer issue. Please update. +* Oct 16, 2016: Go 1.7 changes merged. Apples to apples this package is a few percent faster, but has a significantly better balance between speed and compression per level. +* Mar 24, 2016: Always attempt Huffman encoding on level 4-7. This improves base 64 encoded data compression. +* Mar 24, 2016: Small speedup for level 1-3. +* Feb 19, 2016: Faster bit writer, level -2 is 15% faster, level 1 is 4% faster. +* Feb 19, 2016: Handle small payloads faster in level 1-3. +* Feb 19, 2016: Added faster level 2 + 3 compression modes. +* Feb 19, 2016: [Rebalanced compression levels](https://blog.klauspost.com/rebalancing-deflate-compression-levels/), so there is a more even progression in terms of compression. New default level is 5. +* Feb 14, 2016: Snappy: Merge upstream changes. +* Feb 14, 2016: Snappy: Fix aggressive skipping. +* Feb 14, 2016: Snappy: Update benchmark. +* Feb 13, 2016: Deflate: Fixed assembler problem that could lead to sub-optimal compression. +* Feb 12, 2016: Snappy: Added AMD64 SSE 4.2 optimizations to matching, which makes easy to compress material run faster. Typical speedup is around 25%. +* Feb 9, 2016: Added Snappy package fork. This version is 5-7% faster, much more on hard to compress content. +* Jan 30, 2016: Optimize level 1 to 3 by not considering static dictionary or storing uncompressed. ~4-5% speedup. +* Jan 16, 2016: Optimization on deflate level 1,2,3 compression. +* Jan 8 2016: Merge [CL 18317](https://go-review.googlesource.com/#/c/18317): fix reading, writing of zip64 archives. +* Dec 8 2015: Make level 1 and -2 deterministic even if write size differs. +* Dec 8 2015: Split encoding functions, so hashing and matching can potentially be inlined. 1-3% faster on AMD64. 5% faster on other platforms. +* Dec 8 2015: Fixed rare [one byte out-of bounds read](https://github.com/klauspost/compress/issues/20). Please update! +* Nov 23 2015: Optimization on token writer. ~2-4% faster. Contributed by [@dsnet](https://github.com/dsnet). +* Nov 20 2015: Small optimization to bit writer on 64 bit systems. +* Nov 17 2015: Fixed out-of-bound errors if the underlying Writer returned an error. See [#15](https://github.com/klauspost/compress/issues/15). +* Nov 12 2015: Added [io.WriterTo](https://golang.org/pkg/io/#WriterTo) support to gzip/inflate. +* Nov 11 2015: Merged [CL 16669](https://go-review.googlesource.com/#/c/16669/4): archive/zip: enable overriding (de)compressors per file +* Oct 15 2015: Added skipping on uncompressible data. Random data speed up >5x. + +
+ +# deflate usage + +The packages are drop-in replacements for standard library [deflate](https://godoc.org/github.com/klauspost/compress/flate), [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip), and [zlib](https://godoc.org/github.com/klauspost/compress/zlib). Simply replace the import path to use them: + +Typical speed is about 2x of the standard library packages. + +| old import | new import | Documentation | +|------------------|---------------------------------------|-------------------------------------------------------------------------| +| `compress/gzip` | `github.com/klauspost/compress/gzip` | [gzip](https://pkg.go.dev/github.com/klauspost/compress/gzip?tab=doc) | +| `compress/zlib` | `github.com/klauspost/compress/zlib` | [zlib](https://pkg.go.dev/github.com/klauspost/compress/zlib?tab=doc) | +| `archive/zip` | `github.com/klauspost/compress/zip` | [zip](https://pkg.go.dev/github.com/klauspost/compress/zip?tab=doc) | +| `compress/flate` | `github.com/klauspost/compress/flate` | [flate](https://pkg.go.dev/github.com/klauspost/compress/flate?tab=doc) | + +You may also be interested in [pgzip](https://github.com/klauspost/pgzip), which is a drop-in replacement for gzip, which support multithreaded compression on big files and the optimized [crc32](https://github.com/klauspost/crc32) package used by these packages. + +The packages implement the same API as the standard library, so you can use the original godoc documentation: [gzip](http://golang.org/pkg/compress/gzip/), [zip](http://golang.org/pkg/archive/zip/), [zlib](http://golang.org/pkg/compress/zlib/), [flate](http://golang.org/pkg/compress/flate/). + +Currently there is only minor speedup on decompression (mostly CRC32 calculation). + +Memory usage is typically 1MB for a Writer. stdlib is in the same range. +If you expect to have a lot of concurrently allocated Writers consider using +the stateless compression described below. + +For compression performance, see: [this spreadsheet](https://docs.google.com/spreadsheets/d/1nuNE2nPfuINCZJRMt6wFWhKpToF95I47XjSsc-1rbPQ/edit?usp=sharing). + +To disable all assembly add `-tags=noasm`. This works across all packages. + +# Stateless compression + +This package offers stateless compression as a special option for gzip/deflate. +It will do compression but without maintaining any state between Write calls. + +This means there will be no memory kept between Write calls, but compression and speed will be suboptimal. + +This is only relevant in cases where you expect to run many thousands of compressors concurrently, +but with very little activity. This is *not* intended for regular web servers serving individual requests. + +Because of this, the size of actual Write calls will affect output size. + +In gzip, specify level `-3` / `gzip.StatelessCompression` to enable. + +For direct deflate use, NewStatelessWriter and StatelessDeflate are available. See [documentation](https://godoc.org/github.com/klauspost/compress/flate#NewStatelessWriter) + +A `bufio.Writer` can of course be used to control write sizes. For example, to use a 4KB buffer: + +```go + // replace 'ioutil.Discard' with your output. + gzw, err := gzip.NewWriterLevel(ioutil.Discard, gzip.StatelessCompression) + if err != nil { + return err + } + defer gzw.Close() + + w := bufio.NewWriterSize(gzw, 4096) + defer w.Flush() + + // Write to 'w' +``` + +This will only use up to 4KB in memory when the writer is idle. + +Compression is almost always worse than the fastest compression level +and each write will allocate (a little) memory. + + +# Other packages + +Here are other packages of good quality and pure Go (no cgo wrappers or autoconverted code): + +* [github.com/pierrec/lz4](https://github.com/pierrec/lz4) - strong multithreaded LZ4 compression. +* [github.com/cosnicolaou/pbzip2](https://github.com/cosnicolaou/pbzip2) - multithreaded bzip2 decompression. +* [github.com/dsnet/compress](https://github.com/dsnet/compress) - brotli decompression, bzip2 writer. +* [github.com/ronanh/intcomp](https://github.com/ronanh/intcomp) - Integer compression. +* [github.com/spenczar/fpc](https://github.com/spenczar/fpc) - Float compression. +* [github.com/minio/zipindex](https://github.com/minio/zipindex) - External ZIP directory index. +* [github.com/ybirader/pzip](https://github.com/ybirader/pzip) - Fast concurrent zip archiver and extractor. + +# license + +This code is licensed under the same conditions as the original Go code. See LICENSE file. + + + + + diff --git a/vendor/github.com/klauspost/compress/fse/README.md b/vendor/github.com/klauspost/compress/fse/README.md index ea7324da67..27d8ed56fc 100644 --- a/vendor/github.com/klauspost/compress/fse/README.md +++ b/vendor/github.com/klauspost/compress/fse/README.md @@ -1,79 +1,79 @@ -# Finite State Entropy - -This package provides Finite State Entropy encoding and decoding. - -Finite State Entropy (also referenced as [tANS](https://en.wikipedia.org/wiki/Asymmetric_numeral_systems#tANS)) -encoding provides a fast near-optimal symbol encoding/decoding -for byte blocks as implemented in [zstandard](https://github.com/facebook/zstd). - -This can be used for compressing input with a lot of similar input values to the smallest number of bytes. -This does not perform any multi-byte [dictionary coding](https://en.wikipedia.org/wiki/Dictionary_coder) as LZ coders, -but it can be used as a secondary step to compressors (like Snappy) that does not do entropy encoding. - -* [Godoc documentation](https://godoc.org/github.com/klauspost/compress/fse) - -## News - - * Feb 2018: First implementation released. Consider this beta software for now. - -# Usage - -This package provides a low level interface that allows to compress single independent blocks. - -Each block is separate, and there is no built in integrity checks. -This means that the caller should keep track of block sizes and also do checksums if needed. - -Compressing a block is done via the [`Compress`](https://godoc.org/github.com/klauspost/compress/fse#Compress) function. -You must provide input and will receive the output and maybe an error. - -These error values can be returned: - -| Error | Description | -|---------------------|-----------------------------------------------------------------------------| -| `` | Everything ok, output is returned | -| `ErrIncompressible` | Returned when input is judged to be too hard to compress | -| `ErrUseRLE` | Returned from the compressor when the input is a single byte value repeated | -| `(error)` | An internal error occurred. | - -As can be seen above there are errors that will be returned even under normal operation so it is important to handle these. - -To reduce allocations you can provide a [`Scratch`](https://godoc.org/github.com/klauspost/compress/fse#Scratch) object -that can be re-used for successive calls. Both compression and decompression accepts a `Scratch` object, and the same -object can be used for both. - -Be aware, that when re-using a `Scratch` object that the *output* buffer is also re-used, so if you are still using this -you must set the `Out` field in the scratch to nil. The same buffer is used for compression and decompression output. - -Decompressing is done by calling the [`Decompress`](https://godoc.org/github.com/klauspost/compress/fse#Decompress) function. -You must provide the output from the compression stage, at exactly the size you got back. If you receive an error back -your input was likely corrupted. - -It is important to note that a successful decoding does *not* mean your output matches your original input. -There are no integrity checks, so relying on errors from the decompressor does not assure your data is valid. - -For more detailed usage, see examples in the [godoc documentation](https://godoc.org/github.com/klauspost/compress/fse#pkg-examples). - -# Performance - -A lot of factors are affecting speed. Block sizes and compressibility of the material are primary factors. -All compression functions are currently only running on the calling goroutine so only one core will be used per block. - -The compressor is significantly faster if symbols are kept as small as possible. The highest byte value of the input -is used to reduce some of the processing, so if all your input is above byte value 64 for instance, it may be -beneficial to transpose all your input values down by 64. - -With moderate block sizes around 64k speed are typically 200MB/s per core for compression and -around 300MB/s decompression speed. - -The same hardware typically does Huffman (deflate) encoding at 125MB/s and decompression at 100MB/s. - -# Plans - -At one point, more internals will be exposed to facilitate more "expert" usage of the components. - -A streaming interface is also likely to be implemented. Likely compatible with [FSE stream format](https://github.com/Cyan4973/FiniteStateEntropy/blob/dev/programs/fileio.c#L261). - -# Contributing - -Contributions are always welcome. Be aware that adding public functions will require good justification and breaking +# Finite State Entropy + +This package provides Finite State Entropy encoding and decoding. + +Finite State Entropy (also referenced as [tANS](https://en.wikipedia.org/wiki/Asymmetric_numeral_systems#tANS)) +encoding provides a fast near-optimal symbol encoding/decoding +for byte blocks as implemented in [zstandard](https://github.com/facebook/zstd). + +This can be used for compressing input with a lot of similar input values to the smallest number of bytes. +This does not perform any multi-byte [dictionary coding](https://en.wikipedia.org/wiki/Dictionary_coder) as LZ coders, +but it can be used as a secondary step to compressors (like Snappy) that does not do entropy encoding. + +* [Godoc documentation](https://godoc.org/github.com/klauspost/compress/fse) + +## News + + * Feb 2018: First implementation released. Consider this beta software for now. + +# Usage + +This package provides a low level interface that allows to compress single independent blocks. + +Each block is separate, and there is no built in integrity checks. +This means that the caller should keep track of block sizes and also do checksums if needed. + +Compressing a block is done via the [`Compress`](https://godoc.org/github.com/klauspost/compress/fse#Compress) function. +You must provide input and will receive the output and maybe an error. + +These error values can be returned: + +| Error | Description | +|---------------------|-----------------------------------------------------------------------------| +| `` | Everything ok, output is returned | +| `ErrIncompressible` | Returned when input is judged to be too hard to compress | +| `ErrUseRLE` | Returned from the compressor when the input is a single byte value repeated | +| `(error)` | An internal error occurred. | + +As can be seen above there are errors that will be returned even under normal operation so it is important to handle these. + +To reduce allocations you can provide a [`Scratch`](https://godoc.org/github.com/klauspost/compress/fse#Scratch) object +that can be re-used for successive calls. Both compression and decompression accepts a `Scratch` object, and the same +object can be used for both. + +Be aware, that when re-using a `Scratch` object that the *output* buffer is also re-used, so if you are still using this +you must set the `Out` field in the scratch to nil. The same buffer is used for compression and decompression output. + +Decompressing is done by calling the [`Decompress`](https://godoc.org/github.com/klauspost/compress/fse#Decompress) function. +You must provide the output from the compression stage, at exactly the size you got back. If you receive an error back +your input was likely corrupted. + +It is important to note that a successful decoding does *not* mean your output matches your original input. +There are no integrity checks, so relying on errors from the decompressor does not assure your data is valid. + +For more detailed usage, see examples in the [godoc documentation](https://godoc.org/github.com/klauspost/compress/fse#pkg-examples). + +# Performance + +A lot of factors are affecting speed. Block sizes and compressibility of the material are primary factors. +All compression functions are currently only running on the calling goroutine so only one core will be used per block. + +The compressor is significantly faster if symbols are kept as small as possible. The highest byte value of the input +is used to reduce some of the processing, so if all your input is above byte value 64 for instance, it may be +beneficial to transpose all your input values down by 64. + +With moderate block sizes around 64k speed are typically 200MB/s per core for compression and +around 300MB/s decompression speed. + +The same hardware typically does Huffman (deflate) encoding at 125MB/s and decompression at 100MB/s. + +# Plans + +At one point, more internals will be exposed to facilitate more "expert" usage of the components. + +A streaming interface is also likely to be implemented. Likely compatible with [FSE stream format](https://github.com/Cyan4973/FiniteStateEntropy/blob/dev/programs/fileio.c#L261). + +# Contributing + +Contributions are always welcome. Be aware that adding public functions will require good justification and breaking changes will likely not be accepted. If in doubt open an issue before writing the PR. \ No newline at end of file diff --git a/vendor/github.com/klauspost/compress/huff0/README.md b/vendor/github.com/klauspost/compress/huff0/README.md index 8b6e5c6638..26d5101b36 100644 --- a/vendor/github.com/klauspost/compress/huff0/README.md +++ b/vendor/github.com/klauspost/compress/huff0/README.md @@ -1,89 +1,89 @@ -# Huff0 entropy compression - -This package provides Huff0 encoding and decoding as used in zstd. - -[Huff0](https://github.com/Cyan4973/FiniteStateEntropy#new-generation-entropy-coders), -a Huffman codec designed for modern CPU, featuring OoO (Out of Order) operations on multiple ALU -(Arithmetic Logic Unit), achieving extremely fast compression and decompression speeds. - -This can be used for compressing input with a lot of similar input values to the smallest number of bytes. -This does not perform any multi-byte [dictionary coding](https://en.wikipedia.org/wiki/Dictionary_coder) as LZ coders, -but it can be used as a secondary step to compressors (like Snappy) that does not do entropy encoding. - -* [Godoc documentation](https://godoc.org/github.com/klauspost/compress/huff0) - -## News - -This is used as part of the [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression and decompression package. - -This ensures that most functionality is well tested. - -# Usage - -This package provides a low level interface that allows to compress single independent blocks. - -Each block is separate, and there is no built in integrity checks. -This means that the caller should keep track of block sizes and also do checksums if needed. - -Compressing a block is done via the [`Compress1X`](https://godoc.org/github.com/klauspost/compress/huff0#Compress1X) and -[`Compress4X`](https://godoc.org/github.com/klauspost/compress/huff0#Compress4X) functions. -You must provide input and will receive the output and maybe an error. - -These error values can be returned: - -| Error | Description | -|---------------------|-----------------------------------------------------------------------------| -| `` | Everything ok, output is returned | -| `ErrIncompressible` | Returned when input is judged to be too hard to compress | -| `ErrUseRLE` | Returned from the compressor when the input is a single byte value repeated | -| `ErrTooBig` | Returned if the input block exceeds the maximum allowed size (128 Kib) | -| `(error)` | An internal error occurred. | - - -As can be seen above some of there are errors that will be returned even under normal operation so it is important to handle these. - -To reduce allocations you can provide a [`Scratch`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch) object -that can be re-used for successive calls. Both compression and decompression accepts a `Scratch` object, and the same -object can be used for both. - -Be aware, that when re-using a `Scratch` object that the *output* buffer is also re-used, so if you are still using this -you must set the `Out` field in the scratch to nil. The same buffer is used for compression and decompression output. - -The `Scratch` object will retain state that allows to re-use previous tables for encoding and decoding. - -## Tables and re-use - -Huff0 allows for reusing tables from the previous block to save space if that is expected to give better/faster results. - -The Scratch object allows you to set a [`ReusePolicy`](https://godoc.org/github.com/klauspost/compress/huff0#ReusePolicy) -that controls this behaviour. See the documentation for details. This can be altered between each block. - -Do however note that this information is *not* stored in the output block and it is up to the users of the package to -record whether [`ReadTable`](https://godoc.org/github.com/klauspost/compress/huff0#ReadTable) should be called, -based on the boolean reported back from the CompressXX call. - -If you want to store the table separate from the data, you can access them as `OutData` and `OutTable` on the -[`Scratch`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch) object. - -## Decompressing - -The first part of decoding is to initialize the decoding table through [`ReadTable`](https://godoc.org/github.com/klauspost/compress/huff0#ReadTable). -This will initialize the decoding tables. -You can supply the complete block to `ReadTable` and it will return the data part of the block -which can be given to the decompressor. - -Decompressing is done by calling the [`Decompress1X`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch.Decompress1X) -or [`Decompress4X`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch.Decompress4X) function. - -For concurrently decompressing content with a fixed table a stateless [`Decoder`](https://godoc.org/github.com/klauspost/compress/huff0#Decoder) can be requested which will remain correct as long as the scratch is unchanged. The capacity of the provided slice indicates the expected output size. - -You must provide the output from the compression stage, at exactly the size you got back. If you receive an error back -your input was likely corrupted. - -It is important to note that a successful decoding does *not* mean your output matches your original input. -There are no integrity checks, so relying on errors from the decompressor does not assure your data is valid. - -# Contributing - -Contributions are always welcome. Be aware that adding public functions will require good justification and breaking -changes will likely not be accepted. If in doubt open an issue before writing the PR. +# Huff0 entropy compression + +This package provides Huff0 encoding and decoding as used in zstd. + +[Huff0](https://github.com/Cyan4973/FiniteStateEntropy#new-generation-entropy-coders), +a Huffman codec designed for modern CPU, featuring OoO (Out of Order) operations on multiple ALU +(Arithmetic Logic Unit), achieving extremely fast compression and decompression speeds. + +This can be used for compressing input with a lot of similar input values to the smallest number of bytes. +This does not perform any multi-byte [dictionary coding](https://en.wikipedia.org/wiki/Dictionary_coder) as LZ coders, +but it can be used as a secondary step to compressors (like Snappy) that does not do entropy encoding. + +* [Godoc documentation](https://godoc.org/github.com/klauspost/compress/huff0) + +## News + +This is used as part of the [zstandard](https://github.com/klauspost/compress/tree/master/zstd#zstd) compression and decompression package. + +This ensures that most functionality is well tested. + +# Usage + +This package provides a low level interface that allows to compress single independent blocks. + +Each block is separate, and there is no built in integrity checks. +This means that the caller should keep track of block sizes and also do checksums if needed. + +Compressing a block is done via the [`Compress1X`](https://godoc.org/github.com/klauspost/compress/huff0#Compress1X) and +[`Compress4X`](https://godoc.org/github.com/klauspost/compress/huff0#Compress4X) functions. +You must provide input and will receive the output and maybe an error. + +These error values can be returned: + +| Error | Description | +|---------------------|-----------------------------------------------------------------------------| +| `` | Everything ok, output is returned | +| `ErrIncompressible` | Returned when input is judged to be too hard to compress | +| `ErrUseRLE` | Returned from the compressor when the input is a single byte value repeated | +| `ErrTooBig` | Returned if the input block exceeds the maximum allowed size (128 Kib) | +| `(error)` | An internal error occurred. | + + +As can be seen above some of there are errors that will be returned even under normal operation so it is important to handle these. + +To reduce allocations you can provide a [`Scratch`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch) object +that can be re-used for successive calls. Both compression and decompression accepts a `Scratch` object, and the same +object can be used for both. + +Be aware, that when re-using a `Scratch` object that the *output* buffer is also re-used, so if you are still using this +you must set the `Out` field in the scratch to nil. The same buffer is used for compression and decompression output. + +The `Scratch` object will retain state that allows to re-use previous tables for encoding and decoding. + +## Tables and re-use + +Huff0 allows for reusing tables from the previous block to save space if that is expected to give better/faster results. + +The Scratch object allows you to set a [`ReusePolicy`](https://godoc.org/github.com/klauspost/compress/huff0#ReusePolicy) +that controls this behaviour. See the documentation for details. This can be altered between each block. + +Do however note that this information is *not* stored in the output block and it is up to the users of the package to +record whether [`ReadTable`](https://godoc.org/github.com/klauspost/compress/huff0#ReadTable) should be called, +based on the boolean reported back from the CompressXX call. + +If you want to store the table separate from the data, you can access them as `OutData` and `OutTable` on the +[`Scratch`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch) object. + +## Decompressing + +The first part of decoding is to initialize the decoding table through [`ReadTable`](https://godoc.org/github.com/klauspost/compress/huff0#ReadTable). +This will initialize the decoding tables. +You can supply the complete block to `ReadTable` and it will return the data part of the block +which can be given to the decompressor. + +Decompressing is done by calling the [`Decompress1X`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch.Decompress1X) +or [`Decompress4X`](https://godoc.org/github.com/klauspost/compress/huff0#Scratch.Decompress4X) function. + +For concurrently decompressing content with a fixed table a stateless [`Decoder`](https://godoc.org/github.com/klauspost/compress/huff0#Decoder) can be requested which will remain correct as long as the scratch is unchanged. The capacity of the provided slice indicates the expected output size. + +You must provide the output from the compression stage, at exactly the size you got back. If you receive an error back +your input was likely corrupted. + +It is important to note that a successful decoding does *not* mean your output matches your original input. +There are no integrity checks, so relying on errors from the decompressor does not assure your data is valid. + +# Contributing + +Contributions are always welcome. Be aware that adding public functions will require good justification and breaking +changes will likely not be accepted. If in doubt open an issue before writing the PR. diff --git a/vendor/github.com/lestrrat-go/httprc/v3/Changes b/vendor/github.com/lestrrat-go/httprc/v3/Changes index 001c8c5444..32357a060c 100644 --- a/vendor/github.com/lestrrat-go/httprc/v3/Changes +++ b/vendor/github.com/lestrrat-go/httprc/v3/Changes @@ -1,6 +1,13 @@ Changes ======= +v3.0.6 07 Jun 2026 + * Back off on HTTP fetch failure (connection refused, DNS failure, + timeout) by scheduling the next refresh at now+MinInterval, instead + of re-dispatching the resource in a tight ~1s loop (#119, #130) + * Document anchoring of RegexpWhitelist patterns + (e.g. `^https://example\.com/`) and add a runnable example (#125) + v3.0.5 30 Mar 2026 * Fix periodic check deadlock when number of ready resources exceeds outgoing channel buffer, which caused circular wait between controller diff --git a/vendor/github.com/lestrrat-go/httprc/v3/README.md b/vendor/github.com/lestrrat-go/httprc/v3/README.md index 68239669a2..4f353d29d2 100644 --- a/vendor/github.com/lestrrat-go/httprc/v3/README.md +++ b/vendor/github.com/lestrrat-go/httprc/v3/README.md @@ -65,6 +65,58 @@ If the values obtained from the headers fall within that range, the value from t used. If the value is larger than the maximum, the maximum is used. If the value is lower than the minimum, the minimum is used. +# Whitelisting URLs + +By default the client allows all URLs. If you store resources whose URLs come from +untrusted sources, you should restrict what can be fetched by passing a whitelist +via `httprc.WithWhitelist`. Several implementations are provided: `BlockAllWhitelist`, +`InsecureWhitelist` (allow all), `MapWhitelist` (exact string match), and +`RegexpWhitelist`. + +## A note on `RegexpWhitelist` patterns + +`RegexpWhitelist` matches each URL with `(*regexp.Regexp).MatchString`, which returns +true when the pattern matches **any substring** of the URL. Patterns are **not** +anchored for you, so a naive pattern can allow far more than you intend. + +Consider the difference between these two patterns: + +```go +// BAD: unanchored, dots unescaped +regexp.MustCompile(`http://example.com`) + +// GOOD: anchored at the start, dots escaped, host terminated with `/` +regexp.MustCompile(`^https://example\.com/`) +``` + +The unanchored `http://example.com` pattern will happily allow URLs such as: + +- `http://example.com.attacker.com/evil` — the real host is `attacker.com`; the + pattern only required `example.com` to appear *somewhere*, and without a trailing + `/` it does not stop at the end of the host. +- `http://attacker.com/?redirect=http://example.com` — the pattern appears inside + the query string, so the match succeeds even though the host is `attacker.com`. +- `httpsX//exampleYcom` — `.` is the regular-expression "any character" + metacharacter, so the dots match more than literal dots. + +To pin a pattern to a specific origin: + +1. **Anchor the start** with `^` so the match must begin at the start of the URL. +2. **Escape the dots** (`\.`) so they only match a literal `.`. +3. **Terminate the host** with `/` so `example.com` cannot be extended into + `example.com.attacker.com`. + +A couple of edge cases to keep in mind: + +- Requiring the trailing `/` means the bare origin `https://example.com` (no path) + will not match. Add a second pattern such as `^https://example\.com$` if you need + to allow it. +- If your URLs may include a port, allow for it explicitly, e.g. + `^https://example\.com(:\d+)?/`. + +See `ExampleRegexpWhitelist` in `whitelist_example_test.go` for a runnable +demonstration of the difference between anchored and unanchored patterns. + # SYNOPSIS diff --git a/vendor/github.com/lestrrat-go/httprc/v3/resource.go b/vendor/github.com/lestrrat-go/httprc/v3/resource.go index 0f0d140d27..1e957cbfa3 100644 --- a/vendor/github.com/lestrrat-go/httprc/v3/resource.go +++ b/vendor/github.com/lestrrat-go/httprc/v3/resource.go @@ -232,6 +232,10 @@ func (r *ResourceBase[T]) Sync(ctx context.Context) error { traceSink.Put(ctx, fmt.Sprintf("httprc.Resource.Sync: fetching %q", r.u)) res, err := httpcl.Do(req) if err != nil { + // Schedule retry after MinInterval so that connection failures + // don't cause a tight retry loop (the resource's Next stays at + // epoch if we don't update it here). + r.SetNext(time.Now().Add(r.MinInterval())) return fmt.Errorf(`httprc.Resource.Sync: failed to execute HTTP request: %w`, err) } defer res.Body.Close() diff --git a/vendor/github.com/lestrrat-go/httprc/v3/whitelist.go b/vendor/github.com/lestrrat-go/httprc/v3/whitelist.go index 74ef2a1be6..9a55d6e5c5 100644 --- a/vendor/github.com/lestrrat-go/httprc/v3/whitelist.go +++ b/vendor/github.com/lestrrat-go/httprc/v3/whitelist.go @@ -49,6 +49,29 @@ func (InsecureWhitelist) IsAllowed(_ string) bool { return true } // RegexpWhitelist is a jwk.Whitelist object comprised of a list of *regexp.Regexp // objects. All entries in the list are tried until one matches. If none of the // *regexp.Regexp objects match, then the URL is deemed unallowed. +// +// Matching is performed using (*regexp.Regexp).MatchString, which succeeds when +// the pattern matches ANY substring of the URL — it is NOT anchored automatically. +// This has important security implications: a pattern like `http://example.com` +// will match URLs you almost certainly did not intend to allow, such as +// `http://example.com.attacker.com/` (the host is actually attacker.com) or +// `http://attacker.com/?u=http://example.com` (the pattern appears in the query). +// +// To restrict to a specific origin, anchor the pattern at the start with `^`, +// escape the dots in the host (`.` is the "any character" metacharacter in a +// regular expression), and terminate the host with a `/` so that it cannot be +// extended into a subdomain: +// +// // GOOD: only matches the example.com origin and its paths +// regexp.MustCompile(`^https://example\.com/`) +// +// // BAD: also matches example.com.attacker.com, attacker.com/?x=http://example.com, httpsX//exampleYcom, ... +// regexp.MustCompile(`http://example.com`) +// +// Note that requiring a trailing `/` means the bare origin URL `https://example.com` +// (no path) will not match; register an additional pattern such as +// `^https://example\.com$` if you need to allow it. Likewise, account for an +// optional port (e.g. `^https://example\.com(:\d+)?/`) if your URLs may include one. type RegexpWhitelist struct { mu sync.RWMutex patterns []*regexp.Regexp diff --git a/vendor/github.com/mattn/go-colorable/colorable_windows.go b/vendor/github.com/mattn/go-colorable/colorable_windows.go index 2df7b8598a..426a409ca4 100644 --- a/vendor/github.com/mattn/go-colorable/colorable_windows.go +++ b/vendor/github.com/mattn/go-colorable/colorable_windows.go @@ -5,13 +5,13 @@ package colorable import ( "bytes" + syscall "golang.org/x/sys/windows" "io" "math" "os" "strconv" "strings" "sync" - syscall "golang.org/x/sys/windows" "unsafe" "github.com/mattn/go-isatty" @@ -93,6 +93,7 @@ type writer struct { handle syscall.Handle althandle syscall.Handle oldattr word + curattr word oldpos coord rest bytes.Buffer mutex sync.Mutex @@ -112,7 +113,7 @@ func NewColorable(file *os.File) io.Writer { var csbi consoleScreenBufferInfo handle := syscall.Handle(file.Fd()) procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi))) - return &writer{out: file, handle: handle, oldattr: csbi.attributes, oldpos: coord{0, 0}} + return &writer{out: file, handle: handle, oldattr: csbi.attributes, curattr: csbi.attributes, oldpos: coord{0, 0}} } return file } @@ -438,7 +439,11 @@ func (w *writer) Write(data []byte) (n int, err error) { w.mutex.Lock() defer w.mutex.Unlock() var csbi consoleScreenBufferInfo - procGetConsoleScreenBufferInfo.Call(uintptr(w.handle), uintptr(unsafe.Pointer(&csbi))) + + if w.rest.Len() == 0 && bytes.IndexByte(data, 0x1b) == -1 { + w.out.Write(data) + return len(data), nil + } handle := w.handle @@ -517,7 +522,7 @@ loop: w.rest.Reset() break } - buf.Write([]byte(string(c))) + buf.WriteByte(c) } if m == 0 { break loop @@ -678,11 +683,11 @@ loop: procFillConsoleOutputCharacter.Call(uintptr(handle), uintptr(' '), uintptr(n), *(*uintptr)(unsafe.Pointer(&cursor)), uintptr(unsafe.Pointer(&written))) procFillConsoleOutputAttribute.Call(uintptr(handle), uintptr(csbi.attributes), uintptr(n), *(*uintptr)(unsafe.Pointer(&cursor)), uintptr(unsafe.Pointer(&written))) case 'm': - procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi))) - attr := csbi.attributes + attr := w.curattr cs := buf.String() if cs == "" { procSetConsoleTextAttribute.Call(uintptr(handle), uintptr(w.oldattr)) + w.curattr = w.oldattr continue } token := strings.Split(cs, ";") @@ -814,9 +819,12 @@ loop: attr |= backgroundBlue } } - procSetConsoleTextAttribute.Call(uintptr(handle), uintptr(attr)) } } + if attr != w.curattr { + procSetConsoleTextAttribute.Call(uintptr(handle), uintptr(attr)) + w.curattr = attr + } case 'h': var ci consoleCursorInfo cs := buf.String() @@ -834,6 +842,8 @@ loop: w.althandle = syscall.Handle(h) if w.althandle != 0 { handle = w.althandle + procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi))) + w.curattr = csbi.attributes } } } @@ -853,6 +863,8 @@ loop: syscall.CloseHandle(w.althandle) w.althandle = 0 handle = w.handle + procGetConsoleScreenBufferInfo.Call(uintptr(handle), uintptr(unsafe.Pointer(&csbi))) + w.curattr = csbi.attributes } } case 's': diff --git a/vendor/github.com/mattn/go-isatty/isatty_others.go b/vendor/github.com/mattn/go-isatty/isatty_others.go index 7402e0618a..b24a2fadc9 100644 --- a/vendor/github.com/mattn/go-isatty/isatty_others.go +++ b/vendor/github.com/mattn/go-isatty/isatty_others.go @@ -1,5 +1,5 @@ -//go:build (appengine || js || nacl || tinygo || wasm) && !windows -// +build appengine js nacl tinygo wasm +//go:build (appengine || js || nacl || tinygo || wasm || wasip1 || wasip2) && !windows +// +build appengine js nacl tinygo wasm wasip1 wasip2 // +build !windows package isatty diff --git a/vendor/github.com/mattn/go-isatty/isatty_windows.go b/vendor/github.com/mattn/go-isatty/isatty_windows.go index 8e3c99171b..5f29c11dd2 100644 --- a/vendor/github.com/mattn/go-isatty/isatty_windows.go +++ b/vendor/github.com/mattn/go-isatty/isatty_windows.go @@ -31,6 +31,10 @@ func init() { if procGetFileInformationByHandleEx.Find() != nil { procGetFileInformationByHandleEx = nil } + // Check if NtQueryObject is available. + if procNtQueryObject.Find() != nil { + procNtQueryObject = nil + } } // IsTerminal return true if the file descriptor is terminal. @@ -43,6 +47,7 @@ func IsTerminal(fd uintptr) bool { // Check pipe name is used for cygwin/msys2 pty. // Cygwin/MSYS2 PTY has a name like: // \{cygwin,msys}-XXXXXXXXXXXXXXXX-ptyN-{from,to}-master +// On Windows 7 a trailing suffix (e.g. "-nat") may be appended. func isCygwinPipeName(name string) bool { token := strings.Split(name, "-") if len(token) < 5 { @@ -72,13 +77,19 @@ func isCygwinPipeName(name string) bool { return false } + for _, t := range token[5:] { + if t == "" { + return false + } + } + return true } -// getFileNameByHandle use the undocomented ntdll NtQueryObject to get file full name from file handler +// getFileNameByHandle use the undocumented ntdll NtQueryObject to get file full name from file handler // since GetFileInformationByHandleEx is not available under windows Vista and still some old fashion // guys are using Windows XP, this is a workaround for those guys, it will also work on system from -// Windows vista to 10 +// Windows Vista to 10 // see https://stackoverflow.com/a/18792477 for details func getFileNameByHandle(fd uintptr) (string, error) { if procNtQueryObject == nil { diff --git a/vendor/github.com/mattn/go-runewidth/SECURITY.md b/vendor/github.com/mattn/go-runewidth/SECURITY.md new file mode 100644 index 0000000000..a6898ee701 --- /dev/null +++ b/vendor/github.com/mattn/go-runewidth/SECURITY.md @@ -0,0 +1,25 @@ +# Security Policy + +## Supported Versions + +The following versions of go-runewidth are currently supported with +security updates. + +| Version | Supported | +| -------- | ------------------ | +| 0.0.23 | :white_check_mark: | +| < 0.0.23 | :x: | + +## Reporting a Vulnerability + +If you discover a security vulnerability in go-runewidth, please report it +privately via GitHub's "Report a vulnerability" feature on the Security tab +of the repository (https://github.com/mattn/go-runewidth/security), or by +emailing the maintainer at mattn.jp@gmail.com. + +Please include a description of the issue, reproduction steps, and the +affected version. You can expect an initial response within one week. If +the vulnerability is accepted, a fix will be prepared and a new release +will be published; you will be credited in the release notes unless you +request otherwise. If the report is declined, you will receive an +explanation of the reasoning. diff --git a/vendor/github.com/mattn/go-runewidth/runewidth.go b/vendor/github.com/mattn/go-runewidth/runewidth.go index a8c9c1fb10..6b958fdd49 100644 --- a/vendor/github.com/mattn/go-runewidth/runewidth.go +++ b/vendor/github.com/mattn/go-runewidth/runewidth.go @@ -2,7 +2,9 @@ package runewidth import ( "os" + "sort" "strings" + "unicode/utf8" "github.com/clipperhouse/uax29/v2/graphemes" ) @@ -23,10 +25,54 @@ var ( } ) +var ( + zerowidth table // combining + nonprint merged for faster zero-width lookup + widewidth table // ambiguous + doublewidth merged for EA path + eastAsianWidth widthTable + eastAsianWidth0 [0x300]byte +) + func init() { + zerowidth = mergeIntervals(combining, nonprint) + widewidth = mergeIntervals(ambiguous, doublewidth) + eastAsianWidth = makeWidthTable(zerowidth, widewidth) + for r := range eastAsianWidth0 { + eastAsianWidth0[r] = byte(runeWidthEastAsian(rune(r))) + } handleEnv() } +func mergeIntervals(t1, t2 table) table { + merged := make(table, 0, len(t1)+len(t2)) + i, j := 0, 0 + for i < len(t1) && j < len(t2) { + if t1[i].first <= t2[j].first { + merged = append(merged, t1[i]) + i++ + } else { + merged = append(merged, t2[j]) + j++ + } + } + merged = append(merged, t1[i:]...) + merged = append(merged, t2[j:]...) + if len(merged) == 0 { + return merged + } + result := merged[:1] + for _, iv := range merged[1:] { + last := &result[len(result)-1] + if iv.first <= last.last+1 { + if iv.last > last.last { + last.last = iv.last + } + } else { + result = append(result, iv) + } + } + return result +} + func handleEnv() { env := os.Getenv("RUNEWIDTH_EASTASIAN") if env == "" { @@ -51,15 +97,14 @@ type interval struct { type table []interval -func inTables(r rune, ts ...table) bool { - for _, t := range ts { - if inTable(r, t) { - return true - } - } - return false +type widthInterval struct { + first rune + last rune + width byte } +type widthTable []widthInterval + func inTable(r rune, t table) bool { if r < t[0].first { return false @@ -86,6 +131,71 @@ func inTable(r rune, t table) bool { return false } +func makeWidthTable(zero, two table) widthTable { + wt := make(widthTable, 0, len(zero)+len(two)) + zi := 0 + for _, iv := range two { + start := iv.first + for zi < len(zero) && zero[zi].last < start { + zi++ + } + for i := zi; i < len(zero) && zero[i].first <= iv.last; i++ { + if start < zero[i].first { + wt = append(wt, widthInterval{start, zero[i].first - 1, 2}) + } + if start <= zero[i].last { + start = zero[i].last + 1 + } + if start > iv.last { + break + } + } + if start <= iv.last { + wt = append(wt, widthInterval{start, iv.last, 2}) + } + } + for _, iv := range zero { + wt = append(wt, widthInterval{iv.first, iv.last, 0}) + } + sort.Slice(wt, func(i, j int) bool { + return wt[i].first < wt[j].first + }) + return wt +} + +func inWidthTable(r rune, t widthTable) (int, bool) { + if r < t[0].first { + return 0, false + } + if r > t[len(t)-1].last { + return 0, false + } + + bot := 0 + top := len(t) - 1 + for top >= bot { + mid := (bot + top) >> 1 + + switch { + case t[mid].last < r: + bot = mid + 1 + case t[mid].first > r: + top = mid - 1 + default: + return int(t[mid].width), true + } + } + + return 0, false +} + +func runeWidthEastAsian(r rune) int { + if w, ok := inWidthTable(r, eastAsianWidth); ok { + return w + } + return 1 +} + var private = table{ {0x00E000, 0x00F8FF}, {0x0F0000, 0x0FFFFD}, {0x100000, 0x10FFFD}, } @@ -123,36 +233,35 @@ func (c *Condition) RuneWidth(r rune) int { } // optimized version, verified by TestRuneWidthChecksums() if !c.EastAsianWidth { - switch { - case r < 0x20: - return 0 - case (r >= 0x7F && r <= 0x9F) || r == 0xAD: // nonprint + if r < 0x20 { return 0 - case r < 0x300: - return 1 - case inTable(r, narrow): - return 1 - case inTables(r, nonprint, combining): + } + if (r >= 0x7F && r <= 0x9F) || r == 0xAD { // nonprint return 0 - case inTable(r, doublewidth): - return 2 - default: + } + if r < 0x300 { return 1 } - } else { switch { - case inTables(r, nonprint, combining): + case inTable(r, zerowidth): return 0 - case inTable(r, narrow): - return 1 - case inTables(r, ambiguous, doublewidth): - return 2 - case !c.StrictEmojiNeutral && inTables(r, ambiguous, emoji, narrow): + case inTable(r, doublewidth): return 2 default: return 1 } } + + if r < 0x300 { + return int(eastAsianWidth0[r]) + } + if w, ok := inWidthTable(r, eastAsianWidth); ok { + return w + } + if !c.StrictEmojiNeutral && inTable(r, emoji) { + return 2 + } + return 1 } // CreateLUT will create an in-memory lookup table of 557056 bytes for faster operation. @@ -178,6 +287,33 @@ func (c *Condition) CreateLUT() { // StringWidth return width as you can see func (c *Condition) StringWidth(s string) (width int) { + if len(s) == 1 { + b := s[0] + if b < 0x20 || b == 0x7F { + return 0 + } + return 1 + } + if len(s) > 0 && len(s) <= utf8.UTFMax { + r, size := utf8.DecodeRuneInString(s) + if size == len(s) { + return c.RuneWidth(r) + } + } + // ASCII fast path: no grapheme clustering needed for pure ASCII + for i := 0; i < len(s); i++ { + b := s[i] + if b >= 0x80 { + goto graphemes + } + if b >= 0x20 && b != 0x7F { + width++ + } + } + return + +graphemes: + width = 0 g := graphemes.FromString(s) for g.Next() { var chWidth int @@ -257,24 +393,25 @@ func (c *Condition) TruncateLeft(s string, w int, prefix string) string { // Wrap return string wrapped with w cells func (c *Condition) Wrap(s string, w int) string { width := 0 - out := "" + var out strings.Builder + out.Grow(len(s) + len(s)/w + 1) for _, r := range s { cw := c.RuneWidth(r) if r == '\n' { - out += string(r) + out.WriteRune(r) width = 0 continue } else if width+cw > w { - out += "\n" + out.WriteByte('\n') width = 0 - out += string(r) + out.WriteRune(r) width += cw continue } - out += string(r) + out.WriteRune(r) width += cw } - return out + return out.String() } // FillLeft return string filled in left by spaces in w cells @@ -313,7 +450,7 @@ func RuneWidth(r rune) int { // IsAmbiguousWidth returns whether is ambiguous width or not. func IsAmbiguousWidth(r rune) bool { - return inTables(r, private, ambiguous) + return inTable(r, private) || inTable(r, ambiguous) } // IsCombiningWidth returns whether is combining width or not. diff --git a/vendor/github.com/open-policy-agent/opa/capabilities/v1.15.2.json b/vendor/github.com/open-policy-agent/opa/capabilities/v1.15.2.json new file mode 100644 index 0000000000..9eb82c2968 --- /dev/null +++ b/vendor/github.com/open-policy-agent/opa/capabilities/v1.15.2.json @@ -0,0 +1,4916 @@ +{ + "builtins": [ + { + "name": "abs", + "decl": { + "args": [ + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "all", + "decl": { + "args": [ + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "and", + "decl": { + "args": [ + { + "of": { + "type": "any" + }, + "type": "set" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "result": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "function" + }, + "infix": "\u0026" + }, + { + "name": "any", + "decl": { + "args": [ + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "array.concat", + "decl": { + "args": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "result": { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "array.flatten", + "decl": { + "args": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "result": { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "array.reverse", + "decl": { + "args": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "result": { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "array.slice", + "decl": { + "args": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "assign", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": ":=" + }, + { + "name": "base64.decode", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "base64.encode", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "base64.is_valid", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "base64url.decode", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "base64url.encode", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "base64url.encode_no_pad", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "bits.and", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "bits.lsh", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "bits.negate", + "decl": { + "args": [ + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "bits.or", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "bits.rsh", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "bits.xor", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "cast_array", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "cast_boolean", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "cast_null", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "null" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "cast_object", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "cast_set", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "cast_string", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "string" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "ceil", + "decl": { + "args": [ + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "concat", + "decl": { + "args": [ + { + "type": "string" + }, + { + "of": [ + { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + { + "of": { + "type": "string" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "contains", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "count", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "crypto.hmac.equal", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "crypto.hmac.md5", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "crypto.hmac.sha1", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "crypto.hmac.sha256", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "crypto.hmac.sha512", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "crypto.md5", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "crypto.parse_private_keys", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "dynamic": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "crypto.sha1", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "crypto.sha256", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "crypto.x509.parse_and_verify_certificates", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "static": [ + { + "type": "boolean" + }, + { + "dynamic": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "array" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "crypto.x509.parse_and_verify_certificates_with_options", + "decl": { + "args": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "result": { + "static": [ + { + "type": "boolean" + }, + { + "dynamic": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "array" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "crypto.x509.parse_certificate_request", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + } + }, + { + "name": "crypto.x509.parse_certificates", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "dynamic": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "crypto.x509.parse_keypair", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + } + }, + { + "name": "crypto.x509.parse_rsa_private_key", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + } + }, + { + "name": "div", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + }, + "infix": "/" + }, + { + "name": "endswith", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "eq", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": "=" + }, + { + "name": "equal", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": "==" + }, + { + "name": "floor", + "decl": { + "args": [ + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "format_int", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "glob.match", + "decl": { + "args": [ + { + "type": "string" + }, + { + "of": [ + { + "type": "null" + }, + { + "dynamic": { + "type": "string" + }, + "type": "array" + } + ], + "type": "any" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "glob.quote_meta", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "graph.reachable", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + }, + "type": "object" + }, + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "function" + } + }, + { + "name": "graph.reachable_paths", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + }, + "type": "object" + }, + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "of": { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + "type": "set" + }, + "type": "function" + } + }, + { + "name": "graphql.is_valid", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + }, + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "graphql.parse", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + }, + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + } + ], + "result": { + "static": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "graphql.parse_and_verify", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + }, + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + } + ], + "result": { + "static": [ + { + "type": "boolean" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "graphql.parse_query", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + } + }, + { + "name": "graphql.parse_schema", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + } + }, + { + "name": "graphql.schema_is_valid", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "gt", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": "\u003e" + }, + { + "name": "gte", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": "\u003e=" + }, + { + "name": "hex.decode", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "hex.encode", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "http.send", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "result": { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + }, + "nondeterministic": true + }, + { + "name": "indexof", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "indexof_n", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "dynamic": { + "type": "number" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "internal.member_2", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": "in" + }, + { + "name": "internal.member_3", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": "in" + }, + { + "name": "internal.print", + "decl": { + "args": [ + { + "dynamic": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "array" + } + ], + "type": "function" + } + }, + { + "name": "internal.template_string", + "decl": { + "args": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "internal.test_case", + "decl": { + "args": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "function" + } + }, + { + "name": "intersection", + "decl": { + "args": [ + { + "of": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "set" + } + ], + "result": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "function" + } + }, + { + "name": "io.jwt.decode", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "static": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "type": "string" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "io.jwt.decode_verify", + "decl": { + "args": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "result": { + "static": [ + { + "type": "boolean" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "array" + }, + "type": "function" + }, + "nondeterministic": true + }, + { + "name": "io.jwt.encode_sign", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "result": { + "type": "string" + }, + "type": "function" + }, + "nondeterministic": true + }, + { + "name": "io.jwt.encode_sign_raw", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + }, + "nondeterministic": true + }, + { + "name": "io.jwt.verify_eddsa", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_es256", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_es384", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_es512", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_hs256", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_hs384", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_hs512", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_ps256", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_ps384", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_ps512", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_rs256", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_rs384", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "io.jwt.verify_rs512", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "is_array", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "is_boolean", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "is_null", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "is_number", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "is_object", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "is_set", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "is_string", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "json.filter", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "of": [ + { + "dynamic": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + }, + "type": "array" + }, + { + "of": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "json.is_valid", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "json.marshal", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "json.marshal_with_options", + "decl": { + "args": [ + { + "type": "any" + }, + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "static": [ + { + "key": "indent", + "value": { + "type": "string" + } + }, + { + "key": "prefix", + "value": { + "type": "string" + } + }, + { + "key": "pretty", + "value": { + "type": "boolean" + } + } + ], + "type": "object" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "json.match_schema", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + }, + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + } + ], + "result": { + "static": [ + { + "type": "boolean" + }, + { + "dynamic": { + "static": [ + { + "key": "desc", + "value": { + "type": "string" + } + }, + { + "key": "error", + "value": { + "type": "string" + } + }, + { + "key": "field", + "value": { + "type": "string" + } + }, + { + "key": "type", + "value": { + "type": "string" + } + } + ], + "type": "object" + }, + "type": "array" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "json.patch", + "decl": { + "args": [ + { + "type": "any" + }, + { + "dynamic": { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "static": [ + { + "key": "op", + "value": { + "type": "string" + } + }, + { + "key": "path", + "value": { + "type": "any" + } + } + ], + "type": "object" + }, + "type": "array" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "json.remove", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "of": [ + { + "dynamic": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + }, + "type": "array" + }, + { + "of": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "json.unmarshal", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "json.verify_schema", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "type": "any" + } + ], + "result": { + "static": [ + { + "type": "boolean" + }, + { + "of": [ + { + "type": "null" + }, + { + "type": "string" + } + ], + "type": "any" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "lower", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "lt", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": "\u003c" + }, + { + "name": "lte", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": "\u003c=" + }, + { + "name": "max", + "decl": { + "args": [ + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "min", + "decl": { + "args": [ + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "minus", + "decl": { + "args": [ + { + "of": [ + { + "type": "number" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + }, + { + "of": [ + { + "type": "number" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "of": [ + { + "type": "number" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + }, + "type": "function" + }, + "infix": "-" + }, + { + "name": "mul", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + }, + "infix": "*" + }, + { + "name": "neq", + "decl": { + "args": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "infix": "!=" + }, + { + "name": "net.cidr_contains", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "net.cidr_contains_matches", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + }, + "type": "array" + }, + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + } + }, + "type": "object" + }, + { + "of": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + }, + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + }, + "type": "array" + }, + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + } + }, + "type": "object" + }, + { + "of": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "of": { + "static": [ + { + "type": "any" + }, + { + "type": "any" + } + ], + "type": "array" + }, + "type": "set" + }, + "type": "function" + } + }, + { + "name": "net.cidr_expand", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "of": { + "type": "string" + }, + "type": "set" + }, + "type": "function" + } + }, + { + "name": "net.cidr_intersects", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "net.cidr_is_valid", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "net.cidr_merge", + "decl": { + "args": [ + { + "of": [ + { + "dynamic": { + "of": [ + { + "type": "string" + } + ], + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "string" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "of": { + "type": "string" + }, + "type": "set" + }, + "type": "function" + } + }, + { + "name": "net.cidr_overlap", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "net.lookup_ip_addr", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "of": { + "type": "string" + }, + "type": "set" + }, + "type": "function" + }, + "nondeterministic": true + }, + { + "name": "numbers.range", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "dynamic": { + "type": "number" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "numbers.range_step", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "dynamic": { + "type": "number" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "object.filter", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "object.get", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "type": "any" + }, + { + "type": "any" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "object.keys", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "result": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "function" + } + }, + { + "name": "object.remove", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "object.subset", + "decl": { + "args": [ + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + }, + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "object.union", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "object.union_n", + "decl": { + "args": [ + { + "dynamic": { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "array" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "opa.runtime", + "decl": { + "result": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + }, + "nondeterministic": true + }, + { + "name": "or", + "decl": { + "args": [ + { + "of": { + "type": "any" + }, + "type": "set" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "result": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "function" + }, + "infix": "|" + }, + { + "name": "plus", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + }, + "infix": "+" + }, + { + "name": "print", + "decl": { + "type": "function", + "variadic": { + "type": "any" + } + } + }, + { + "name": "product", + "decl": { + "args": [ + { + "of": [ + { + "dynamic": { + "type": "number" + }, + "type": "array" + }, + { + "of": { + "type": "number" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "providers.aws.sign_req", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + { + "type": "number" + } + ], + "result": { + "dynamic": { + "key": { + "type": "any" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + } + }, + { + "name": "rand.intn", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + }, + "nondeterministic": true + }, + { + "name": "re_match", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "regex.find_all_string_submatch_n", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + }, + { + "type": "number" + } + ], + "result": { + "dynamic": { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "regex.find_n", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + }, + { + "type": "number" + } + ], + "result": { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "regex.globs_match", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "regex.is_valid", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "regex.match", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "regex.replace", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "regex.split", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "regex.template_match", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + }, + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "rego.metadata.chain", + "decl": { + "result": { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "rego.metadata.rule", + "decl": { + "result": { + "type": "any" + }, + "type": "function" + } + }, + { + "name": "rego.parse_module", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + } + }, + { + "name": "rem", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + }, + "infix": "%" + }, + { + "name": "replace", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "round", + "decl": { + "args": [ + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "semver.compare", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "semver.is_valid", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "set_diff", + "decl": { + "args": [ + { + "of": { + "type": "any" + }, + "type": "set" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "result": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "function" + }, + "deprecated": true + }, + { + "name": "sort", + "decl": { + "args": [ + { + "of": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "of": { + "type": "any" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "split", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + "type": "function" + } + }, + { + "name": "sprintf", + "decl": { + "args": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "any" + }, + "type": "array" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "startswith", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "strings.any_prefix_match", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + { + "of": { + "type": "string" + }, + "type": "set" + } + ], + "type": "any" + }, + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + { + "of": { + "type": "string" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "strings.any_suffix_match", + "decl": { + "args": [ + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + { + "of": { + "type": "string" + }, + "type": "set" + } + ], + "type": "any" + }, + { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + { + "of": { + "type": "string" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "strings.count", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "strings.render_template", + "decl": { + "args": [ + { + "type": "string" + }, + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "strings.replace_n", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "strings.reverse", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "substring", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "sum", + "decl": { + "args": [ + { + "of": [ + { + "dynamic": { + "type": "number" + }, + "type": "array" + }, + { + "of": { + "type": "number" + }, + "type": "set" + } + ], + "type": "any" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "time.add_date", + "decl": { + "args": [ + { + "type": "number" + }, + { + "type": "number" + }, + { + "type": "number" + }, + { + "type": "number" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "time.clock", + "decl": { + "args": [ + { + "of": [ + { + "type": "number" + }, + { + "static": [ + { + "type": "number" + }, + { + "type": "string" + } + ], + "type": "array" + } + ], + "type": "any" + } + ], + "result": { + "static": [ + { + "type": "number" + }, + { + "type": "number" + }, + { + "type": "number" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "time.date", + "decl": { + "args": [ + { + "of": [ + { + "type": "number" + }, + { + "static": [ + { + "type": "number" + }, + { + "type": "string" + } + ], + "type": "array" + } + ], + "type": "any" + } + ], + "result": { + "static": [ + { + "type": "number" + }, + { + "type": "number" + }, + { + "type": "number" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "time.diff", + "decl": { + "args": [ + { + "of": [ + { + "type": "number" + }, + { + "static": [ + { + "type": "number" + }, + { + "type": "string" + } + ], + "type": "array" + } + ], + "type": "any" + }, + { + "of": [ + { + "type": "number" + }, + { + "static": [ + { + "type": "number" + }, + { + "type": "string" + } + ], + "type": "array" + } + ], + "type": "any" + } + ], + "result": { + "static": [ + { + "type": "number" + }, + { + "type": "number" + }, + { + "type": "number" + }, + { + "type": "number" + }, + { + "type": "number" + }, + { + "type": "number" + } + ], + "type": "array" + }, + "type": "function" + } + }, + { + "name": "time.format", + "decl": { + "args": [ + { + "of": [ + { + "type": "number" + }, + { + "static": [ + { + "type": "number" + }, + { + "type": "string" + } + ], + "type": "array" + }, + { + "static": [ + { + "type": "number" + }, + { + "type": "string" + }, + { + "type": "string" + } + ], + "type": "array" + } + ], + "type": "any" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "time.now_ns", + "decl": { + "result": { + "type": "number" + }, + "type": "function" + }, + "nondeterministic": true + }, + { + "name": "time.parse_duration_ns", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "time.parse_ns", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "time.parse_rfc3339_ns", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "time.weekday", + "decl": { + "args": [ + { + "of": [ + { + "type": "number" + }, + { + "static": [ + { + "type": "number" + }, + { + "type": "string" + } + ], + "type": "array" + } + ], + "type": "any" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "to_number", + "decl": { + "args": [ + { + "of": [ + { + "type": "null" + }, + { + "type": "boolean" + }, + { + "type": "number" + }, + { + "type": "string" + } + ], + "type": "any" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "trace", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "trim", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "trim_left", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "trim_prefix", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "trim_right", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "trim_space", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "trim_suffix", + "decl": { + "args": [ + { + "type": "string" + }, + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "type_name", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "union", + "decl": { + "args": [ + { + "of": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "set" + } + ], + "result": { + "of": { + "type": "any" + }, + "type": "set" + }, + "type": "function" + } + }, + { + "name": "units.parse", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "units.parse_bytes", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "number" + }, + "type": "function" + } + }, + { + "name": "upper", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "urlquery.decode", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "urlquery.decode_object", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "dynamic": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "function" + } + }, + { + "name": "urlquery.encode", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "urlquery.encode_object", + "decl": { + "args": [ + { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "of": [ + { + "type": "string" + }, + { + "dynamic": { + "type": "string" + }, + "type": "array" + }, + { + "of": { + "type": "string" + }, + "type": "set" + } + ], + "type": "any" + } + }, + "type": "object" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "uuid.parse", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "dynamic": { + "key": { + "type": "string" + }, + "value": { + "type": "any" + } + }, + "type": "object" + }, + "type": "function" + } + }, + { + "name": "uuid.rfc4122", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "string" + }, + "type": "function" + }, + "nondeterministic": true + }, + { + "name": "walk", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "static": [ + { + "dynamic": { + "type": "any" + }, + "type": "array" + }, + { + "type": "any" + } + ], + "type": "array" + }, + "type": "function" + }, + "relation": true + }, + { + "name": "yaml.is_valid", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "boolean" + }, + "type": "function" + } + }, + { + "name": "yaml.marshal", + "decl": { + "args": [ + { + "type": "any" + } + ], + "result": { + "type": "string" + }, + "type": "function" + } + }, + { + "name": "yaml.unmarshal", + "decl": { + "args": [ + { + "type": "string" + } + ], + "result": { + "type": "any" + }, + "type": "function" + } + } + ], + "wasm_abi_versions": [ + { + "version": 1, + "minor_version": 1 + }, + { + "version": 1, + "minor_version": 2 + } + ], + "features": [ + "keywords_in_refs", + "rego_v1", + "template_strings" + ] +} diff --git a/vendor/github.com/open-policy-agent/opa/v1/version/version.go b/vendor/github.com/open-policy-agent/opa/v1/version/version.go index a5e82132b4..7e71b3b7a9 100644 --- a/vendor/github.com/open-policy-agent/opa/v1/version/version.go +++ b/vendor/github.com/open-policy-agent/opa/v1/version/version.go @@ -10,7 +10,7 @@ import ( "runtime/debug" ) -var Version = "1.15.1" +var Version = "1.15.2" // GoVersion is the version of Go this was built with var GoVersion = runtime.Version() diff --git a/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml b/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml index b98dba1ba1..ce687ce5af 100644 --- a/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml +++ b/vendor/github.com/opencontainers/cgroups/.golangci-extra.yml @@ -19,3 +19,11 @@ linters: - -QF1008 # https://staticcheck.dev/docs/checks/#QF1008 Omit embedded fields from selector expression. exclusions: generated: strict + rules: + # Legacy names we can't change without breaking compatibility. + - path: stats.go + text: "(type|struct field) (CpuUsage|CpuStats) should be " + - path: config_linux.go + text: "struct field (CpuShares|CpuQuota|CpuBurst|CpuPeriod|CpuRtRuntime|CpuRtPeriod|CpuWeight) should be " + - path: devices/config/device.go + text: "struct field (Uid|Gid) should be " diff --git a/vendor/github.com/opencontainers/cgroups/CODEOWNERS b/vendor/github.com/opencontainers/cgroups/CODEOWNERS index 7201e35ac9..255c5d40e4 100644 --- a/vendor/github.com/opencontainers/cgroups/CODEOWNERS +++ b/vendor/github.com/opencontainers/cgroups/CODEOWNERS @@ -1 +1 @@ -* @maintainer1 @maintainer2 @maintainer3 +* @opencontainers/cgroups-maintainers diff --git a/vendor/github.com/opencontainers/cgroups/cgroups.go b/vendor/github.com/opencontainers/cgroups/cgroups.go index 5a97bd36b7..35c4e25442 100644 --- a/vendor/github.com/opencontainers/cgroups/cgroups.go +++ b/vendor/github.com/opencontainers/cgroups/cgroups.go @@ -44,6 +44,9 @@ type Manager interface { // GetStats returns cgroups statistics. GetStats() (*Stats, error) + // Stats returns statistics for specified controllers. + Stats(opts *StatsOptions) (*Stats, error) + // Freeze sets the freezer cgroup to the specified state. Freeze(state FreezerState) error diff --git a/vendor/github.com/opencontainers/cgroups/config_linux.go b/vendor/github.com/opencontainers/cgroups/config_linux.go index 3d29d938bf..8b5e5058a9 100644 --- a/vendor/github.com/opencontainers/cgroups/config_linux.go +++ b/vendor/github.com/opencontainers/cgroups/config_linux.go @@ -16,23 +16,23 @@ const ( // Cgroup holds properties of a cgroup on Linux. type Cgroup struct { // Name specifies the name of the cgroup - Name string `json:"name,omitempty"` + Name string `json:"name,omitzero"` // Parent specifies the name of parent of cgroup or slice - Parent string `json:"parent,omitempty"` + Parent string `json:"parent,omitzero"` // Path specifies the path to cgroups that are created and/or joined by the container. // The path is assumed to be relative to the host system cgroup mountpoint. - Path string `json:"path,omitempty"` + Path string `json:"path,omitzero"` // ScopePrefix describes prefix for the scope name. - ScopePrefix string `json:"scope_prefix,omitempty"` + ScopePrefix string `json:"scope_prefix,omitzero"` // Resources contains various cgroups settings to apply. *Resources // Systemd tells if systemd should be used to manage cgroups. - Systemd bool `json:"Systemd,omitempty"` + Systemd bool `json:"Systemd,omitzero"` // SystemdProps are any additional properties for systemd, // derived from org.systemd.property.xxx annotations. @@ -40,108 +40,108 @@ type Cgroup struct { SystemdProps []systemdDbus.Property `json:"-"` // Rootless tells if rootless cgroups should be used. - Rootless bool `json:"Rootless,omitempty"` + Rootless bool `json:"Rootless,omitzero"` // The host UID that should own the cgroup, or nil to accept // the default ownership. This should only be set when the // cgroupfs is to be mounted read/write. // Not all cgroup manager implementations support changing // the ownership. - OwnerUID *int `json:"owner_uid,omitempty"` + OwnerUID *int `json:"owner_uid,omitzero"` } type Resources struct { // Devices is the set of access rules for devices in the container. - Devices []*devices.Rule `json:"devices,omitempty"` + Devices []*devices.Rule `json:"devices,omitzero"` // Memory limit (in bytes). - Memory int64 `json:"memory,omitempty"` + Memory int64 `json:"memory,omitzero"` // Memory reservation or soft_limit (in bytes). - MemoryReservation int64 `json:"memory_reservation,omitempty"` + MemoryReservation int64 `json:"memory_reservation,omitzero"` // Total memory usage (memory+swap); use -1 for unlimited swap. - MemorySwap int64 `json:"memory_swap,omitempty"` + MemorySwap int64 `json:"memory_swap,omitzero"` // CPU shares (relative weight vs. other containers). - CpuShares uint64 `json:"cpu_shares,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuShares should be CPUShares". + CpuShares uint64 `json:"cpu_shares,omitzero"` // CPU hardcap limit (in usecs). Allowed cpu time in a given period. - CpuQuota int64 `json:"cpu_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota". + CpuQuota int64 `json:"cpu_quota,omitzero"` // CPU hardcap burst limit (in usecs). Allowed accumulated cpu time additionally for burst in a given period. - CpuBurst *uint64 `json:"cpu_burst,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuBurst should be CPUBurst". + CpuBurst *uint64 `json:"cpu_burst,omitzero"` // CPU period to be used for hardcapping (in usecs). 0 to use system default. - CpuPeriod uint64 `json:"cpu_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuPeriod should be CPUPeriod". + CpuPeriod uint64 `json:"cpu_period,omitzero"` // How many time CPU will use in realtime scheduling (in usecs). - CpuRtRuntime int64 `json:"cpu_rt_quota,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuRtRuntime should be CPURtRuntime". + CpuRtRuntime int64 `json:"cpu_rt_quota,omitzero"` // CPU period to be used for realtime scheduling (in usecs). - CpuRtPeriod uint64 `json:"cpu_rt_period,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuQuota should be CPUQuota". + CpuRtPeriod uint64 `json:"cpu_rt_period,omitzero"` // Cpuset CPUs to use. - CpusetCpus string `json:"cpuset_cpus,omitempty"` + CpusetCpus string `json:"cpuset_cpus,omitzero"` // Cpuset memory nodes to use. - CpusetMems string `json:"cpuset_mems,omitempty"` + CpusetMems string `json:"cpuset_mems,omitzero"` // Cgroup's SCHED_IDLE value. - CPUIdle *int64 `json:"cpu_idle,omitempty"` + CPUIdle *int64 `json:"cpu_idle,omitzero"` // Process limit; set < `0' to disable limit. `nil` means "keep current limit". - PidsLimit *int64 `json:"pids_limit,omitempty"` + PidsLimit *int64 `json:"pids_limit,omitzero"` // Specifies per cgroup weight, range is from 10 to 1000. - BlkioWeight uint16 `json:"blkio_weight,omitempty"` + BlkioWeight uint16 `json:"blkio_weight,omitzero"` // Tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only. - BlkioLeafWeight uint16 `json:"blkio_leaf_weight,omitempty"` + BlkioLeafWeight uint16 `json:"blkio_leaf_weight,omitzero"` // Weight per cgroup per device, can override BlkioWeight. - BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device,omitempty"` + BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device,omitzero"` // IO read rate limit per cgroup per device, bytes per second. - BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device,omitempty"` + BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device,omitzero"` // IO write rate limit per cgroup per device, bytes per second. - BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device,omitempty"` + BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device,omitzero"` // IO read rate limit per cgroup per device, IO per second. - BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device,omitempty"` + BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device,omitzero"` // IO write rate limit per cgroup per device, IO per second. - BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device,omitempty"` + BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device,omitzero"` // Freeze value for the process. - Freezer FreezerState `json:"freezer,omitempty"` + Freezer FreezerState `json:"freezer,omitzero"` // Hugetlb limit (in bytes). - HugetlbLimit []*HugepageLimit `json:"hugetlb_limit,omitempty"` + HugetlbLimit []*HugepageLimit `json:"hugetlb_limit,omitzero"` // Whether to disable OOM killer. - OomKillDisable bool `json:"oom_kill_disable,omitempty"` + OomKillDisable bool `json:"oom_kill_disable,omitzero"` // Tuning swappiness behaviour per cgroup. - MemorySwappiness *uint64 `json:"memory_swappiness,omitempty"` + MemorySwappiness *uint64 `json:"memory_swappiness,omitzero"` // Set priority of network traffic for container. - NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap,omitempty"` + NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap,omitzero"` // Set class identifier for container's network packets. - NetClsClassid uint32 `json:"net_cls_classid_u,omitempty"` + NetClsClassid uint32 `json:"net_cls_classid_u,omitzero"` // Rdma resource restriction configuration. - Rdma map[string]LinuxRdma `json:"rdma,omitempty"` + Rdma map[string]LinuxRdma `json:"rdma,omitzero"` // Used on cgroups v2: // CpuWeight sets a proportional bandwidth limit. - CpuWeight uint64 `json:"cpu_weight,omitempty"` //nolint:revive // Suppress "var-naming: struct field CpuWeight should be CPUWeight". + CpuWeight uint64 `json:"cpu_weight,omitzero"` // Unified is cgroupv2-only key-value map. - Unified map[string]string `json:"unified,omitempty"` + Unified map[string]string `json:"unified,omitzero"` // SkipDevices allows to skip configuring device permissions. // Used by e.g. kubelet while creating a parent cgroup (kubepods) @@ -165,5 +165,5 @@ type Resources struct { // MemoryCheckBeforeUpdate is a flag for cgroup v2 managers to check // if the new memory limits (Memory and MemorySwap) being set are lower // than the current memory usage, and reject if so. - MemoryCheckBeforeUpdate bool `json:"memory_check_before_update,omitempty"` + MemoryCheckBeforeUpdate bool `json:"memory_check_before_update,omitzero"` } diff --git a/vendor/github.com/opencontainers/cgroups/config_rdma.go b/vendor/github.com/opencontainers/cgroups/config_rdma.go index a0bd54f04f..a5c4adab76 100644 --- a/vendor/github.com/opencontainers/cgroups/config_rdma.go +++ b/vendor/github.com/opencontainers/cgroups/config_rdma.go @@ -3,7 +3,7 @@ package cgroups // LinuxRdma for Linux cgroup 'rdma' resource management (Linux 4.11) type LinuxRdma struct { // Maximum number of HCA handles that can be opened. Default is "no limit". - HcaHandles *uint32 `json:"hca_handles,omitempty"` + HcaHandles *uint32 `json:"hca_handles,omitzero"` // Maximum number of HCA objects that can be created. Default is "no limit". - HcaObjects *uint32 `json:"hca_objects,omitempty"` + HcaObjects *uint32 `json:"hca_objects,omitzero"` } diff --git a/vendor/github.com/opencontainers/cgroups/devices/config/device.go b/vendor/github.com/opencontainers/cgroups/devices/config/device.go index 295575cbfa..b36a3e818b 100644 --- a/vendor/github.com/opencontainers/cgroups/devices/config/device.go +++ b/vendor/github.com/opencontainers/cgroups/devices/config/device.go @@ -20,10 +20,10 @@ type Device struct { FileMode os.FileMode `json:"file_mode"` // Uid of the device. - Uid uint32 `json:"uid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Uid should be UID". + Uid uint32 `json:"uid,omitzero"` // Gid of the device. - Gid uint32 `json:"gid,omitempty"` //nolint:revive // Suppress "var-naming: struct field Gid should be GID". + Gid uint32 `json:"gid,omitzero"` } // Permissions is a cgroupv1-style string to represent device access. It diff --git a/vendor/github.com/opencontainers/cgroups/stats.go b/vendor/github.com/opencontainers/cgroups/stats.go index 01701333ab..d7654ffd1e 100644 --- a/vendor/github.com/opencontainers/cgroups/stats.go +++ b/vendor/github.com/opencontainers/cgroups/stats.go @@ -2,19 +2,19 @@ package cgroups type ThrottlingData struct { // Number of periods with throttling active - Periods uint64 `json:"periods,omitempty"` + Periods uint64 `json:"periods,omitzero"` // Number of periods when the container hit its throttling limit. - ThrottledPeriods uint64 `json:"throttled_periods,omitempty"` + ThrottledPeriods uint64 `json:"throttled_periods,omitzero"` // Aggregate time the container was throttled for in nanoseconds. - ThrottledTime uint64 `json:"throttled_time,omitempty"` + ThrottledTime uint64 `json:"throttled_time,omitzero"` } type BurstData struct { // Number of periods bandwidth burst occurs - BurstsPeriods uint64 `json:"bursts_periods,omitempty"` + BurstsPeriods uint64 `json:"bursts_periods,omitzero"` // Cumulative wall-time that any cpus has used above quota in respective periods // Units: nanoseconds. - BurstTime uint64 `json:"burst_time,omitempty"` + BurstTime uint64 `json:"burst_time,omitzero"` } // CpuUsage denotes the usage of a CPU. @@ -22,10 +22,10 @@ type BurstData struct { type CpuUsage struct { // Total CPU time consumed. // Units: nanoseconds. - TotalUsage uint64 `json:"total_usage,omitempty"` + TotalUsage uint64 `json:"total_usage,omitzero"` // Total CPU time consumed per core. // Units: nanoseconds. - PercpuUsage []uint64 `json:"percpu_usage,omitempty"` + PercpuUsage []uint64 `json:"percpu_usage,omitzero"` // CPU time consumed per core in kernel mode // Units: nanoseconds. PercpuUsageInKernelmode []uint64 `json:"percpu_usage_in_kernelmode"` @@ -48,26 +48,26 @@ type PSIData struct { } type PSIStats struct { - Some PSIData `json:"some,omitempty"` - Full PSIData `json:"full,omitempty"` + Some PSIData `json:"some,omitzero"` + Full PSIData `json:"full,omitzero"` } type CpuStats struct { - CpuUsage CpuUsage `json:"cpu_usage,omitempty"` - ThrottlingData ThrottlingData `json:"throttling_data,omitempty"` - PSI *PSIStats `json:"psi,omitempty"` - BurstData BurstData `json:"burst_data,omitempty"` + CpuUsage CpuUsage `json:"cpu_usage,omitzero"` + ThrottlingData ThrottlingData `json:"throttling_data,omitzero"` + PSI *PSIStats `json:"psi,omitzero"` + BurstData BurstData `json:"burst_data,omitzero"` } type CPUSetStats struct { // List of the physical numbers of the CPUs on which processes // in that cpuset are allowed to execute - CPUs []uint16 `json:"cpus,omitempty"` + CPUs []uint16 `json:"cpus,omitzero"` // cpu_exclusive flag CPUExclusive uint64 `json:"cpu_exclusive"` // List of memory nodes on which processes in that cpuset // are allowed to allocate memory - Mems []uint16 `json:"mems,omitempty"` + Mems []uint16 `json:"mems,omitzero"` // mem_hardwall flag MemHardwall uint64 `json:"mem_hardwall"` // mem_exclusive flag @@ -87,122 +87,122 @@ type CPUSetStats struct { } type MemoryData struct { - Usage uint64 `json:"usage,omitempty"` - MaxUsage uint64 `json:"max_usage,omitempty"` + Usage uint64 `json:"usage,omitzero"` + MaxUsage uint64 `json:"max_usage,omitzero"` Failcnt uint64 `json:"failcnt"` Limit uint64 `json:"limit"` } type MemoryStats struct { // memory used for cache - Cache uint64 `json:"cache,omitempty"` + Cache uint64 `json:"cache,omitzero"` // usage of memory - Usage MemoryData `json:"usage,omitempty"` + Usage MemoryData `json:"usage,omitzero"` // usage of memory + swap - SwapUsage MemoryData `json:"swap_usage,omitempty"` + SwapUsage MemoryData `json:"swap_usage,omitzero"` // usage of swap only - SwapOnlyUsage MemoryData `json:"swap_only_usage,omitempty"` + SwapOnlyUsage MemoryData `json:"swap_only_usage,omitzero"` // usage of kernel memory - KernelUsage MemoryData `json:"kernel_usage,omitempty"` + KernelUsage MemoryData `json:"kernel_usage,omitzero"` // usage of kernel TCP memory - KernelTCPUsage MemoryData `json:"kernel_tcp_usage,omitempty"` + KernelTCPUsage MemoryData `json:"kernel_tcp_usage,omitzero"` // usage of memory pages by NUMA node // see chapter 5.6 of memory controller documentation - PageUsageByNUMA PageUsageByNUMA `json:"page_usage_by_numa,omitempty"` + PageUsageByNUMA PageUsageByNUMA `json:"page_usage_by_numa,omitzero"` // if true, memory usage is accounted for throughout a hierarchy of cgroups. UseHierarchy bool `json:"use_hierarchy"` - Stats map[string]uint64 `json:"stats,omitempty"` - PSI *PSIStats `json:"psi,omitempty"` + Stats map[string]uint64 `json:"stats,omitzero"` + PSI *PSIStats `json:"psi,omitzero"` } type PageUsageByNUMA struct { // Embedding is used as types can't be recursive. PageUsageByNUMAInner - Hierarchical PageUsageByNUMAInner `json:"hierarchical,omitempty"` + Hierarchical PageUsageByNUMAInner `json:"hierarchical,omitzero"` } type PageUsageByNUMAInner struct { - Total PageStats `json:"total,omitempty"` - File PageStats `json:"file,omitempty"` - Anon PageStats `json:"anon,omitempty"` - Unevictable PageStats `json:"unevictable,omitempty"` + Total PageStats `json:"total,omitzero"` + File PageStats `json:"file,omitzero"` + Anon PageStats `json:"anon,omitzero"` + Unevictable PageStats `json:"unevictable,omitzero"` } type PageStats struct { - Total uint64 `json:"total,omitempty"` - Nodes map[uint8]uint64 `json:"nodes,omitempty"` + Total uint64 `json:"total,omitzero"` + Nodes map[uint8]uint64 `json:"nodes,omitzero"` } type PidsStats struct { // number of pids in the cgroup - Current uint64 `json:"current,omitempty"` + Current uint64 `json:"current,omitzero"` // active pids hard limit - Limit uint64 `json:"limit,omitempty"` + Limit uint64 `json:"limit,omitzero"` } type BlkioStatEntry struct { - Major uint64 `json:"major,omitempty"` - Minor uint64 `json:"minor,omitempty"` - Op string `json:"op,omitempty"` - Value uint64 `json:"value,omitempty"` + Major uint64 `json:"major,omitzero"` + Minor uint64 `json:"minor,omitzero"` + Op string `json:"op,omitzero"` + Value uint64 `json:"value,omitzero"` } type BlkioStats struct { // number of bytes transferred to and from the block device - IoServiceBytesRecursive []BlkioStatEntry `json:"io_service_bytes_recursive,omitempty"` - IoServicedRecursive []BlkioStatEntry `json:"io_serviced_recursive,omitempty"` - IoQueuedRecursive []BlkioStatEntry `json:"io_queue_recursive,omitempty"` - IoServiceTimeRecursive []BlkioStatEntry `json:"io_service_time_recursive,omitempty"` - IoWaitTimeRecursive []BlkioStatEntry `json:"io_wait_time_recursive,omitempty"` - IoMergedRecursive []BlkioStatEntry `json:"io_merged_recursive,omitempty"` - IoTimeRecursive []BlkioStatEntry `json:"io_time_recursive,omitempty"` - SectorsRecursive []BlkioStatEntry `json:"sectors_recursive,omitempty"` - PSI *PSIStats `json:"psi,omitempty"` - IoCostUsage []BlkioStatEntry `json:"io_cost_usage,omitempty"` - IoCostWait []BlkioStatEntry `json:"io_cost_wait,omitempty"` - IoCostIndebt []BlkioStatEntry `json:"io_cost_indebt,omitempty"` - IoCostIndelay []BlkioStatEntry `json:"io_cost_indelay,omitempty"` + IoServiceBytesRecursive []BlkioStatEntry `json:"io_service_bytes_recursive,omitzero"` + IoServicedRecursive []BlkioStatEntry `json:"io_serviced_recursive,omitzero"` + IoQueuedRecursive []BlkioStatEntry `json:"io_queue_recursive,omitzero"` + IoServiceTimeRecursive []BlkioStatEntry `json:"io_service_time_recursive,omitzero"` + IoWaitTimeRecursive []BlkioStatEntry `json:"io_wait_time_recursive,omitzero"` + IoMergedRecursive []BlkioStatEntry `json:"io_merged_recursive,omitzero"` + IoTimeRecursive []BlkioStatEntry `json:"io_time_recursive,omitzero"` + SectorsRecursive []BlkioStatEntry `json:"sectors_recursive,omitzero"` + PSI *PSIStats `json:"psi,omitzero"` + IoCostUsage []BlkioStatEntry `json:"io_cost_usage,omitzero"` + IoCostWait []BlkioStatEntry `json:"io_cost_wait,omitzero"` + IoCostIndebt []BlkioStatEntry `json:"io_cost_indebt,omitzero"` + IoCostIndelay []BlkioStatEntry `json:"io_cost_indelay,omitzero"` } type HugetlbStats struct { // current res_counter usage for hugetlb - Usage uint64 `json:"usage,omitempty"` + Usage uint64 `json:"usage,omitzero"` // maximum usage ever recorded. - MaxUsage uint64 `json:"max_usage,omitempty"` + MaxUsage uint64 `json:"max_usage,omitzero"` // number of times hugetlb usage allocation failure. Failcnt uint64 `json:"failcnt"` } type RdmaEntry struct { - Device string `json:"device,omitempty"` - HcaHandles uint32 `json:"hca_handles,omitempty"` - HcaObjects uint32 `json:"hca_objects,omitempty"` + Device string `json:"device,omitzero"` + HcaHandles uint32 `json:"hca_handles,omitzero"` + HcaObjects uint32 `json:"hca_objects,omitzero"` } type RdmaStats struct { - RdmaLimit []RdmaEntry `json:"rdma_limit,omitempty"` - RdmaCurrent []RdmaEntry `json:"rdma_current,omitempty"` + RdmaLimit []RdmaEntry `json:"rdma_limit,omitzero"` + RdmaCurrent []RdmaEntry `json:"rdma_current,omitzero"` } type MiscStats struct { // current resource usage for a key in misc - Usage uint64 `json:"usage,omitempty"` + Usage uint64 `json:"usage,omitzero"` // number of times the resource usage was about to go over the max boundary - Events uint64 `json:"events,omitempty"` + Events uint64 `json:"events,omitzero"` } type Stats struct { - CpuStats CpuStats `json:"cpu_stats,omitempty"` - CPUSetStats CPUSetStats `json:"cpuset_stats,omitempty"` - MemoryStats MemoryStats `json:"memory_stats,omitempty"` - PidsStats PidsStats `json:"pids_stats,omitempty"` - BlkioStats BlkioStats `json:"blkio_stats,omitempty"` + CpuStats CpuStats `json:"cpu_stats,omitzero"` + CPUSetStats CPUSetStats `json:"cpuset_stats,omitzero"` + MemoryStats MemoryStats `json:"memory_stats,omitzero"` + PidsStats PidsStats `json:"pids_stats,omitzero"` + BlkioStats BlkioStats `json:"blkio_stats,omitzero"` // the map is in the format "size of hugepage: stats of the hugepage" - HugetlbStats map[string]HugetlbStats `json:"hugetlb_stats,omitempty"` - RdmaStats RdmaStats `json:"rdma_stats,omitempty"` + HugetlbStats map[string]HugetlbStats `json:"hugetlb_stats,omitzero"` + RdmaStats RdmaStats `json:"rdma_stats,omitzero"` // the map is in the format "misc resource name: stats of the key" - MiscStats map[string]MiscStats `json:"misc_stats,omitempty"` + MiscStats map[string]MiscStats `json:"misc_stats,omitzero"` } func NewStats() *Stats { @@ -211,3 +211,29 @@ func NewStats() *Stats { miscStats := make(map[string]MiscStats) return &Stats{MemoryStats: memoryStats, HugetlbStats: hugetlbStats, MiscStats: miscStats} } + +// Controller represents a cgroup controller type for stats collection. +type Controller int + +// Controller types for cgroup stats collection. +const ( + CPU Controller = 1 << iota + Memory + Pids + IO + HugeTLB + RDMA + Misc + CPUSet // v1 only +) + +// AllControllers is a bitmask of all available controllers. +const AllControllers = CPU | Memory | Pids | IO | HugeTLB | RDMA | Misc | CPUSet + +// StatsOptions specifies which controllers to retrieve statistics for. +type StatsOptions struct { + // Controllers is a bitmask of Controller values. + // If 0, all available controllers are queried (default behavior). + // Use Controller constants like: CPU | Memory | Pids + Controllers Controller +} diff --git a/vendor/github.com/opencontainers/cgroups/utils.go b/vendor/github.com/opencontainers/cgroups/utils.go index 95b3310ab6..469475cc8a 100644 --- a/vendor/github.com/opencontainers/cgroups/utils.go +++ b/vendor/github.com/opencontainers/cgroups/utils.go @@ -207,7 +207,7 @@ func parseCgroupFromReader(r io.Reader) (map[string]string, error) { return nil, fmt.Errorf("invalid cgroup entry: must contain at least two colons: %v", text) } - for _, subs := range strings.Split(parts[1], ",") { + for subs := range strings.SplitSeq(parts[1], ",") { cgroups[subs] = parts[2] } } diff --git a/vendor/github.com/opencontainers/cgroups/v1_utils.go b/vendor/github.com/opencontainers/cgroups/v1_utils.go index 19b8af1344..11025b2ed0 100644 --- a/vendor/github.com/opencontainers/cgroups/v1_utils.go +++ b/vendor/github.com/opencontainers/cgroups/v1_utils.go @@ -170,7 +170,7 @@ func getCgroupMountsHelper(ss map[string]bool, mounts []*mountinfo.Info, all boo Mountpoint: mi.Mountpoint, Root: mi.Root, } - for _, opt := range strings.Split(mi.VFSOptions, ",") { + for opt := range strings.SplitSeq(mi.VFSOptions, ",") { seen, known := ss[opt] if !known || (!all && seen) { continue diff --git a/vendor/github.com/opencontainers/runc/internal/pathrs/mkdirall.go b/vendor/github.com/opencontainers/runc/internal/pathrs/mkdirall.go index 3a896f4841..31cc08579e 100644 --- a/vendor/github.com/opencontainers/runc/internal/pathrs/mkdirall.go +++ b/vendor/github.com/opencontainers/runc/internal/pathrs/mkdirall.go @@ -24,6 +24,14 @@ import ( "path/filepath" ) +func splitPath(path string) (dirPath, filename string, err error) { + dirPath, filename = filepath.Split(path) + if filepath.Join("/", filename) == "/" { + return "", "", fmt.Errorf("root subpath %q has bad trailing component %q", path, filename) + } + return dirPath, filename, nil +} + // MkdirAllParentInRoot is like [MkdirAllInRoot] except that it only creates // the parent directory of the target path, returning the trailing component so // the caller has more flexibility around constructing the final inode. @@ -31,19 +39,19 @@ import ( // Callers need to be very careful operating on the trailing path, as trivial // mistakes like following symlinks can cause security bugs. Most people // should probably just use [MkdirAllInRoot] or [CreateInRoot]. -func MkdirAllParentInRoot(root, unsafePath string, mode os.FileMode) (*os.File, string, error) { +func MkdirAllParentInRoot(root *os.File, unsafePath string, mode os.FileMode) (*os.File, string, error) { // MkdirAllInRoot also does hallucinateUnsafePath, but we need to do it // here first because when we split unsafePath into (dir, file) components // we want to be doing so with the hallucinated path (so that trailing // dangling symlinks are treated correctly). - unsafePath, err := hallucinateUnsafePath(root, unsafePath) + unsafePath, err := hallucinateUnsafePath(root.Name(), unsafePath) if err != nil { return nil, "", fmt.Errorf("failed to construct hallucinated target path: %w", err) } - dirPath, filename := filepath.Split(unsafePath) - if filepath.Join("/", filename) == "/" { - return nil, "", fmt.Errorf("create parent dir in root subpath %q has bad trailing component %q", unsafePath, filename) + dirPath, filename, err := splitPath(unsafePath) + if err != nil { + return nil, "", fmt.Errorf("split path %q for mkdir parent: %w", unsafePath, err) } dirFd, err := MkdirAllInRoot(root, dirPath, mode) diff --git a/vendor/github.com/opencontainers/runc/internal/pathrs/mkdirall_pathrslite.go b/vendor/github.com/opencontainers/runc/internal/pathrs/mkdirall_pathrslite.go index c2578e051f..0a6f25ebdc 100644 --- a/vendor/github.com/opencontainers/runc/internal/pathrs/mkdirall_pathrslite.go +++ b/vendor/github.com/opencontainers/runc/internal/pathrs/mkdirall_pathrslite.go @@ -24,12 +24,11 @@ import ( "github.com/cyphar/filepath-securejoin/pathrs-lite" "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" ) // MkdirAllInRoot attempts to make // -// path, _ := securejoin.SecureJoin(root, unsafePath) +// path, _ := securejoin.SecureJoin(root.Name(), unsafePath) // os.MkdirAll(path, mode) // os.Open(path) // @@ -48,8 +47,8 @@ import ( // handling if unsafePath has already been scoped within the rootfs (this is // needed for a lot of runc callers and fixing this would require reworking a // lot of path logic). -func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) (*os.File, error) { - unsafePath, err := hallucinateUnsafePath(root, unsafePath) +func MkdirAllInRoot(root *os.File, unsafePath string, mode os.FileMode) (*os.File, error) { + unsafePath, err := hallucinateUnsafePath(root.Name(), unsafePath) if err != nil { return nil, fmt.Errorf("failed to construct hallucinated target path: %w", err) } @@ -67,13 +66,7 @@ func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) (*os.File, error) mode &= 0o1777 } - rootDir, err := os.OpenFile(root, unix.O_DIRECTORY|unix.O_CLOEXEC, 0) - if err != nil { - return nil, fmt.Errorf("open root handle: %w", err) - } - defer rootDir.Close() - return retryEAGAIN(func() (*os.File, error) { - return pathrs.MkdirAllHandle(rootDir, unsafePath, mode) + return pathrs.MkdirAllHandle(root, unsafePath, mode) }) } diff --git a/vendor/github.com/opencontainers/runc/internal/pathrs/root_pathrslite.go b/vendor/github.com/opencontainers/runc/internal/pathrs/root_pathrslite.go index 51db77440d..fc5114a856 100644 --- a/vendor/github.com/opencontainers/runc/internal/pathrs/root_pathrslite.go +++ b/vendor/github.com/opencontainers/runc/internal/pathrs/root_pathrslite.go @@ -19,7 +19,9 @@ package pathrs import ( + "fmt" "os" + "path/filepath" "github.com/cyphar/filepath-securejoin/pathrs-lite" "golang.org/x/sys/unix" @@ -28,11 +30,11 @@ import ( ) // OpenInRoot opens the given path inside the root with the provided flags. It -// is effectively shorthand for [securejoin.OpenInRoot] followed by +// is effectively shorthand for [securejoin.OpenatInRoot] followed by // [securejoin.Reopen]. -func OpenInRoot(root, subpath string, flags int) (*os.File, error) { +func OpenInRoot(root *os.File, subpath string, flags int) (*os.File, error) { handle, err := retryEAGAIN(func() (*os.File, error) { - return pathrs.OpenInRoot(root, subpath) + return pathrs.OpenatInRoot(root, subpath) }) if err != nil { return nil, err @@ -47,7 +49,7 @@ func OpenInRoot(root, subpath string, flags int) (*os.File, error) { // open(O_CREAT|O_NOFOLLOW) semantics. If you want the creation to use O_EXCL, // include it in the passed flags. The fileMode argument uses unix.* mode bits, // *not* os.FileMode. -func CreateInRoot(root, subpath string, flags int, fileMode uint32) (*os.File, error) { +func CreateInRoot(root *os.File, subpath string, flags int, fileMode uint32) (*os.File, error) { dirFd, filename, err := MkdirAllParentInRoot(root, subpath, 0o755) if err != nil { return nil, err @@ -63,5 +65,48 @@ func CreateInRoot(root, subpath string, flags int, fileMode uint32) (*os.File, e if err != nil { return nil, err } - return os.NewFile(uintptr(fd), root+"/"+subpath), nil + return os.NewFile(uintptr(fd), root.Name()+"/"+subpath), nil +} + +// UnlinkInRoot deletes the inode specified at the given subpath. If you pass +// [unix.AT_REMOVEDIR] it will remove directories, otherwise it will remove +// non-directory inodes. +func UnlinkInRoot(root *os.File, subpath string, flags int) error { + dirPath, filename, err := splitPath(subpath) + if err != nil { + return fmt.Errorf("split path %q for unlink: %w", subpath, err) + } + + dirFd := root + if filepath.Join("/", dirPath) != "/" { + newDirFd, err := OpenInRoot(root, dirPath, unix.O_DIRECTORY|unix.O_PATH) + if err != nil { + return fmt.Errorf("failed to open parent directory %q for unlink: %w", dirPath, err) + } + dirFd = newDirFd + defer dirFd.Close() + } + + err = unix.Unlinkat(int(dirFd.Fd()), filename, flags) + if err != nil { + err = &os.PathError{Op: "unlinkat", Path: dirFd.Name() + "/" + filename, Err: err} + } + return err +} + +// SymlinkInRoot creates a symlink inside a root with the given target (as well +// as creating any missing parent directories). If the subpath already exists, +// an error is returned. +func SymlinkInRoot(linktarget string, root *os.File, subpath string) error { + dirFd, filename, err := MkdirAllParentInRoot(root, subpath, 0o755) + if err != nil { + return err + } + defer dirFd.Close() + + err = unix.Symlinkat(linktarget, int(dirFd.Fd()), filename) + if err != nil { + err = &os.PathError{Op: "symlinkat", Path: dirFd.Name() + "/" + filename, Err: err} + } + return err } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_deprecated.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_deprecated.go deleted file mode 100644 index 7836b240ab..0000000000 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_deprecated.go +++ /dev/null @@ -1,29 +0,0 @@ -package configs - -import "github.com/opencontainers/cgroups" - -// Deprecated: use [github.com/opencontainers/cgroups]. -type ( - Cgroup = cgroups.Cgroup - Resources = cgroups.Resources - FreezerState = cgroups.FreezerState - LinuxRdma = cgroups.LinuxRdma - BlockIODevice = cgroups.BlockIODevice - WeightDevice = cgroups.WeightDevice - ThrottleDevice = cgroups.ThrottleDevice - HugepageLimit = cgroups.HugepageLimit - IfPrioMap = cgroups.IfPrioMap -) - -// Deprecated: use [github.com/opencontainers/cgroups]. -const ( - Undefined = cgroups.Undefined - Frozen = cgroups.Frozen - Thawed = cgroups.Thawed -) - -// Deprecated: use [github.com/opencontainers/cgroups]. -var ( - NewWeightDevice = cgroups.NewWeightDevice - NewThrottleDevice = cgroups.NewThrottleDevice -) diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go index 6141c018fb..b8f2321c24 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/config.go @@ -466,17 +466,6 @@ type Capabilities struct { Ambient []string `json:"Ambient,omitempty"` } -// Deprecated: use [Hooks.Run] instead. -func (hooks HookList) RunHooks(state *specs.State) error { - for i, h := range hooks { - if err := h.Run(state); err != nil { - return fmt.Errorf("error running hook #%d: %w", i, err) - } - } - - return nil -} - func (hooks *Hooks) UnmarshalJSON(b []byte) error { var state map[HookName][]CommandHook diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/config_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/config_linux.go index e401f5331b..0e58bdc15d 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/config_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/config_linux.go @@ -26,67 +26,67 @@ type LinuxPersonality struct { // HostUID gets the translated uid for the process on host which could be // different when user namespaces are enabled. -func (c Config) HostUID(containerId int) (int, error) { +func (c *Config) HostUID(containerID int) (int, error) { if c.Namespaces.Contains(NEWUSER) { if len(c.UIDMappings) == 0 { return -1, errNoUIDMap } - id, found := c.hostIDFromMapping(int64(containerId), c.UIDMappings) + id, found := c.hostIDFromMapping(int64(containerID), c.UIDMappings) if !found { - return -1, fmt.Errorf("user namespaces enabled, but no mapping found for uid %d", containerId) + return -1, fmt.Errorf("user namespaces enabled, but no mapping found for uid %d", containerID) } // If we are a 32-bit binary running on a 64-bit system, it's possible // the mapped user is too large to store in an int, which means we // cannot do the mapping. We can't just return an int64, because // os.Setuid() takes an int. if id > math.MaxInt { - return -1, fmt.Errorf("mapping for uid %d (host id %d) is larger than native integer size (%d)", containerId, id, math.MaxInt) + return -1, fmt.Errorf("mapping for uid %d (host id %d) is larger than native integer size (%d)", containerID, id, math.MaxInt) } return int(id), nil } // Return unchanged id. - return containerId, nil + return containerID, nil } // HostRootUID gets the root uid for the process on host which could be non-zero // when user namespaces are enabled. -func (c Config) HostRootUID() (int, error) { +func (c *Config) HostRootUID() (int, error) { return c.HostUID(0) } // HostGID gets the translated gid for the process on host which could be // different when user namespaces are enabled. -func (c Config) HostGID(containerId int) (int, error) { +func (c *Config) HostGID(containerID int) (int, error) { if c.Namespaces.Contains(NEWUSER) { if len(c.GIDMappings) == 0 { return -1, errNoGIDMap } - id, found := c.hostIDFromMapping(int64(containerId), c.GIDMappings) + id, found := c.hostIDFromMapping(int64(containerID), c.GIDMappings) if !found { - return -1, fmt.Errorf("user namespaces enabled, but no mapping found for gid %d", containerId) + return -1, fmt.Errorf("user namespaces enabled, but no mapping found for gid %d", containerID) } // If we are a 32-bit binary running on a 64-bit system, it's possible // the mapped user is too large to store in an int, which means we // cannot do the mapping. We can't just return an int64, because // os.Setgid() takes an int. if id > math.MaxInt { - return -1, fmt.Errorf("mapping for gid %d (host id %d) is larger than native integer size (%d)", containerId, id, math.MaxInt) + return -1, fmt.Errorf("mapping for gid %d (host id %d) is larger than native integer size (%d)", containerID, id, math.MaxInt) } return int(id), nil } // Return unchanged id. - return containerId, nil + return containerID, nil } // HostRootGID gets the root gid for the process on host which could be non-zero // when user namespaces are enabled. -func (c Config) HostRootGID() (int, error) { +func (c *Config) HostRootGID() (int, error) { return c.HostGID(0) } // Utility function that gets a host ID for a container ID from user namespace map // if that ID is present in the map. -func (c Config) hostIDFromMapping(containerID int64, uMap []IDMap) (int64, bool) { +func (c *Config) hostIDFromMapping(containerID int64, uMap []IDMap) (int64, bool) { for _, m := range uMap { if (containerID >= m.ContainerID) && (containerID <= (m.ContainerID + m.Size - 1)) { hostID := m.HostID + (containerID - m.ContainerID) diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/memorypolicy.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/memorypolicy.go index b7b9c6bce1..81bff0d10e 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/memorypolicy.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/memorypolicy.go @@ -2,25 +2,6 @@ package configs import "golang.org/x/sys/unix" -// Memory policy modes and flags as defined in /usr/include/linux/mempolicy.h -// -// Deprecated: use constants from [unix] instead. -// -//nolint:revive,staticcheck,nolintlint // ignore ALL_CAPS errors in consts from numaif.h, will match unix.* in the future -const ( - MPOL_DEFAULT = unix.MPOL_DEFAULT - MPOL_PREFERRED = unix.MPOL_PREFERRED - MPOL_BIND = unix.MPOL_BIND - MPOL_INTERLEAVE = unix.MPOL_INTERLEAVE - MPOL_LOCAL = unix.MPOL_LOCAL - MPOL_PREFERRED_MANY = unix.MPOL_PREFERRED_MANY - MPOL_WEIGHTED_INTERLEAVE = unix.MPOL_WEIGHTED_INTERLEAVE - - MPOL_F_STATIC_NODES = unix.MPOL_F_STATIC_NODES - MPOL_F_RELATIVE_NODES = unix.MPOL_F_RELATIVE_NODES - MPOL_F_NUMA_BALANCING = unix.MPOL_F_NUMA_BALANCING -) - // LinuxMemoryPolicy contains memory policy configuration. type LinuxMemoryPolicy struct { // Mode specifies memory policy mode without mode flags. See diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/mount_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/mount_linux.go index 87b18bac3d..6db1b3918f 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/mount_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/mount_linux.go @@ -43,8 +43,10 @@ type Mount struct { // Mount data applied to the mount. Data string `json:"data,omitempty"` - // Relabel source if set, "z" indicates shared, "Z" indicates unshared. - Relabel string `json:"relabel,omitempty"` + // Relabel field is ignored. + // + // Deprecated: do not use. This field will be removed in runc 1.7. + Relabel string `json:"-"` // RecAttr represents mount properties to be applied recursively (AT_RECURSIVE), see mount_setattr(2). RecAttr *unix.MountAttr `json:"rec_attr,omitempty"` diff --git a/vendor/github.com/opencontainers/runc/libcontainer/internal/userns/doc.go b/vendor/github.com/opencontainers/runc/libcontainer/internal/userns/doc.go new file mode 100644 index 0000000000..431d65cd5a --- /dev/null +++ b/vendor/github.com/opencontainers/runc/libcontainer/internal/userns/doc.go @@ -0,0 +1,2 @@ +// Package userns provides helpers for interacting with Linux user namespaces. +package userns diff --git a/vendor/github.com/opencontainers/runc/libcontainer/internal/userns/usernsfd_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/internal/userns/usernsfd_linux.go index a1151a3fb3..35ac373cd4 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/internal/userns/usernsfd_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/internal/userns/usernsfd_linux.go @@ -41,10 +41,11 @@ func (m Mapping) toSys() (uids, gids []syscall.SysProcIDMap) { // the uid and gid mappings (because the order doesn't matter to the kernel). // The set of userns handles is indexed using this ID. func (m Mapping) id() string { - var uids, gids []string + uids := make([]string, 0, len(m.UIDMappings)) for _, idmap := range m.UIDMappings { uids = append(uids, fmt.Sprintf("%d:%d:%d", idmap.ContainerID, idmap.HostID, idmap.Size)) } + gids := make([]string, 0, len(m.GIDMappings)) for _, idmap := range m.GIDMappings { gids = append(gids, fmt.Sprintf("%d:%d:%d", idmap.ContainerID, idmap.HostID, idmap.Size)) } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/config.go b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/config.go index 476f51d588..5c08b4ef62 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/config.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/config.go @@ -109,6 +109,7 @@ var flags = []string{ flagTsync, string(specs.LinuxSeccompFlagSpecAllow), string(specs.LinuxSeccompFlagLog), + string(specs.LinuxSeccompFlagWaitKillableRecv), } // KnownFlags returns the list of the known filter flags. diff --git a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/doc.go b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/doc.go new file mode 100644 index 0000000000..4e71750a3f --- /dev/null +++ b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/doc.go @@ -0,0 +1,3 @@ +// Package seccomp provides runc-specific helpers for loading and managing +// seccomp profiles. +package seccomp diff --git a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/doc.go b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/doc.go new file mode 100644 index 0000000000..f2bf6e69fa --- /dev/null +++ b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/doc.go @@ -0,0 +1,3 @@ +// Package patchbpf provides utilities for patching libseccomp-generated cBPF +// programs in order to handle unknown syscalls and ENOSYS more gracefully. +package patchbpf diff --git a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/enosys_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/enosys_linux.go index 035d0c0d83..b9a0be8c8f 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/enosys_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/patchbpf/enosys_linux.go @@ -51,6 +51,11 @@ const uintptr_t C_FILTER_FLAG_SPEC_ALLOW = SECCOMP_FILTER_FLAG_SPEC_ALLOW; #endif const uintptr_t C_FILTER_FLAG_NEW_LISTENER = SECCOMP_FILTER_FLAG_NEW_LISTENER; +#ifndef SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV +# define SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (1UL << 5) +#endif +const uintptr_t C_FILTER_FLAG_WAIT_KILLABLE_RECV = SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV; + #ifndef AUDIT_ARCH_RISCV64 #ifndef EM_RISCV #define EM_RISCV 243 @@ -667,6 +672,13 @@ func filterFlags(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (flags flags |= uint(C.C_FILTER_FLAG_SPEC_ALLOW) } } + if apiLevel >= 7 { + if waitKill, err := filter.GetWaitKill(); err != nil { + return 0, false, fmt.Errorf("unable to fetch SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV bit: %w", err) + } else if waitKill { + flags |= uint(C.C_FILTER_FLAG_WAIT_KILLABLE_RECV) + } + } // XXX: add newly supported filter flags above this line. for _, call := range config.Syscalls { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_linux.go index e399972aa5..7b3805b50b 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/seccomp/seccomp_linux.go @@ -159,6 +159,11 @@ func setFlag(filter *libseccomp.ScmpFilter, flag specs.LinuxSeccompFlag) error { return fmt.Errorf("error adding SSB flag to seccomp filter: %w", err) } return nil + case specs.LinuxSeccompFlagWaitKillableRecv: + if err := filter.SetWaitKill(true); err != nil { + return fmt.Errorf("error adding WaitKill flag to seccomp filter: %w", err) + } + return nil } // NOTE when adding more flags above, do not forget to also: // - add new flags to `flags` slice in config.go; diff --git a/vendor/github.com/openshift/api/config/v1/doc.go b/vendor/github.com/openshift/api/config/v1/doc.go index f994547583..867a4f43f9 100644 --- a/vendor/github.com/openshift/api/config/v1/doc.go +++ b/vendor/github.com/openshift/api/config/v1/doc.go @@ -1,6 +1,7 @@ // +k8s:deepcopy-gen=package,register // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +k8s:openapi-model-package=com.github.openshift.api.config.v1 // +openshift:featuregated-schema-gen=true // +kubebuilder:validation:Optional diff --git a/vendor/github.com/openshift/api/config/v1/register.go b/vendor/github.com/openshift/api/config/v1/register.go index 222c7f0cc7..1f27d821ab 100644 --- a/vendor/github.com/openshift/api/config/v1/register.go +++ b/vendor/github.com/openshift/api/config/v1/register.go @@ -78,6 +78,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ClusterImagePolicyList{}, &InsightsDataGather{}, &InsightsDataGatherList{}, + &CRIOCredentialProviderConfig{}, + &CRIOCredentialProviderConfigList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index b8a4399dbc..7de714ebfb 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -209,7 +209,7 @@ type APIServerNamedServingCert struct { } // APIServerEncryption is used to encrypt sensitive resources on the cluster. -// +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryptionProvider,rule="has(self.type) && self.type == 'KMS' ? has(self.kms) : !has(self.kms)",message="kms config is required when encryption type is KMS, and forbidden otherwise" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=KMSEncryption,rule="has(self.type) && self.type == 'KMS' ? has(self.kms) : !has(self.kms)",message="kms config is required when encryption type is KMS, and forbidden otherwise" // +union type APIServerEncryption struct { // type defines what encryption type should be used to encrypt resources at the datastore layer. @@ -238,14 +238,13 @@ type APIServerEncryption struct { // managing the lifecyle of the encryption keys outside of the control plane. // This allows integration with an external provider to manage the data encryption keys securely. // - // +openshift:enable:FeatureGate=KMSEncryptionProvider + // +openshift:enable:FeatureGate=KMSEncryption // +unionMember // +optional - KMS *KMSConfig `json:"kms,omitempty"` + KMS KMSPluginConfig `json:"kms,omitempty,omitzero"` } // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum="";identity;aescbc;aesgcm -// +openshift:validation:FeatureGateAwareEnum:featureGate=KMSEncryptionProvider,enum="";identity;aescbc;aesgcm;KMS // +openshift:validation:FeatureGateAwareEnum:featureGate=KMSEncryption,enum="";identity;aescbc;aesgcm;KMS type EncryptionType string diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 75e57c3709..348ee04010 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -5,7 +5,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC;ExternalOIDCWithUIDAndExtraClaimMappings;ExternalOIDCWithUpstreamParity,rule="!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))",message="all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC;ExternalOIDCWithUIDAndExtraClaimMappings;ExternalOIDCWithUpstreamParity;ExternalOIDCExternalClaimsSourcing,rule="!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))",message="all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" // Authentication specifies cluster-wide settings for authentication (like OAuth and // webhook token authenticators). The canonical name of an instance is `cluster`. @@ -91,6 +91,7 @@ type AuthenticationSpec struct { // +openshift:enable:FeatureGate=ExternalOIDC // +openshift:enable:FeatureGate=ExternalOIDCWithUIDAndExtraClaimMappings // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity + // +openshift:enable:FeatureGate=ExternalOIDCExternalClaimsSourcing // +optional OIDCProviders []OIDCProvider `json:"oidcProviders,omitempty"` } @@ -245,6 +246,36 @@ type OIDCProvider struct { // +optional // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity UserValidationRules []TokenUserValidationRule `json:"userValidationRules,omitempty"` + + // externalClaimsSources is an optional field that can be used to configure + // sources, external to the token provided in a request, in which claims + // should be fetched from and made available to the claim mapping process + // that is used to build the identity of a token holder. + // + // For example, fetching additional user metadata from an OIDC provider's UserInfo endpoint. + // + // When not specified, only claims present in the token itself will be available + // in the claim mapping process. + // + // When specified, at least one external claim source must be specified and no more than 5 + // sources may be specified. + // All external claim sources must have unique claim mappings. + // When an external source responds and resolves additional claims successfully, they will + // be made available as claims during the claim mapping process. + // Externally sourced claims with the same name as a claim existing within the token will + // overwrite the claim data from the token with the externally sourced information. + // If an external source does not respond, responds with an error, or the additional + // claim data cannot be resolved from the response successfully it will not be + // included in the claim data passed to the claim mapping process. + // + // +openshift:enable:FeatureGate=ExternalOIDCExternalClaimsSourcing + // + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:XValidation:rule="self.all(s, s.mappings.all(m, self.filter(s2, s2.mappings.exists(m2, m2.name == m.name)).size() == 1))",message="mapping names must be unique across all external claim sources." + // +listType=atomic + ExternalClaimsSources []ExternalClaimsSource `json:"externalClaimsSources,omitempty"` } // +kubebuilder:validation:MinLength=1 @@ -683,7 +714,7 @@ type UsernameClaimMapping struct { // +enum type UsernamePrefixPolicy string -var ( +const ( // NoOpinion let's the cluster assign prefixes. If the username claim is email, there is no prefix // If the username claim is anything else, it is prefixed by the issuerURL NoOpinion UsernamePrefixPolicy = "" @@ -735,10 +766,10 @@ type TokenValidationRuleType string const ( // TokenValidationRuleTypeRequiredClaim indicates that the token must contain a specific claim. // Used as a value for TokenValidationRuleType. - TokenValidationRuleTypeRequiredClaim = "RequiredClaim" + TokenValidationRuleTypeRequiredClaim TokenValidationRuleType = "RequiredClaim" // TokenValidationRuleTypeCEL indicates that the token validation is defined via a CEL expression. // Used as a value for TokenValidationRuleType. - TokenValidationRuleTypeCEL = "CEL" + TokenValidationRuleTypeCEL TokenValidationRuleType = "CEL" ) // TokenClaimValidationRule represents a validation rule based on token claims. @@ -831,3 +862,355 @@ type TokenUserValidationRule struct { // +kubebuilder:validation:MaxLength=256 Message string `json:"message,omitempty"` } + +// ExternalClaimsSource provides the configuration for a single external claim source. +type ExternalClaimsSource struct { + // authentication is an optional field that configures how the apiserver authenticates with an external claims source. + // When not specified, anonymous authentication is used which means no 'Authorization' header + // is sent in the HTTP request to fetch the external claims. + // + // +optional + Authentication ExternalSourceAuthentication `json:"authentication,omitzero"` + + // tls is an optional field that configures the http client TLS + // settings when fetching external claims from this source. + // + // When omitted, system default TLS settings will be used + // for fetching claims from the external source. + // + // +optional + TLS ExternalSourceTLS `json:"tls,omitzero"` + + // url is a required configuration of the URL + // for which the external claims are located. + // + // +required + URL SourceURL `json:"url,omitzero"` + + // mappings is a required list of the claim + // and response handling expression pairs + // that produces the claims from the external source. + // mappings must have at least 1 entry and must not exceed 16 entries. + // Entries must have a unique name across all external claim sources. + // + // +required + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + Mappings []SourcedClaimMapping `json:"mappings,omitempty"` + + // predicates is an optional list of constraints in + // which claims should attempt to be fetched from this + // external source. + // + // When omitted, claims are always fetched + // from this external source. + // + // When specified, all predicates must evaluate to 'true' + // before claims are attempted to be fetched from this external source. + // predicates must have at least 1 entry and must not exceed 16 entries. + // Entries must have unique expressions. + // + // +optional + // +listType=map + // +listMapKey=expression + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + Predicates []ExternalSourcePredicate `json:"predicates,omitempty"` +} + +// ExternalSourceAuthenticationType is the type of authentication that should be used +// when fetching claims from an external source. +// +// +enum +// +kubebuilder:validation:Enum=RequestProvidedToken;ClientCredential +type ExternalSourceAuthenticationType string + +const ( + // ExternalSourceAuthenticationTypeRequestProvidedToken is an ExternalSourceAuthenticationType + // that represents that the token being evaluated for authentication + // should be used for authenticating with the external claims source. + // This is useful for scenarios where a token has multiple audiences + // and scopes so that it can be used to access both the cluster and + // the UserInfo endpoint that contains additional information about the + // user not present in the token. + ExternalSourceAuthenticationTypeRequestProvidedToken ExternalSourceAuthenticationType = "RequestProvidedToken" + + // ExternalSourceAuthenticationTypeClientCredential is an ExternalSourceAuthenticationType + // that represents that the authenticator should use the OAuth2 + // client credentials grant flow to obtain an access token for + // authenticating with the external claims source. + // This is useful for scenarios such as fetching user information + // from Microsoft's Graph API where a separate client credential + // is needed to access the API. + ExternalSourceAuthenticationTypeClientCredential ExternalSourceAuthenticationType = "ClientCredential" +) + +// ExternalSourceAuthentication configures how the apiserver should attempt +// to authenticate with an external claims source. +// +// +kubebuilder:validation:XValidation:rule="self.type == 'ClientCredential' ? has(self.clientCredential) : !has(self.clientCredential)",message="clientCredential is required when type is ClientCredential, and forbidden otherwise" +type ExternalSourceAuthentication struct { + // type is a required field that sets the type of + // authentication method used by the authenticator + // when fetching external claims. + // + // Allowed values are 'RequestProvidedToken' and 'ClientCredential'. + // + // When set to 'RequestProvidedToken', the authenticator will + // use the token provided to the kube-apiserver as part of the + // request to authenticate with the external claims source. + // + // When set to 'ClientCredential', the authenticator will + // use the configured client-id, client-secret, and token endpoint + // to fetch an access token using the OAuth2 client credentials grant + // flow. The fetched access token will then be used to authenticate + // with the external claims source. + // + // +required + Type ExternalSourceAuthenticationType `json:"type,omitempty"` + + // clientCredential configures the client credentials + // and token endpoint to use to get an access token. + // clientCredential is required when type is 'ClientCredential', and forbidden otherwise. + // + // +optional + ClientCredential ClientCredentialConfig `json:"clientCredential,omitzero"` +} + +// ExternalSourceTLS configures the TLS options that the apiserver uses as a client +// when making a request to the external claim source. +type ExternalSourceTLS struct { + // certificateAuthority is a required reference to a ConfigMap in the openshift-config + // namespace that contains the CA certificate to use to validate TLS connections with the external claims source. + // The key "ca-bundle.crt" must be present in the referenced ConfigMap and must contain the CA certificate to be used + // to verify the external source's TLS certificate. + // + // +required + CertificateAuthority ExternalSourceCertificateAuthorityConfigMapReference `json:"certificateAuthority,omitzero"` +} + +// ClientCredentialConfig configures the client credentials and token endpoint +// to use to get an access token via the OAuth2 client credentials grant flow. +type ClientCredentialConfig struct { + // clientID is a required client identifier to use during the OAuth2 client credentials flow. + // clientID must be at least 1 character in length, must not exceed 256 characters in length, + // and must only contain printable ASCII characters. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:XValidation:rule="self.matches('^[[:print:]]+$')",message="clientID must only contain printable ASCII characters" + ClientID string `json:"clientID,omitempty"` + + // clientSecret is a required reference to a Secret in the openshift-config namespace to be used + // as the client secret during the OAuth2 client credentials flow. + // + // The key 'client-secret' is used to locate the client secret data in the Secret. + // + // +required + ClientSecret ClientSecretSecretReference `json:"clientSecret,omitzero"` + + // tokenEndpoint is a required URL to query for an access token using + // the client credential OAuth2 flow. + // tokenEndpoint must be at least 1 character in length and must not exceed 2048 characters in length. + // tokenEndpoint must be a valid HTTPS URL. + // tokenEndpoint must have a host and a path. + // tokenEndpoint must not contain query parameters, fragments, + // or user information (e.g., "user:password@host"). + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="tokenEndpoint must be a valid HTTPS url" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getScheme() == 'https'",message="tokenEndpoint must be a valid HTTPS url" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getHost() != ''",message="tokenEndpoint must have a hostname" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getEscapedPath() != ''",message="tokenEndpoint must have a path" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getQuery() == {}",message="tokenEndpoint must not have query parameters" + // +kubebuilder:validation:XValidation:rule="isURL(self) && self.find('#(.+)$') == ''",message="tokenEndpoint must not have a fragment" + // +kubebuilder:validation:XValidation:rule="isURL(self) && !self.matches('^https://[^/]+@.+$')",message="tokenEndpoint must not have user info" + TokenEndpoint string `json:"tokenEndpoint,omitempty"` + + // scopes is an optional list of OAuth2 scopes to request when obtaining + // an access token. + // + // If not specified, the token endpoint's default scopes + // will be used. + // + // When specified, there must be at least 1 entry and must not exceed 16 entries. + // Each entry must be at least 1 character in length and must not exceed 256 characters in length. + // Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes. + // Entries must be unique. + // + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + // +listType=set + Scopes []OAuth2Scope `json:"scopes,omitempty"` + + // tls is an optional field that allows configuring the TLS + // settings used to interact with the identity provider + // as an OAuth2 client. + // + // When omitted, system default TLS settings will be used + // for the OAuth2 client. + // + // +optional + TLS ExternalSourceTLS `json:"tls,omitzero"` +} + +// OAuth2Scope is a string alias that represents an OAuth2 Scope as defined by https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.4 +// Must be at least 1 character in length, must not exceed 256 characters in length and must only contain printable ASCII characters, excluding spaces, double quotes and backslashes. +// +// +kubebuilder:validation:XValidation:rule="self.matches('^[!#-[\\\\]-~]+$')",message="scopes must only contain printable ASCII characters excluding spaces, double quotes and backslashes" +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=256 +type OAuth2Scope string + +// SourceURL configures the options used to build the URL that is queried for external claims. +type SourceURL struct { + // hostname is a required hostname for which the external claims are located. + // + // It must be a valid DNS subdomain name as per RFC1123. + // + // This means that it must start and end with a lowercase alphanumeric character, + // must only consist of lowercase alphanumeric characters, '-', and '.'. + // hostname may optionally specify a port in the format ':{port}'. + // If a port is specified it must not exceed 65535. + // + // hostname must be at least 1 character in length. + // When specifying a port, hostname must not exceed 259 characters in length. + // When not specifying a port, hostname must not exceed 253 characters in length. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=259 + // +kubebuilder:validation:XValidation:rule="isURL('https://'+self)",message="hostname must be a valid hostname" + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self.split(':')[0]).hasValue()",message="hostname before port must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'" + // +kubebuilder:validation:XValidation:rule="self.split(':').size() > 1 ? int(self.split(':')[1]) <= 65535 : true",message="port must not exceed 65535" + Hostname string `json:"hostname,omitempty"` + + // pathExpression is a required CEL expression that returns a list + // of string values used to construct the URL path. + // Claims from the token used for the request to the kube-apiserver + // are made available via the `claims` variable. + // expression must be at least 1 character in length and must not exceed 1024 characters in length. + // + // Values in the returned list will be joined with the hostname using a forward slash + // (`/`) as a separator. Values in the returned list do not need to include the forward slash. + // If a forward slash is included in a returned value, it will be encoded as `%2F`. + // + // Example of a static path configuration: + // + // pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo'] + // + // The above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo' + // + // Example of a dynamic path configuration: + // + // pathExpression: "['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']" + // + // Assuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups' + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + PathExpression string `json:"pathExpression,omitempty"` +} + +// SourcedClaimMapping configures the mapping behavior for a single external claim +// from the response the apiserver received from the external claim source. +type SourcedClaimMapping struct { + // name is a required name of the claim that + // will be produced and made available during + // the claim-to-identity mapping process. + // name must consist of only lowercase alpha characters and underscores ('_'). + // name must be at least 1 character and must not exceed 256 characters in length. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-z_]+$')",message="name must consist of only lowercase alpha characters and underscores" + Name string `json:"name,omitempty"` + + // expression is a required CEL expression that + // will produce a value to be assigned to the claim. + // The full response body from the request to the + // external claim source is provided via the + // `response.body` variable. + // + // The contents of the `response.body` variable varies based on the response received + // from the external source. It is the responsibility of those configuring + // this expression to understand what is returned from the external source. + // + // expression must be at least 1 character and must not exceed 1024 characters in length. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Expression string `json:"expression,omitempty"` +} + +// ExternalSourcePredicate configures a singular condition +// that must return true before the external source is queried +// to retrieve external claims. +type ExternalSourcePredicate struct { + // expression is a required CEL expression that + // is used to determine whether or not an external + // source should be used to fetch external claims. + // + // The expression must return a boolean value, + // where true means that the source should be consulted + // and false means that it should not. + // + // Claims from the token used for the request to the kube-apiserver + // are made available via the `claims` variable. + // + // The contents of the `claims` variable varies based on the claims that are + // present in the token being validated. It is the responsibility of those configuring this + // field to understand what claims the identity provider includes when issuing tokens. + // + // expression must be at least 1 character and must not exceed 1024 characters in length. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Expression string `json:"expression,omitempty"` +} + +// ExternalSourceCertificateAuthorityConfigMapReference is a reference to a ConfigMap in the openshift-config +// namespace that should be used for configuring the certificate authority to be +// used when sourcing claims from external sources. +type ExternalSourceCertificateAuthorityConfigMapReference struct { + // name is the required name of the ConfigMap that exists in the openshift-config namespace. + // The key "ca-bundle.crt" must be present and must contain the CA certificate to be used + // to verify the external source's TLS certificate. + // + // It must be at least 1 character in length, must not exceed 253 characters in length, + // must start and end with a lowercase alphanumeric character, and must only contain + // lowercase alphanumeric characters, '-' or '.'. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'" + Name string `json:"name,omitempty"` +} + +// ClientSecretSecretReference is a reference to a Secret in the openshift-config +// namespace that should be used for configuring the client secret to be +// used when sourcing claims from external sources with the client credential authentication flow. +type ClientSecretSecretReference struct { + // name is the required name of the Secret that exists in the openshift-config namespace. + // + // It must be at least 1 character in length, must not exceed 253 characters in length, + // must start and end with a lowercase alphanumeric character, and must only contain + // lowercase alphanumeric characters, '-' or '.'. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'" + Name string `json:"name,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index 8323040389..e934e83550 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -160,8 +160,9 @@ const ( // is actively rolling out new code, propagating config changes (e.g, a version change), or otherwise // moving from one steady state to another. Operators should not report // Progressing when they are reconciling (without action) a previously known - // state. Operators should not report Progressing only because DaemonSets owned by them - // are adjusting to a new node from cluster scaleup or a node rebooting from cluster upgrade. + // state. Operators should not report Progressing only because resources owned by them, + // such as DaemonSets and Deployments, are adjusting to a new node from cluster scaleup + // or a node rebooting from cluster upgrade. // If the observed cluster state has changed and the component is // reacting to it (updated proxy configuration for instance), Progressing should become true // since it is moving from one steady state to another. diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index f8d45114a8..9cb85f4c00 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -18,7 +18,8 @@ import ( // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=clusterversions,scope=Cluster -// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability" +// +openshift:validation:FeatureGateAwareXValidation:featureGate="";CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability" +// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && 'ClusterAPI' in self.spec.capabilities.additionalEnabledCapabilities ? 'CompatibilityRequirements' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'CompatibilityRequirements' in self.status.capabilities.enabledCapabilities) : true",message="the `ClusterAPI` capability requires the `CompatibilityRequirements` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `CompatibilityRequirements` capability" // +kubebuilder:printcolumn:name=Version,JSONPath=.status.history[?(@.state=="Completed")].version,type=string // +kubebuilder:printcolumn:name=Available,JSONPath=.status.conditions[?(@.type=="Available")].status,type=string // +kubebuilder:printcolumn:name=Progressing,JSONPath=.status.conditions[?(@.type=="Progressing")].status,type=string @@ -304,7 +305,10 @@ const ( ) // ClusterVersionCapability enumerates optional, core cluster components. -// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1 +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1 +// +openshift:validation:FeatureGateAwareEnum:featureGate=CRDCompatibilityRequirementOperator,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements +// +openshift:validation:FeatureGateAwareEnum:featureGate=ClusterAPIMachineManagement,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements;ClusterAPI +// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements;ClusterAPI type ClusterVersionCapability string const ( @@ -425,6 +429,19 @@ const ( // Managers deployed on top of OpenShift. They help you to work with cloud // provider API and embeds cloud-specific control logic. ClusterVersionCapabilityCloudControllerManager ClusterVersionCapability = "CloudControllerManager" + + // ClusterVersionCapabilityCompatibilityRequirements manages the Compatibility + // Requirements operator which enforces CRD compatibility constraints via + // validating webhooks. + ClusterVersionCapabilityCompatibilityRequirements ClusterVersionCapability = "CompatibilityRequirements" + + // ClusterVersionCapabilityClusterAPI manages the Cluster API operator and + // controllers which provide forward-compatible machine management for + // OpenShift clusters. + // + // Note that Cluster API has a hard requirement on CompatibilityRequirements. + // CompatibilityRequirements cannot be disabled while Cluster API is enabled. + ClusterVersionCapabilityClusterAPI ClusterVersionCapability = "ClusterAPI" ) // KnownClusterVersionCapabilities includes all known optional, core cluster components. @@ -446,6 +463,8 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ ClusterVersionCapabilityCloudCredential, ClusterVersionCapabilityIngress, ClusterVersionCapabilityCloudControllerManager, + ClusterVersionCapabilityCompatibilityRequirements, + ClusterVersionCapabilityClusterAPI, } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. @@ -644,6 +663,8 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityCloudCredential, ClusterVersionCapabilityIngress, ClusterVersionCapabilityCloudControllerManager, + ClusterVersionCapabilityCompatibilityRequirements, + ClusterVersionCapabilityClusterAPI, }, } diff --git a/vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go b/vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go new file mode 100644 index 0000000000..3fe543aac8 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go @@ -0,0 +1,186 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is "cluster". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. +// For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. +// CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. +// Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout. +// +// The resource is a singleton named "cluster". +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=criocredentialproviderconfigs,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2725 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=CRIOCredentialProviderConfig +// +openshift:compatibility-gen:level=1 +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="criocredentialproviderconfig is a singleton, .metadata.name must be 'cluster'" +type CRIOCredentialProviderConfig struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitzero"` + + // spec defines the desired configuration of the CRI-O Credential Provider. + // This field is required and must be provided when creating the resource. + // +required + Spec *CRIOCredentialProviderConfigSpec `json:"spec,omitempty,omitzero"` + + // status represents the current state of the CRIOCredentialProviderConfig. + // When omitted or nil, it indicates that the status has not yet been set by the controller. + // The controller will populate this field with validation conditions and operational state. + // +optional + Status CRIOCredentialProviderConfigStatus `json:"status,omitzero,omitempty"` +} + +// CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider. +// +kubebuilder:validation:MinProperties=0 +type CRIOCredentialProviderConfigSpec struct { + // matchImages is a list of string patterns used to determine whether + // the CRI-O credential provider should be invoked for a given image. This list is + // passed to the kubelet CredentialProviderConfig, and if any pattern matches + // the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling + // that image or its mirrors. + // Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. + // Conflicts between the existing platform specific provider image match configuration and this list will be handled by + // the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those + // from the CRIOCredentialProviderConfig when both match the same image. + // To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with + // existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). + // You can check the resource's Status conditions + // to see if any entries were ignored due to exact matches with known built-in provider patterns. + // + // This field is optional, the items of the list must contain between 1 and 50 entries. + // The list is treated as a set, so duplicate entries are not allowed. + // + // For more details, see: + // https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ + // https://github.com/cri-o/crio-credential-provider#architecture + // + // Each entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. + // Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', + // and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). + // A global wildcard '*' (matching any domain) is not allowed. + // Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. + // For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. + // Each wildcard matches only a single domain label, + // so '*.io' does **not** match '*.k8s.io'. + // + // A match exists between an image and a matchImage when all of the below are true: + // Both contain the same number of domain parts and each part matches. + // The URL path of an matchImages must be a prefix of the target image URL path. + // If the matchImages contains a port, then the port must match in the image as well. + // + // Example values of matchImages: + // - 123456789.dkr.ecr.us-east-1.amazonaws.com + // - *.azurecr.io + // - gcr.io + // - *.*.registry.io + // - registry.io:8080/path + // + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:MinItems=1 + // +listType=set + // +optional + MatchImages []MatchImage `json:"matchImages,omitempty"` +} + +// MatchImage is a string pattern used to match container image registry addresses. +// It must be a valid fully qualified domain name with optional wildcard, port, and path. +// The maximum length is 512 characters. +// +// Wildcards ('*') are supported for full subdomain labels and top-level domains. +// Each entry can optionally contain a port (e.g., :8080) and a path (e.g., /path). +// Wildcards are not allowed in the port or path portions. +// +// Examples: +// - "registry.io" - matches exactly registry.io +// - "*.azurecr.io" - matches any single subdomain of azurecr.io +// - "registry.io:8080/path" - matches with specific port and path prefix +// +// +kubebuilder:validation:MaxLength=512 +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:XValidation:rule="self != '*'",message="global wildcard '*' is not allowed" +// +kubebuilder:validation:XValidation:rule=`self.matches('^((\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?)(\\.(\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?))*)(:[0-9]+)?(/[-a-z0-9._/]*)?$')`,message="invalid matchImages value, must be a valid fully qualified domain name in lowercase with optional wildcard, port, and path" +type MatchImage string + +// +k8s:deepcopy-gen=true +// CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig +// +kubebuilder:validation:MinProperties=1 +type CRIOCredentialProviderConfigStatus struct { + // conditions represent the latest available observations of the configuration state. + // When omitted, it indicates that no conditions have been reported yet. + // The maximum number of conditions is 16. + // Conditions are stored as a map keyed by condition type, ensuring uniqueness. + // + // Expected condition types include: + // "Validated": indicates whether the matchImages configuration is valid + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type CRIOCredentialProviderConfigList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []CRIOCredentialProviderConfig `json:"items"` +} + +const ( + // ConditionTypeValidated is a condition type that indicates whether the CRIOCredentialProviderConfig + // matchImages configuration has been validated successfully. + // When True, all matchImage patterns are valid and have been applied. + // When False, the configuration contains errors (see Reason for details). + // Possible reasons for False status: + // - ValidationFailed: matchImages contains invalid patterns + // - ConfigurationPartiallyApplied: some matchImage entries were ignored due to conflicts + ConditionTypeValidated = "Validated" + + // ReasonValidationFailed is a condition reason used with ConditionTypeValidated=False + // to indicate that the matchImages configuration contains one or more invalid registry patterns + // that do not conform to the required format (valid FQDN with optional wildcard, port, and path). + ReasonValidationFailed = "ValidationFailed" + + // ReasonConfigurationPartiallyApplied is a condition reason used with ConditionTypeValidated=False + // to indicate that some matchImage entries were ignored due to conflicts or overlapping patterns. + // The condition message will contain details about which entries were ignored and why. + ReasonConfigurationPartiallyApplied = "ConfigurationPartiallyApplied" + + // ConditionTypeMachineConfigRendered is a condition type that indicates whether + // the CRIOCredentialProviderConfig has been successfully rendered into a + // MachineConfig object. + // When True, the corresponding MachineConfig is present in the cluster. + // When False, rendering failed. + ConditionTypeMachineConfigRendered = "MachineConfigRendered" + + // ReasonMachineConfigRenderingSucceeded is a condition reason used with ConditionTypeMachineConfigRendered=True + // to indicate that the MachineConfig was successfully created/updated in the API server. + ReasonMachineConfigRenderingSucceeded = "MachineConfigRenderingSucceeded" + + // ReasonMachineConfigRenderingFailed is a condition reason used with ConditionTypeMachineConfigRendered=False + // to indicate that the MachineConfig creation/update failed. + // The condition message will contain details about the failure. + ReasonMachineConfigRenderingFailed = "MachineConfigRenderingFailed" +) diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 82f46c8b6c..96fa349a67 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -165,20 +165,50 @@ type RegistryLocation struct { // +kubebuilder:validation:XValidation:rule="has(self.blockedRegistries) ? !has(self.allowedRegistries) : true",message="Only one of blockedRegistries or allowedRegistries may be set" type RegistrySources struct { // insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. + // Each entry must be a valid registry scope in the format hostname[:port][/path], + // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com"). + // The hostname must consist of valid DNS labels separated by dots, where each label + // contains only alphanumeric characters and hyphens and does not start or end with a hyphen. + // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."), + // and must be at most 256 characters in length. The list may contain at most 1024 entries. // +optional // +listType=atomic + // +kubebuilder:validation:MaxItems=1024 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +kubebuilder:validation:items:XValidation:rule="self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')",message="each registry must be a valid hostname[:port][/path] or wildcard *.hostname format without tags or digests" InsecureRegistries []string `json:"insecureRegistries,omitempty"` // blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. + // Each entry must be a valid registry scope in the format hostname[:port][/path], + // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com"). + // The hostname must consist of valid DNS labels separated by dots, where each label + // contains only alphanumeric characters and hyphens and does not start or end with a hyphen. + // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."), + // and must be at most 256 characters in length. The list may contain at most 1024 entries. // // Only one of BlockedRegistries or AllowedRegistries may be set. // +optional // +listType=atomic + // +kubebuilder:validation:MaxItems=1024 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +kubebuilder:validation:items:XValidation:rule="self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')",message="each registry must be a valid hostname[:port][/path] or wildcard *.hostname format without tags or digests" BlockedRegistries []string `json:"blockedRegistries,omitempty"` // allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. + // Each entry must be a valid registry scope in the format hostname[:port][/path], + // optionally prefixed with "*." for wildcard subdomains (e.g., "*.example.com"). + // The hostname must consist of valid DNS labels separated by dots, where each label + // contains only alphanumeric characters and hyphens and does not start or end with a hyphen. + // Entries must not be empty, must not include tags (e.g., ":latest") or digests (e.g., "@sha256:..."), + // and must be at most 256 characters in length. The list may contain at most 1024 entries. // // Only one of BlockedRegistries or AllowedRegistries may be set. // +optional // +listType=atomic + // +kubebuilder:validation:MaxItems=1024 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +kubebuilder:validation:items:XValidation:rule="self.matches('^\\\\*(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\\\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')",message="each registry must be a valid hostname[:port][/path] or wildcard *.hostname format without tags or digests" AllowedRegistries []string `json:"allowedRegistries,omitempty"` // containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified // domains in their pull specs. Registries will be searched in the order provided in the list. diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 160f8fd4c0..e8aaa810f5 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -19,6 +19,7 @@ import ( // +kubebuilder:resource:path=infrastructures,scope=Cluster // +kubebuilder:subresource:status // +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true +// +openshift:validation:FeatureGateAwareXValidation:featureGate=MutableTopology,rule="!has(self.spec.controlPlaneTopology) || (has(oldSelf.spec.controlPlaneTopology) && self.spec.controlPlaneTopology == oldSelf.spec.controlPlaneTopology) || (has(self.status.controlPlaneTopology) && self.spec.controlPlaneTopology == self.status.controlPlaneTopology) || (has(self.status.controlPlaneTopology) && self.status.controlPlaneTopology == 'SingleReplica' && self.spec.controlPlaneTopology == 'HighlyAvailable')",message="spec.controlPlaneTopology must match status.controlPlaneTopology or be set to HighlyAvailable when status.controlPlaneTopology is SingleReplica" type Infrastructure struct { metav1.TypeMeta `json:",inline"` @@ -55,6 +56,21 @@ type InfrastructureSpec struct { // platformSpec holds desired information specific to the underlying // infrastructure provider. PlatformSpec PlatformSpec `json:"platformSpec,omitempty"` + + // controlPlaneTopology expresses the desired topology configuration for control nodes. + // + // When status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable', + // a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable. + // + // When left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value, + // no changes are required and no transitions will be triggered. + // + // This value may be set to match status.controlPlaneTopology regardless of the current value. + // + // +openshift:enable:FeatureGate=MutableTopology + // +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica + // +optional + ControlPlaneTopology TopologyMode `json:"controlPlaneTopology,omitempty"` } // InfrastructureStatus describes the infrastructure the cluster is leveraging. @@ -295,7 +311,8 @@ type ExternalPlatformSpec struct { // PlatformSpec holds the desired state specific to the underlying infrastructure provider // of the current cluster. Since these are used at spec-level for the underlying cluster, it // is supposed that only one of the spec structs is set. -// +kubebuilder:validation:XValidation:rule="!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters) < 2 : true",message="vcenters can have at most 1 item when configured post-install" +// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="!has(oldSelf.vsphere) && has(self.vsphere) ? (has(self.vsphere.vcenters) && size(self.vsphere.vcenters) < 2) : true",message="vcenters can have at most 1 item when configured post-install" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=VSphereMultiVCenterDay2,rule="oldSelf.?vsphere.vcenters.hasValue() ? self.?vsphere.vcenters.hasValue() : true",message="vcenters is required once set and cannot be removed" type PlatformSpec struct { // type is the underlying infrastructure provider for the cluster. This // value controls whether infrastructure automation such as service load @@ -787,7 +804,6 @@ type GCPPlatformStatus struct { // // +default={"dnsType": "PlatformDefault"} // +kubebuilder:default={"dnsType": "PlatformDefault"} - // +openshift:enable:FeatureGate=GCPClusterHostedDNSInstall // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` @@ -1642,21 +1658,24 @@ type VSpherePlatformNodeNetworking struct { // use these fields for configuration. // +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set" // +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set" -// +kubebuilder:validation:XValidation:rule="!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters) < 2 : true",message="vcenters can have at most 1 item when configured post-install" type VSpherePlatformSpec struct { // vcenters holds the connection details for services to communicate with vCenter. - // Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. + // Up to 3 vCenters are supported. // Once the cluster has been installed, you are unable to change the current number of defined - // vCenters except in the case where the cluster has been upgraded from a version of OpenShift - // where the vsphere platform spec was not present. You may make modifications to the existing + // vCenters except when 1.) the cluster has been upgraded from a version of OpenShift + // where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and + // remove vCenters but may not remove all vCenters. You may make modifications to the existing // vCenters that are defined in the vcenters list in order to match with any added or modified // failure domains. // --- // + If VCenters is not defined use the existing cloud-config configmap defined // + in openshift-config. - // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=3 - // +kubebuilder:validation:XValidation:rule="size(self) != size(oldSelf) ? size(oldSelf) == 0 && size(self) < 2 : true",message="vcenters cannot be added or removed once set" + // +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="size(self) != size(oldSelf) ? size(oldSelf) == 0 && size(self) < 2 : true",message="vcenters cannot be added or removed once set" + // +openshift:validation:FeatureGateAwareXValidation:featureGate=VSphereMultiVCenterDay2,rule="size(self) >= size(oldSelf) ? oldSelf.all(x, self.exists(y, y.server == x.server)) : true",message="Cannot add and remove vCenters at the same time" + // +openshift:validation:FeatureGateAwareXValidation:featureGate=VSphereMultiVCenterDay2,rule="size(self) < size(oldSelf) ? self.all(x, oldSelf.exists(y, y.server == x.server)) : true",message="Cannot add and remove vCenters at the same time" + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, y.server == x.server))",message="vcenters must have unique server values" // +listType=atomic // +optional VCenters []VSpherePlatformVCenterSpec `json:"vcenters,omitempty"` diff --git a/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go b/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go index 3293204fa4..6b58d9da49 100644 --- a/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go +++ b/vendor/github.com/openshift/api/config/v1/types_kmsencryption.go @@ -1,55 +1,261 @@ package v1 -// KMSConfig defines the configuration for the KMS instance -// that will be used with KMSEncryptionProvider encryption -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'AWS' ? has(self.aws) : !has(self.aws)",message="aws config is required when kms provider type is AWS, and forbidden otherwise" +// KMSPluginConfig defines the configuration for the KMS instance +// that will be used with KMS encryption +// +kubebuilder:validation:XValidation:rule="self.type == 'Vault' ? has(self.vault) : !has(self.vault)",message="vault config is required when kms provider type is Vault, and forbidden otherwise" // +union -type KMSConfig struct { +type KMSPluginConfig struct { // type defines the kind of platform for the KMS provider. - // Available provider types are AWS only. + // Allowed values are Vault. + // When set to Vault, the plugin connects to a HashiCorp Vault server for key management. // // +unionDiscriminator // +required Type KMSProviderType `json:"type"` - // aws defines the key config for using an AWS KMS instance - // for the encryption. The AWS KMS instance is managed + // vault defines the configuration for the Vault KMS plugin. + // The plugin connects to a Vault Enterprise server that is managed // by the user outside the purview of the control plane. + // This field must be set when type is Vault, and must be unset otherwise. // // +unionMember // +optional - AWS *AWSKMSConfig `json:"aws,omitempty"` + Vault VaultKMSPluginConfig `json:"vault,omitempty,omitzero"` + + // --- TOMBSTONE --- + // aws was a field that allowed configuring AWS KMS. + // It was never implemented and has been removed. + // The field name is reserved to prevent reuse. + // + // +optional + // AWS *AWSKMSConfig `json:"aws,omitempty"` } -// AWSKMSConfig defines the KMS config specific to AWS KMS provider -type AWSKMSConfig struct { - // keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. - // The value must adhere to the format `arn:aws:kms:::key/`, where: - // - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - // - `` is a 12-digit numeric identifier for the AWS account. - // - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens. +// --- TOMBSTONE --- +// AWSKMSConfig was a type for AWS KMS configuration that was never implemented. +// The type name is reserved to prevent reuse. +// +// type AWSKMSConfig struct { +// KeyARN string `json:"keyARN"` +// Region string `json:"region"` +// } + +// KMSProviderType is a specific supported KMS provider +// +kubebuilder:validation:Enum=Vault +type KMSProviderType string + +const ( + // VaultKMSProvider represents a supported KMS provider for use with HashiCorp Vault + VaultKMSProvider KMSProviderType = "Vault" + + // --- TOMBSTONE --- + // AWSKMSProvider was a constant for AWS KMS support that was never implemented. + // The constant name is reserved to prevent reuse. + // + // AWSKMSProvider KMSProviderType = "AWS" +) + +// VaultSecretReference references a secret in the openshift-config namespace. +type VaultSecretReference struct { + // name is the metadata.name of the referenced secret in the openshift-config namespace. + // The name must be a valid DNS subdomain name: it must contain no more than 253 characters, + // contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character. // - // +kubebuilder:validation:MaxLength=128 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="self.matches('^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9-]+$')",message="keyARN must follow the format `arn:aws:kms:::key/`. The account ID must be a 12 digit number and the region and key ID should consist only of lowercase hexadecimal characters and hyphens (-)." + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must be a valid DNS subdomain name: contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character" // +required - KeyARN string `json:"keyARN"` - // region specifies the AWS region where the KMS instance exists, and follows the format - // `--`, e.g.: `us-east-1`. - // Only lowercase letters and hyphens followed by numbers are allowed. + Name string `json:"name,omitempty"` +} + +// VaultConfigMapReference references a ConfigMap in the openshift-config namespace. +type VaultConfigMapReference struct { + // name is the metadata.name of the referenced ConfigMap in the openshift-config namespace. + // The name must be a valid DNS subdomain name: it must contain no more than 253 characters, + // contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character. // - // +kubebuilder:validation:MaxLength=64 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="self.matches('^[a-z0-9]+(-[a-z0-9]+)*$')",message="region must be a valid AWS region, consisting of lowercase characters, digits and hyphens (-) only." + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="name must be a valid DNS subdomain name: contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character" // +required - Region string `json:"region"` + Name string `json:"name,omitempty"` } -// KMSProviderType is a specific supported KMS provider -// +kubebuilder:validation:Enum=AWS -type KMSProviderType string +// VaultAuthentication defines the authentication method used to authenticate with Vault. +// +kubebuilder:validation:XValidation:rule="self.type == 'AppRole' ? has(self.appRole) : !has(self.appRole)",message="appRole config is required when authentication type is AppRole, and forbidden otherwise" +// +union +type VaultAuthentication struct { + // type defines the authentication method used to authenticate with Vault. + // Allowed values are AppRole. + // When set to AppRole, the plugin uses AppRole credentials to authenticate with Vault. + // + // +unionDiscriminator + // +required + Type VaultAuthenticationType `json:"type,omitempty"` + + // appRole defines the configuration for AppRole authentication. + // This field must be set when type is AppRole, and must be unset otherwise. + // + // +unionMember + // +optional + AppRole VaultAppRoleAuthentication `json:"appRole,omitzero"` +} + +// VaultAuthenticationType defines the authentication method type for Vault. +// +kubebuilder:validation:Enum=AppRole +type VaultAuthenticationType string const ( - // AWSKMSProvider represents a supported KMS provider for use with AWS KMS - AWSKMSProvider KMSProviderType = "AWS" + // VaultAuthenticationTypeAppRole represents AppRole authentication method. + VaultAuthenticationTypeAppRole VaultAuthenticationType = "AppRole" ) + +// VaultAppRoleAuthentication defines the configuration for AppRole authentication with Vault. +type VaultAppRoleAuthentication struct { + // secret references a secret in the openshift-config namespace containing + // the AppRole credentials used to authenticate with Vault. + // The referenced Secret must contain two keys: "role-id" for the AppRole Role ID and "secret-id" for the AppRole Secret ID. + // + // +required + Secret VaultSecretReference `json:"secret,omitzero"` +} + +// VaultKMSPluginConfig defines the KMS plugin configuration specific to Vault KMS +type VaultKMSPluginConfig struct { + // kmsPluginImage specifies the container image for the HashiCorp Vault KMS plugin. + // + // The image must be a fully qualified OCI image pull spec with a SHA256 digest. + // The format is: host[:port][/namespace]/name@sha256: + // where the digest must be 64 characters long and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The total length must be between 75 and 447 characters. + // + // Short names (e.g., "vault-plugin" or "hashicorp/vault-plugin") are not allowed. + // The registry hostname must be included and must contain at least one dot. + // Image tags (e.g., ":latest", ":v1.0.0") are not allowed. + // + // Consult the OpenShift documentation for compatible plugin versions with your cluster version, + // then obtain the image digest for that version from HashiCorp's container registry. + // + // For disconnected environments, mirror the plugin image to an accessible registry + // and reference the mirrored location with its digest. + // + // +kubebuilder:validation:MinLength=75 + // +kubebuilder:validation:MaxLength=447 + // +kubebuilder:validation:XValidation:rule=`(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))`,message="the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long" + // +kubebuilder:validation:XValidation:rule=`(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?(/[a-zA-Z0-9-_.]+)+$'))`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme. Short names are not allowed, the registry hostname must be included." + // +required + KMSPluginImage string `json:"kmsPluginImage,omitempty"` + + // vaultAddress specifies the address of the HashiCorp Vault instance. + // The value must be a valid HTTPS URL containing only scheme, host, and optional port. + // Paths, user info, query parameters, and fragments are not allowed. + // + // Format: https://hostname[:port] + // Example: https://vault.example.com:8200 + // + // The value must be between 1 and 512 characters. + // + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getScheme() == 'https'",message="must use the 'https' scheme" + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getEscapedPath() == '' || url(self).getEscapedPath() == '/')",message="must not contain a path" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getQuery() == {}",message="must not have a query" + // +kubebuilder:validation:XValidation:rule="self.find('#(.+)$') == ''",message="must not have a fragment" + // +kubebuilder:validation:XValidation:rule="self.find('@') == ''",message="must not have user info" + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:MinLength=1 + // +required + VaultAddress string `json:"vaultAddress,omitempty"` + + // vaultNamespace specifies the Vault namespace where the Transit secrets engine is mounted. + // This is only applicable for Vault Enterprise installations. + // When this field is not set, no namespace is used. + // + // The value must be between 1 and 4096 characters. + // The namespace cannot end with a forward slash, cannot contain spaces, and cannot be one of the reserved strings: root, sys, audit, auth, cubbyhole, or identity. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=4096 + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="vaultNamespace cannot end with a forward slash" + // +kubebuilder:validation:XValidation:rule="!self.contains(' ')",message="vaultNamespace cannot contain spaces" + // +kubebuilder:validation:XValidation:rule="!(self in ['root', 'sys', 'audit', 'auth', 'cubbyhole', 'identity'])",message="vaultNamespace cannot be a reserved string (root, sys, audit, auth, cubbyhole, identity)" + // +optional + VaultNamespace string `json:"vaultNamespace,omitempty"` + + // tls contains the TLS configuration for connecting to the Vault server. + // When this field is not set, system default TLS settings are used. + // +optional + TLS VaultTLSConfig `json:"tls,omitzero"` + + // authentication defines the authentication method used to authenticate with Vault. + // + // +required + Authentication VaultAuthentication `json:"authentication,omitzero"` + + // transitMount specifies the mount path of the Vault Transit engine. + // + // The transit mount must be between 1 and 1024 characters, cannot start or + // end with a forward slash, cannot contain consecutive forward slashes, and + // must only contain RFC 3986 unreserved characters (alphanumeric, hyphen, + // period, underscore, tilde) and forward slashes as path separators. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:XValidation:rule="!self.startsWith('/')",message="transitMount cannot start with a forward slash" + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="transitMount cannot end with a forward slash" + // +kubebuilder:validation:XValidation:rule="!self.contains('//')",message="transitMount cannot contain consecutive forward slashes" + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._~/-]+$')",message="transitMount must only contain RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward slashes" + // +required + TransitMount string `json:"transitMount,omitempty"` + + // transitKey specifies the name of the encryption key in Vault's Transit engine. + // This key is used to encrypt and decrypt data. + // + // The transit key must be between 1 and 512 characters, cannot contain forward slashes, + // and must only contain alphanumeric characters, hyphens, periods, and underscores. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:XValidation:rule="!self.contains('/')",message="transitKey cannot contain forward slashes" + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="transitKey must only contain alphanumeric characters, hyphens, periods, and underscores" + // +required + TransitKey string `json:"transitKey,omitempty"` +} + +// VaultTLSConfig contains TLS configuration for connecting to Vault. +// +kubebuilder:validation:MinProperties=1 +type VaultTLSConfig struct { + // caBundle references a ConfigMap in the openshift-config namespace containing + // the CA certificate bundle used to verify the TLS connection to the Vault server. + // The referenced ConfigMap must contain the CA bundle in the key "ca-bundle.crt". + // When this field is not set, the system's trusted CA certificates are used. + // + // The namespace for the ConfigMap is openshift-config. + // + // Example ConfigMap: + // apiVersion: v1 + // kind: ConfigMap + // metadata: + // name: vault-ca-bundle + // namespace: openshift-config + // data: + // ca-bundle.crt: | + // -----BEGIN CERTIFICATE----- + // ... + // -----END CERTIFICATE----- + // + // +optional + CABundle VaultConfigMapReference `json:"caBundle,omitzero"` + + // serverName specifies the Server Name Indication (SNI) to use when connecting to Vault via TLS. + // This is useful when the Vault server's hostname doesn't match its TLS certificate. + // When this field is not set, the hostname from vaultAddress is used for SNI. + // + // The value must be a valid DNS hostname: it must contain no more than 253 characters, + // contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character. + // + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="serverName must be a valid DNS hostname: contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character" + // +optional + ServerName string `json:"serverName,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index fb8ed2fff7..5e2eb93372 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -86,6 +86,13 @@ type NetworkSpec struct { // // +optional NetworkDiagnostics NetworkDiagnostics `json:"networkDiagnostics"` + + // networkObservability is an optional field that configures network observability installation + // during cluster deployment (day-0). + // When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken. + // +openshift:enable:FeatureGate=NetworkObservabilityInstall + // +optional + NetworkObservability NetworkObservabilitySpec `json:"networkObservability,omitempty,omitzero"` } // NetworkStatus is the current network configuration. @@ -304,3 +311,26 @@ type NetworkDiagnosticsTargetPlacement struct { // +listType=atomic Tolerations []corev1.Toleration `json:"tolerations"` } + +// NetworkObservabilityInstallationPolicy is an enumeration of the available network observability installation policies +// Valid values are "InstallAndEnable", "NoAction". +// +kubebuilder:validation:Enum=InstallAndEnable;NoAction +type NetworkObservabilityInstallationPolicy string + +const ( + // NetworkObservabilityInstallAndEnable means that network observability should be installed and enabled during cluster deployment + // Since this was explicitly set to install, if the user remove NetworkObservability, it will be installed again unless the value of InstallationPolicy is changed + NetworkObservabilityInstallAndEnable NetworkObservabilityInstallationPolicy = "InstallAndEnable" + // NetworkObservabilityNoAction means that nothing will be done regarding Network Observability + NetworkObservabilityNoAction NetworkObservabilityInstallationPolicy = "NoAction" +) + +// NetworkObservabilitySpec defines the configuration for network observability installation +type NetworkObservabilitySpec struct { + // installationPolicy controls whether network observability is installed during cluster deployment. + // Valid values are "InstallAndEnable" and "NoAction". + // When set to "InstallAndEnable", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again. + // When set to "NoAction", nothing will be done regarding Network observability. + // +required + InstallationPolicy NetworkObservabilityInstallationPolicy `json:"installationPolicy,omitempty"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go index 48657b0894..2e9be97aeb 100644 --- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go +++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -7,10 +7,16 @@ type TLSSecurityProfile struct { // type is one of Old, Intermediate, Modern or Custom. Custom provides the // ability to specify individual TLS security profile parameters. // - // The profiles are based on version 5.7 of the Mozilla Server Side TLS - // configuration guidelines. The cipher lists consist of the configuration's - // "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - // See: https://ssl-config.mozilla.org/guidelines/5.7.json + // The cipher and groups lists in these profiles are based on version 5.8 of the + // Mozilla Server Side TLS configuration guidelines. + // See: https://ssl-config.mozilla.org/guidelines/5.8.json + // + // The groups are listed in suggested preference order, with the most preferred group first. + // Note that not all platform components honor the ordering: Go-based components use Go's + // internal preference order and treat this list as a filter of allowed groups rather than + // an ordered preference. + // Note that X25519MLKEM768 is a post-quantum hybrid group that is not + // FIPS-approved and should be ignored by components running in FIPS mode. // // The profiles are intent based, so they may change over time as new ciphers are // developed and existing ciphers are found to be insecure. Depending on @@ -23,6 +29,10 @@ type TLSSecurityProfile struct { // old is a TLS profile for use when services need to be accessed by very old // clients or libraries and should be used only as a last resort. // + // The supported groups list includes by default the following groups + // in suggested preference order (ordering may not be honored by all implementations): + // X25519MLKEM768, X25519, secp256r1, secp384r1. + // // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS10 // ciphers: @@ -39,11 +49,14 @@ type TLSSecurityProfile struct { // - ECDHE-RSA-AES128-SHA256 // - ECDHE-ECDSA-AES128-SHA // - ECDHE-RSA-AES128-SHA + // - ECDHE-ECDSA-AES256-SHA384 + // - ECDHE-RSA-AES256-SHA384 // - ECDHE-ECDSA-AES256-SHA // - ECDHE-RSA-AES256-SHA // - AES128-GCM-SHA256 // - AES256-GCM-SHA384 // - AES128-SHA256 + // - AES256-SHA256 // - AES128-SHA // - AES256-SHA // - DES-CBC3-SHA @@ -56,6 +69,10 @@ type TLSSecurityProfile struct { // legacy clients and want to remain highly secure while being compatible with // most clients currently in use. // + // The supported groups list includes by default the following groups + // in suggested preference order (ordering may not be honored by all implementations): + // X25519MLKEM768, X25519, secp256r1, secp384r1. + // // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS12 // ciphers: @@ -75,7 +92,9 @@ type TLSSecurityProfile struct { // modern is a TLS security profile for use with clients that support TLS 1.3 and // do not need backward compatibility for older clients. - // + // The supported groups list includes by default the following groups + // in suggested preference order (ordering may not be honored by all implementations): + // X25519MLKEM768, X25519, secp256r1, secp384r1. // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS13 // ciphers: @@ -88,8 +107,11 @@ type TLSSecurityProfile struct { Modern *ModernTLSProfile `json:"modern,omitempty"` // custom is a user-defined TLS security profile. Be extremely careful using a custom - // profile as invalid configurations can be catastrophic. An example custom profile - // looks like this: + // profile as invalid configurations can be catastrophic. + // + // The supported groups list for this profile is empty by default. + // + // An example custom profile looks like this: // // minTLSVersion: VersionTLS11 // ciphers: @@ -142,6 +164,33 @@ const ( TLSProfileCustomType TLSProfileType = "Custom" ) +// TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. +// There is a one-to-one mapping between these names and the group IDs defined +// in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: +// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 +// Note that X25519MLKEM768 is a post-quantum hybrid group that is not +// FIPS-approved and should be ignored by components running in FIPS mode. +// +// +kubebuilder:validation:Enum=X25519;secp256r1;secp384r1;secp521r1;X25519MLKEM768;SecP256r1MLKEM768;SecP384r1MLKEM1024 +type TLSGroup string + +const ( + // TLSGroupX25519 represents X25519. + TLSGroupX25519 TLSGroup = "X25519" + // TLSGroupSecP256r1 represents P-256 (secp256r1). + TLSGroupSecP256r1 TLSGroup = "secp256r1" + // TLSGroupSecP384r1 represents P-384 (secp384r1). + TLSGroupSecP384r1 TLSGroup = "secp384r1" + // TLSGroupSecP521r1 represents P-521 (secp521r1). + TLSGroupSecP521r1 TLSGroup = "secp521r1" + // TLSGroupX25519MLKEM768 represents X25519MLKEM768. + TLSGroupX25519MLKEM768 TLSGroup = "X25519MLKEM768" + // TLSGroupSecP256r1MLKEM768 represents SecP256r1MLKEM768. + TLSGroupSecP256r1MLKEM768 TLSGroup = "SecP256r1MLKEM768" + // TLSGroupSecP384r1MLKEM1024 represents SecP384r1MLKEM1024. + TLSGroupSecP384r1MLKEM1024 TLSGroup = "SecP384r1MLKEM1024" +) + // TLSProfileSpec is the desired behavior of a TLSSecurityProfile. type TLSProfileSpec struct { // ciphers is used to specify the cipher algorithms that are negotiated @@ -155,6 +204,30 @@ type TLSProfileSpec struct { // and are always enabled when TLS 1.3 is negotiated. // +listType=atomic Ciphers []string `json:"ciphers"` + // groups is an optional, ordered field used to specify the supported groups (formerly known as + // elliptic curves) that are used during the TLS handshake. The order of the groups represents + // a suggested preference, with the most preferred group first. Note that not all platform + // components honor the ordering: Go-based components use Go's internal preference order and + // treat this list as a filter of allowed groups rather than an ordered preference. + // Operators may remove entries their operands do not support. + // + // When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + // subject to change over time and may be different per platform component depending on the underlying TLS + // libraries they use. If specified, the list must contain at least one and at most 7 groups, + // and each group must be unique. + // + // For example, to use X25519 and secp256r1 (yaml): + // + // groups: + // - X25519 + // - secp256r1 + // + // +optional + // +listType=set + // +kubebuilder:validation:MaxItems=7 + // +kubebuilder:validation:MinItems=1 + // +openshift:enable:FeatureGate=TLSGroupPreferences + Groups []TLSGroup `json:"groups,omitempty"` // minTLSVersion is used to specify the minimal version of the TLS protocol // that is negotiated during the TLS handshake. For example, to use TLS // versions 1.1, 1.2 and 1.3 (yaml): @@ -187,16 +260,22 @@ const ( // TLSProfiles contains a map of TLSProfileType names to TLSProfileSpec. // -// These profiles are based on version 5.7 of the Mozilla Server Side TLS -// configuration guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json +// The cipher and groups lists in these profiles are based on version 5.8 of the +// Mozilla Server Side TLS configuration guidelines. +// See: https://ssl-config.mozilla.org/guidelines/5.8.json // // Each Ciphers slice is the configuration's "ciphersuites" followed by the -// Go-specific "ciphers" from the guidelines JSON. +// "ciphers" from the guidelines JSON. +// +// Groups are listed in suggested preference order, though Go-based components may use +// their own internal ordering. TLSProfiles Old, Intermediate, Modern include by default +// the following groups: X25519MLKEM768, X25519, secp256r1, secp384r1 // // NOTE: The caller needs to make sure to check that these constants are valid // for their binary. Not all entries map to values for all binaries. In the case // of ties, the kube-apiserver wins. Do not fail, just be sure to include only -// valid entries and everything will be ok. +// valid entries and everything will be ok. In particular, X25519MLKEM768 is +// not FIPS-approved and must be omitted by components running in FIPS mode. var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ TLSProfileOldType: { Ciphers: []string{ @@ -213,15 +292,24 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES128-SHA", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-RSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", + "AES256-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", }, + Groups: []TLSGroup{ + TLSGroupX25519MLKEM768, + TLSGroupX25519, + TLSGroupSecP256r1, + TLSGroupSecP384r1, + }, MinTLSVersion: VersionTLS10, }, TLSProfileIntermediateType: { @@ -236,6 +324,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", }, + Groups: []TLSGroup{ + TLSGroupX25519MLKEM768, + TLSGroupX25519, + TLSGroupSecP256r1, + TLSGroupSecP384r1, + }, MinTLSVersion: VersionTLS12, }, TLSProfileModernType: { @@ -244,6 +338,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", }, + Groups: []TLSGroup{ + TLSGroupX25519MLKEM768, + TLSGroupX25519, + TLSGroupSecP256r1, + TLSGroupSecP384r1, + }, MinTLSVersion: VersionTLS13, }, } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index a604d2f634..3c75062bb7 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -42,11 +42,7 @@ func (in *APIServer) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *APIServerEncryption) DeepCopyInto(out *APIServerEncryption) { *out = *in - if in.KMS != nil { - in, out := &in.KMS, &out.KMS - *out = new(KMSConfig) - (*in).DeepCopyInto(*out) - } + out.KMS = in.KMS return } @@ -148,7 +144,7 @@ func (in *APIServerSpec) DeepCopyInto(out *APIServerSpec) { *out = make([]string, len(*in)) copy(*out, *in) } - in.Encryption.DeepCopyInto(&out.Encryption) + out.Encryption = in.Encryption if in.TLSSecurityProfile != nil { in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile *out = new(TLSSecurityProfile) @@ -216,22 +212,6 @@ func (in *AWSIngressSpec) DeepCopy() *AWSIngressSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AWSKMSConfig) DeepCopyInto(out *AWSKMSConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSKMSConfig. -func (in *AWSKMSConfig) DeepCopy() *AWSKMSConfig { - if in == nil { - return nil - } - out := new(AWSKMSConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSPlatformSpec) DeepCopyInto(out *AWSPlatformSpec) { *out = *in @@ -924,6 +904,115 @@ func (in *BuildSpec) DeepCopy() *BuildSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfig) DeepCopyInto(out *CRIOCredentialProviderConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Spec != nil { + in, out := &in.Spec, &out.Spec + *out = new(CRIOCredentialProviderConfigSpec) + (*in).DeepCopyInto(*out) + } + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfig. +func (in *CRIOCredentialProviderConfig) DeepCopy() *CRIOCredentialProviderConfig { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CRIOCredentialProviderConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfigList) DeepCopyInto(out *CRIOCredentialProviderConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CRIOCredentialProviderConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigList. +func (in *CRIOCredentialProviderConfigList) DeepCopy() *CRIOCredentialProviderConfigList { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CRIOCredentialProviderConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfigSpec) DeepCopyInto(out *CRIOCredentialProviderConfigSpec) { + *out = *in + if in.MatchImages != nil { + in, out := &in.MatchImages, &out.MatchImages + *out = make([]MatchImage, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigSpec. +func (in *CRIOCredentialProviderConfigSpec) DeepCopy() *CRIOCredentialProviderConfigSpec { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfigStatus) DeepCopyInto(out *CRIOCredentialProviderConfigStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigStatus. +func (in *CRIOCredentialProviderConfigStatus) DeepCopy() *CRIOCredentialProviderConfigStatus { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CertInfo) DeepCopyInto(out *CertInfo) { *out = *in @@ -956,6 +1045,45 @@ func (in *ClientConnectionOverrides) DeepCopy() *ClientConnectionOverrides { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientCredentialConfig) DeepCopyInto(out *ClientCredentialConfig) { + *out = *in + out.ClientSecret = in.ClientSecret + if in.Scopes != nil { + in, out := &in.Scopes, &out.Scopes + *out = make([]OAuth2Scope, len(*in)) + copy(*out, *in) + } + out.TLS = in.TLS + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientCredentialConfig. +func (in *ClientCredentialConfig) DeepCopy() *ClientCredentialConfig { + if in == nil { + return nil + } + out := new(ClientCredentialConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientSecretSecretReference) DeepCopyInto(out *ClientSecretSecretReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientSecretSecretReference. +func (in *ClientSecretSecretReference) DeepCopy() *ClientSecretSecretReference { + if in == nil { + return nil + } + out := new(ClientSecretSecretReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudControllerManagerStatus) DeepCopyInto(out *CloudControllerManagerStatus) { *out = *in @@ -2103,6 +2231,35 @@ func (in *EtcdStorageConfig) DeepCopy() *EtcdStorageConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalClaimsSource) DeepCopyInto(out *ExternalClaimsSource) { + *out = *in + in.Authentication.DeepCopyInto(&out.Authentication) + out.TLS = in.TLS + out.URL = in.URL + if in.Mappings != nil { + in, out := &in.Mappings, &out.Mappings + *out = make([]SourcedClaimMapping, len(*in)) + copy(*out, *in) + } + if in.Predicates != nil { + in, out := &in.Predicates, &out.Predicates + *out = make([]ExternalSourcePredicate, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalClaimsSource. +func (in *ExternalClaimsSource) DeepCopy() *ExternalClaimsSource { + if in == nil { + return nil + } + out := new(ExternalClaimsSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExternalIPConfig) DeepCopyInto(out *ExternalIPConfig) { *out = *in @@ -2188,6 +2345,72 @@ func (in *ExternalPlatformStatus) DeepCopy() *ExternalPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalSourceAuthentication) DeepCopyInto(out *ExternalSourceAuthentication) { + *out = *in + in.ClientCredential.DeepCopyInto(&out.ClientCredential) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourceAuthentication. +func (in *ExternalSourceAuthentication) DeepCopy() *ExternalSourceAuthentication { + if in == nil { + return nil + } + out := new(ExternalSourceAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalSourceCertificateAuthorityConfigMapReference) DeepCopyInto(out *ExternalSourceCertificateAuthorityConfigMapReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourceCertificateAuthorityConfigMapReference. +func (in *ExternalSourceCertificateAuthorityConfigMapReference) DeepCopy() *ExternalSourceCertificateAuthorityConfigMapReference { + if in == nil { + return nil + } + out := new(ExternalSourceCertificateAuthorityConfigMapReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalSourcePredicate) DeepCopyInto(out *ExternalSourcePredicate) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourcePredicate. +func (in *ExternalSourcePredicate) DeepCopy() *ExternalSourcePredicate { + if in == nil { + return nil + } + out := new(ExternalSourcePredicate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalSourceTLS) DeepCopyInto(out *ExternalSourceTLS) { + *out = *in + out.CertificateAuthority = in.CertificateAuthority + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSourceTLS. +func (in *ExternalSourceTLS) DeepCopy() *ExternalSourceTLS { + if in == nil { + return nil + } + out := new(ExternalSourceTLS) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExtraMapping) DeepCopyInto(out *ExtraMapping) { *out = *in @@ -3831,22 +4054,18 @@ func (in *IntermediateTLSProfile) DeepCopy() *IntermediateTLSProfile { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KMSConfig) DeepCopyInto(out *KMSConfig) { +func (in *KMSPluginConfig) DeepCopyInto(out *KMSPluginConfig) { *out = *in - if in.AWS != nil { - in, out := &in.AWS, &out.AWS - *out = new(AWSKMSConfig) - **out = **in - } + out.Vault = in.Vault return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSConfig. -func (in *KMSConfig) DeepCopy() *KMSConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSPluginConfig. +func (in *KMSPluginConfig) DeepCopy() *KMSPluginConfig { if in == nil { return nil } - out := new(KMSConfig) + out := new(KMSPluginConfig) in.DeepCopyInto(out) return out } @@ -4284,6 +4503,22 @@ func (in *NetworkMigration) DeepCopy() *NetworkMigration { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkObservabilitySpec) DeepCopyInto(out *NetworkObservabilitySpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkObservabilitySpec. +func (in *NetworkObservabilitySpec) DeepCopy() *NetworkObservabilitySpec { + if in == nil { + return nil + } + out := new(NetworkObservabilitySpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = *in @@ -4303,6 +4538,7 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { (*in).DeepCopyInto(*out) } in.NetworkDiagnostics.DeepCopyInto(&out.NetworkDiagnostics) + out.NetworkObservability = in.NetworkObservability return } @@ -4848,6 +5084,13 @@ func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { *out = make([]TokenUserValidationRule, len(*in)) copy(*out, *in) } + if in.ExternalClaimsSources != nil { + in, out := &in.ExternalClaimsSources, &out.ExternalClaimsSources + *out = make([]ExternalClaimsSource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -6188,6 +6431,38 @@ func (in *SignatureStore) DeepCopy() *SignatureStore { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SourceURL) DeepCopyInto(out *SourceURL) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceURL. +func (in *SourceURL) DeepCopy() *SourceURL { + if in == nil { + return nil + } + out := new(SourceURL) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SourcedClaimMapping) DeepCopyInto(out *SourcedClaimMapping) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourcedClaimMapping. +func (in *SourcedClaimMapping) DeepCopy() *SourcedClaimMapping { + if in == nil { + return nil + } + out := new(SourcedClaimMapping) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Storage) DeepCopyInto(out *Storage) { *out = *in @@ -6246,6 +6521,11 @@ func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]TLSGroup, len(*in)) + copy(*out, *in) + } return } @@ -6902,6 +7182,107 @@ func (in *VSpherePlatformVCenterSpec) DeepCopy() *VSpherePlatformVCenterSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultAppRoleAuthentication) DeepCopyInto(out *VaultAppRoleAuthentication) { + *out = *in + out.Secret = in.Secret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRoleAuthentication. +func (in *VaultAppRoleAuthentication) DeepCopy() *VaultAppRoleAuthentication { + if in == nil { + return nil + } + out := new(VaultAppRoleAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultAuthentication) DeepCopyInto(out *VaultAuthentication) { + *out = *in + out.AppRole = in.AppRole + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuthentication. +func (in *VaultAuthentication) DeepCopy() *VaultAuthentication { + if in == nil { + return nil + } + out := new(VaultAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultConfigMapReference) DeepCopyInto(out *VaultConfigMapReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultConfigMapReference. +func (in *VaultConfigMapReference) DeepCopy() *VaultConfigMapReference { + if in == nil { + return nil + } + out := new(VaultConfigMapReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultKMSPluginConfig) DeepCopyInto(out *VaultKMSPluginConfig) { + *out = *in + out.TLS = in.TLS + out.Authentication = in.Authentication + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKMSPluginConfig. +func (in *VaultKMSPluginConfig) DeepCopy() *VaultKMSPluginConfig { + if in == nil { + return nil + } + out := new(VaultKMSPluginConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultSecretReference) DeepCopyInto(out *VaultSecretReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretReference. +func (in *VaultSecretReference) DeepCopy() *VaultSecretReference { + if in == nil { + return nil + } + out := new(VaultSecretReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VaultTLSConfig) DeepCopyInto(out *VaultTLSConfig) { + *out = *in + out.CABundle = in.CABundle + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTLSConfig. +func (in *VaultTLSConfig) DeepCopy() *VaultTLSConfig { + if in == nil { + return nil + } + out := new(VaultTLSConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index 173dd1daf2..5426057a88 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -7,8 +7,8 @@ apiservers.config.openshift.io: Category: "" FeatureGates: - KMSEncryption - - KMSEncryptionProvider - TLSAdherence + - TLSGroupPreferences FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -32,6 +32,7 @@ authentications.config.openshift.io: Category: "" FeatureGates: - ExternalOIDC + - ExternalOIDCExternalClaimsSourcing - ExternalOIDCWithUIDAndExtraClaimMappings - ExternalOIDCWithUpstreamParity FilenameOperatorName: config-operator @@ -69,6 +70,29 @@ builds.config.openshift.io: TopLevelFeatureGates: [] Version: v1 +criocredentialproviderconfigs.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2725 + CRDName: criocredentialproviderconfigs.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - CRIOCredentialProviderConfig + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: CRIOCredentialProviderConfig + Labels: {} + PluralName: criocredentialproviderconfigs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - CRIOCredentialProviderConfig + Version: v1 + clusterimagepolicies.config.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/2310 @@ -144,6 +168,9 @@ clusterversions.config.openshift.io: Capability: "" Category: "" FeatureGates: + - CRDCompatibilityRequirementOperator + - CRDCompatibilityRequirementOperator+ClusterAPIMachineManagement + - ClusterAPIMachineManagement - ClusterUpdateAcceptRisks - ClusterUpdatePreflight - ImageStreamImportMode @@ -373,11 +400,12 @@ infrastructures.config.openshift.io: - AzureDualStackInstall - DualReplica - DyanmicServiceEndpointIBMCloud - - GCPClusterHostedDNSInstall + - MutableTopology - NutanixMultiSubnets - OnPremDNSRecords - VSphereHostVMGroupZonal - VSphereMultiNetworks + - VSphereMultiVCenterDay2 FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -444,7 +472,8 @@ networks.config.openshift.io: CRDName: networks.config.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - NetworkObservabilityInstall FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go new file mode 100644 index 0000000000..043c03ef5e --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go @@ -0,0 +1,1566 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1 + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerEncryption) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerEncryption" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerNamedServingCert) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerNamedServingCert" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerServingCerts) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerServingCerts" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIServerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.APIServerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSDNSSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSDNSSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSIngressSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSIngressSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSResourceTag) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSResourceTag" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AWSServiceEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AWSServiceEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AcceptRisk) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AcceptRisk" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AdmissionConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AdmissionConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AdmissionPluginConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AdmissionPluginConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AlibabaCloudPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AlibabaCloudPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AlibabaCloudResourceTag) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AlibabaCloudResourceTag" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Audit) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Audit" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuditConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuditConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuditCustomRule) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuditCustomRule" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Authentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Authentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthenticationList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuthenticationList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthenticationSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuthenticationSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AuthenticationStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AuthenticationStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AzurePlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AzurePlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AzurePlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AzurePlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in AzureResourceTag) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.AzureResourceTag" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BareMetalPlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BareMetalPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BareMetalPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BareMetalPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BareMetalPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BasicAuthIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BasicAuthIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Build) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Build" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BuildDefaults) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BuildDefaults" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BuildList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BuildList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BuildOverrides) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BuildOverrides" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in BuildSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.BuildSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfigList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfigStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CertInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CertInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClientConnectionOverrides) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClientConnectionOverrides" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClientCredentialConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClientCredentialConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClientSecretSecretReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClientSecretSecretReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudControllerManagerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CloudControllerManagerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudLoadBalancerConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CloudLoadBalancerConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CloudLoadBalancerIPs) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CloudLoadBalancerIPs" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterCondition) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterCondition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterImagePolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterImagePolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterImagePolicyList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterImagePolicyList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterImagePolicySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterImagePolicySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterImagePolicyStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterImagePolicyStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterNetworkEntry) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterNetworkEntry" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperator) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperator" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperatorList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperatorList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperatorSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperatorSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperatorStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperatorStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterOperatorStatusCondition) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersion) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersion" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionCapabilitiesSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionCapabilitiesStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ClusterVersionStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ClusterVersionStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ComponentOverride) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ComponentOverride" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ComponentRouteSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ComponentRouteSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ComponentRouteStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ComponentRouteStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConditionalUpdate) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConditionalUpdate" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConditionalUpdateRisk) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConditionalUpdateRisk" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConfigMapFileReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConfigMapFileReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConfigMapNameReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConfigMapNameReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Console) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Console" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConsoleAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConsoleList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConsoleSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ConsoleStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ConsoleStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Custom) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Custom" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CustomFeatureGates) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CustomFeatureGates" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CustomTLSProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CustomTLSProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNS) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNS" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DNSZone) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DNSZone" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DelegatedAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DelegatedAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DelegatedAuthorization) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DelegatedAuthorization" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in DeprecatedWebhookTokenAuthenticator) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EquinixMetalPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.EquinixMetalPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EquinixMetalPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.EquinixMetalPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdConnectionInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.EtcdConnectionInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in EtcdStorageConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.EtcdStorageConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalClaimsSource) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalClaimsSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalIPConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalIPConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalIPPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalIPPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalSourceAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalSourceAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalSourceCertificateAuthorityConfigMapReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalSourceCertificateAuthorityConfigMapReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalSourcePredicate) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalSourcePredicate" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExternalSourceTLS) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExternalSourceTLS" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ExtraMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ExtraMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGate) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGate" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateAttributes) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateAttributes" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateDetails) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateDetails" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateSelection) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateSelection" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in FeatureGateTests) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.FeatureGateTests" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GCPPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GCPPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPResourceLabel) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GCPResourceLabel" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GCPResourceTag) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GCPResourceTag" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GatherConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GatherConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GathererConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GathererConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Gatherers) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Gatherers" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GenericAPIServerConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GenericAPIServerConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GenericControllerConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GenericControllerConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GitHubIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GitHubIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GitLabIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GitLabIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in GoogleIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.GoogleIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HTPasswdIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.HTPasswdIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HTTPServingInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.HTTPServingInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HubSource) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.HubSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in HubSourceStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.HubSourceStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IBMCloudPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IBMCloudPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IBMCloudPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IBMCloudPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IBMCloudServiceEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IdentityProviderConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IdentityProviderConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Image) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Image" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageContentPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageContentPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageContentPolicyList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageContentPolicyList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageContentPolicySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageContentPolicySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrorSet) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrorSet" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrorSetList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrorSetList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrorSetSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrorSetStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageDigestMirrors) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageDigestMirrors" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageLabel) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageLabel" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyFulcioCAWithRekorRootOfTrust) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyPKIRootOfTrust) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyPublicKeyRootOfTrust) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImagePolicyStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImagePolicyStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageSigstoreVerificationPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrorSet) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrorSet" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrorSetList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrorSetList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrorSetSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrorSetSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrorSetStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrorSetStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ImageTagMirrors) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ImageTagMirrors" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Infrastructure) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Infrastructure" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InfrastructureList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InfrastructureList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InfrastructureSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InfrastructureSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InfrastructureStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InfrastructureStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Ingress) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Ingress" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IngressList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IngressPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IngressSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IngressStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IngressStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGather) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InsightsDataGather" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InsightsDataGatherList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InsightsDataGatherSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.InsightsDataGatherSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in IntermediateTLSProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.IntermediateTLSProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KMSPluginConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KMSPluginConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KeystoneIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KeystoneIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubeClientConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KubeClientConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubevirtPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KubevirtPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in KubevirtPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.KubevirtPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LDAPAttributeMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.LDAPAttributeMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LDAPIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.LDAPIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LeaderElection) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.LeaderElection" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in LoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.LoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MTUMigration) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.MTUMigration" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MTUMigrationValues) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.MTUMigrationValues" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in MaxAgePolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.MaxAgePolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ModernTLSProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ModernTLSProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NamedCertificate) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NamedCertificate" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Network) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Network" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkDiagnostics) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkDiagnostics" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkDiagnosticsSourcePlacement) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkDiagnosticsTargetPlacement) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkMigration) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkMigration" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkObservabilitySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkObservabilitySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NetworkStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NetworkStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Node) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Node" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NodeList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NodeSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NodeStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NodeStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixFailureDomain) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixFailureDomain" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPrismElementEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPrismElementEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixPrismEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixPrismEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in NutanixResourceIdentifier) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.NutanixResourceIdentifier" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuth) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuth" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthRemoteConnectionInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthRemoteConnectionInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OAuthTemplates) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OAuthTemplates" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OIDCClientConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OIDCClientConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OIDCClientReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OIDCClientReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OIDCClientStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OIDCClientStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OIDCProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OIDCProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ObjectReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ObjectReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OldTLSProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OldTLSProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenIDClaims) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenIDClaims" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenIDIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenIDIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenStackPlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenStackPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenStackPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OpenStackPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OpenStackPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperandVersion) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperandVersion" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorHub) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperatorHub" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorHubList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperatorHubList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorHubSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperatorHubSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OperatorHubStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OperatorHubStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OvirtPlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OvirtPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OvirtPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in OvirtPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.OvirtPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PKICertificateSubject) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PKICertificateSubject" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PersistentVolumeClaimReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PersistentVolumeClaimReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PersistentVolumeConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PersistentVolumeConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyFulcioSubject) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyFulcioSubject" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyIdentity) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyIdentity" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyMatchExactRepository) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyMatchExactRepository" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyMatchRemapIdentity) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyMatchRemapIdentity" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PolicyRootOfTrust) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PolicyRootOfTrust" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PowerVSPlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PowerVSPlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PowerVSPlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PowerVSPlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PowerVSServiceEndpoint) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PowerVSServiceEndpoint" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PrefixedClaimMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PrefixedClaimMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProfileCustomizations) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProfileCustomizations" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Project) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Project" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProjectList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProjectList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProjectSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProjectSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProjectStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProjectStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in PromQLClusterCondition) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.PromQLClusterCondition" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Proxy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Proxy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProxyList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProxyList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProxySpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProxySpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ProxyStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ProxyStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RegistryLocation) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RegistryLocation" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RegistrySources) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RegistrySources" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Release) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Release" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RemoteConnectionInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RemoteConnectionInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RepositoryDigestMirrors) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RepositoryDigestMirrors" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RequestHeaderIdentityProvider) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in RequiredHSTSPolicy) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.RequiredHSTSPolicy" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Scheduler) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Scheduler" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SchedulerList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SchedulerList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SchedulerSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SchedulerSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SchedulerStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SchedulerStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretNameReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SecretNameReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ServingInfo) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.ServingInfo" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SignatureStore) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SignatureStore" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SourceURL) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SourceURL" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SourcedClaimMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.SourcedClaimMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Storage) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Storage" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StringSource) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.StringSource" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in StringSourceSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.StringSourceSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TLSProfileSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TLSProfileSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TLSSecurityProfile) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TLSSecurityProfile" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TemplateReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TemplateReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TestDetails) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TestDetails" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TestReporting) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TestReporting" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TestReportingSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TestReportingSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TestReportingStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TestReportingStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimMappings) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimMappings" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimOrExpressionMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimValidationCELRule) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimValidationCELRule" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenClaimValidationRule) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenClaimValidationRule" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenIssuer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenIssuer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenRequiredClaim) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenRequiredClaim" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in TokenUserValidationRule) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.TokenUserValidationRule" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in Update) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.Update" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in UpdateHistory) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.UpdateHistory" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in UsernameClaimMapping) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.UsernameClaimMapping" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in UsernamePrefix) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.UsernamePrefix" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSphereFailureDomainHostGroup) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSphereFailureDomainRegionAffinity) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSphereFailureDomainZoneAffinity) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformFailureDomainSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformLoadBalancer) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformNodeNetworking) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformNodeNetworkingSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformTopology) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformTopology" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VSpherePlatformVCenterSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultAppRoleAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultAppRoleAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultAuthentication) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultAuthentication" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultConfigMapReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultConfigMapReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultKMSPluginConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultKMSPluginConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultSecretReference) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultSecretReference" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in VaultTLSConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.VaultTLSConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in WebhookTokenAuthenticator) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.WebhookTokenAuthenticator" +} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 4a5346dba8..b321d3d7e1 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -388,6 +388,28 @@ func (AuthenticationStatus) SwaggerDoc() map[string]string { return map_AuthenticationStatus } +var map_ClientCredentialConfig = map[string]string{ + "": "ClientCredentialConfig configures the client credentials and token endpoint to use to get an access token via the OAuth2 client credentials grant flow.", + "clientID": "clientID is a required client identifier to use during the OAuth2 client credentials flow. clientID must be at least 1 character in length, must not exceed 256 characters in length, and must only contain printable ASCII characters.", + "clientSecret": "clientSecret is a required reference to a Secret in the openshift-config namespace to be used as the client secret during the OAuth2 client credentials flow.\n\nThe key 'client-secret' is used to locate the client secret data in the Secret.", + "tokenEndpoint": "tokenEndpoint is a required URL to query for an access token using the client credential OAuth2 flow. tokenEndpoint must be at least 1 character in length and must not exceed 2048 characters in length. tokenEndpoint must be a valid HTTPS URL. tokenEndpoint must have a host and a path. tokenEndpoint must not contain query parameters, fragments, or user information (e.g., \"user:password@host\").", + "scopes": "scopes is an optional list of OAuth2 scopes to request when obtaining an access token.\n\nIf not specified, the token endpoint's default scopes will be used.\n\nWhen specified, there must be at least 1 entry and must not exceed 16 entries. Each entry must be at least 1 character in length and must not exceed 256 characters in length. Each entry must only contain printable ASCII characters, excluding spaces, double quotes and backslashes. Entries must be unique.", + "tls": "tls is an optional field that allows configuring the TLS settings used to interact with the identity provider as an OAuth2 client.\n\nWhen omitted, system default TLS settings will be used for the OAuth2 client.", +} + +func (ClientCredentialConfig) SwaggerDoc() map[string]string { + return map_ClientCredentialConfig +} + +var map_ClientSecretSecretReference = map[string]string{ + "": "ClientSecretSecretReference is a reference to a Secret in the openshift-config namespace that should be used for configuring the client secret to be used when sourcing claims from external sources with the client credential authentication flow.", + "name": "name is the required name of the Secret that exists in the openshift-config namespace.\n\nIt must be at least 1 character in length, must not exceed 253 characters in length, must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'.", +} + +func (ClientSecretSecretReference) SwaggerDoc() map[string]string { + return map_ClientSecretSecretReference +} + var map_DeprecatedWebhookTokenAuthenticator = map[string]string{ "": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", "kubeConfig": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", @@ -397,6 +419,56 @@ func (DeprecatedWebhookTokenAuthenticator) SwaggerDoc() map[string]string { return map_DeprecatedWebhookTokenAuthenticator } +var map_ExternalClaimsSource = map[string]string{ + "": "ExternalClaimsSource provides the configuration for a single external claim source.", + "authentication": "authentication is an optional field that configures how the apiserver authenticates with an external claims source. When not specified, anonymous authentication is used which means no 'Authorization' header is sent in the HTTP request to fetch the external claims.", + "tls": "tls is an optional field that configures the http client TLS settings when fetching external claims from this source.\n\nWhen omitted, system default TLS settings will be used for fetching claims from the external source.", + "url": "url is a required configuration of the URL for which the external claims are located.", + "mappings": "mappings is a required list of the claim and response handling expression pairs that produces the claims from the external source. mappings must have at least 1 entry and must not exceed 16 entries. Entries must have a unique name across all external claim sources.", + "predicates": "predicates is an optional list of constraints in which claims should attempt to be fetched from this external source.\n\nWhen omitted, claims are always fetched from this external source.\n\nWhen specified, all predicates must evaluate to 'true' before claims are attempted to be fetched from this external source. predicates must have at least 1 entry and must not exceed 16 entries. Entries must have unique expressions.", +} + +func (ExternalClaimsSource) SwaggerDoc() map[string]string { + return map_ExternalClaimsSource +} + +var map_ExternalSourceAuthentication = map[string]string{ + "": "ExternalSourceAuthentication configures how the apiserver should attempt to authenticate with an external claims source.", + "type": "type is a required field that sets the type of authentication method used by the authenticator when fetching external claims.\n\nAllowed values are 'RequestProvidedToken' and 'ClientCredential'.\n\nWhen set to 'RequestProvidedToken', the authenticator will use the token provided to the kube-apiserver as part of the request to authenticate with the external claims source.\n\nWhen set to 'ClientCredential', the authenticator will use the configured client-id, client-secret, and token endpoint to fetch an access token using the OAuth2 client credentials grant flow. The fetched access token will then be used to authenticate with the external claims source.", + "clientCredential": "clientCredential configures the client credentials and token endpoint to use to get an access token. clientCredential is required when type is 'ClientCredential', and forbidden otherwise.", +} + +func (ExternalSourceAuthentication) SwaggerDoc() map[string]string { + return map_ExternalSourceAuthentication +} + +var map_ExternalSourceCertificateAuthorityConfigMapReference = map[string]string{ + "": "ExternalSourceCertificateAuthorityConfigMapReference is a reference to a ConfigMap in the openshift-config namespace that should be used for configuring the certificate authority to be used when sourcing claims from external sources.", + "name": "name is the required name of the ConfigMap that exists in the openshift-config namespace. The key \"ca-bundle.crt\" must be present and must contain the CA certificate to be used to verify the external source's TLS certificate.\n\nIt must be at least 1 character in length, must not exceed 253 characters in length, must start and end with a lowercase alphanumeric character, and must only contain lowercase alphanumeric characters, '-' or '.'.", +} + +func (ExternalSourceCertificateAuthorityConfigMapReference) SwaggerDoc() map[string]string { + return map_ExternalSourceCertificateAuthorityConfigMapReference +} + +var map_ExternalSourcePredicate = map[string]string{ + "": "ExternalSourcePredicate configures a singular condition that must return true before the external source is queried to retrieve external claims.", + "expression": "expression is a required CEL expression that is used to determine whether or not an external source should be used to fetch external claims.\n\nThe expression must return a boolean value, where true means that the source should be consulted and false means that it should not.\n\nClaims from the token used for the request to the kube-apiserver are made available via the `claims` variable.\n\nThe contents of the `claims` variable varies based on the claims that are present in the token being validated. It is the responsibility of those configuring this field to understand what claims the identity provider includes when issuing tokens.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length.", +} + +func (ExternalSourcePredicate) SwaggerDoc() map[string]string { + return map_ExternalSourcePredicate +} + +var map_ExternalSourceTLS = map[string]string{ + "": "ExternalSourceTLS configures the TLS options that the apiserver uses as a client when making a request to the external claim source.", + "certificateAuthority": "certificateAuthority is a required reference to a ConfigMap in the openshift-config namespace that contains the CA certificate to use to validate TLS connections with the external claims source. The key \"ca-bundle.crt\" must be present in the referenced ConfigMap and must contain the CA certificate to be used to verify the external source's TLS certificate.", +} + +func (ExternalSourceTLS) SwaggerDoc() map[string]string { + return map_ExternalSourceTLS +} + var map_ExtraMapping = map[string]string{ "": "ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token.", "key": "key is a required field that specifies the string to use as the extra attribute key.\n\nkey must be a domain-prefix path (e.g 'example.org/foo'). key must not exceed 510 characters in length. key must contain the '/' character, separating the domain and path characters. key must not be empty.\n\nThe domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain. It must not exceed 253 characters in length. It must start and end with an alphanumeric character. It must only contain lower case alphanumeric characters and '-' or '.'. It must not use the reserved domains, or be subdomains of, \"kubernetes.io\", \"k8s.io\", and \"openshift.io\".\n\nThe path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. It must not exceed 256 characters in length.", @@ -445,12 +517,13 @@ func (OIDCClientStatus) SwaggerDoc() map[string]string { } var map_OIDCProvider = map[string]string{ - "name": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").", - "issuer": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.", - "oidcClients": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.", - "claimMappings": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.", - "claimValidationRules": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.", - "userValidationRules": "userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. If any rule in the chain of rules evaluates to 'false', authentication will fail. When specified, at least one rule must be specified and no more than 64 rules may be specified.", + "name": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").", + "issuer": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.", + "oidcClients": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.", + "claimMappings": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.", + "claimValidationRules": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.", + "userValidationRules": "userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. If any rule in the chain of rules evaluates to 'false', authentication will fail. When specified, at least one rule must be specified and no more than 64 rules may be specified.", + "externalClaimsSources": "externalClaimsSources is an optional field that can be used to configure sources, external to the token provided in a request, in which claims should be fetched from and made available to the claim mapping process that is used to build the identity of a token holder.\n\nFor example, fetching additional user metadata from an OIDC provider's UserInfo endpoint.\n\nWhen not specified, only claims present in the token itself will be available in the claim mapping process.\n\nWhen specified, at least one external claim source must be specified and no more than 5 sources may be specified. All external claim sources must have unique claim mappings. When an external source responds and resolves additional claims successfully, they will be made available as claims during the claim mapping process. Externally sourced claims with the same name as a claim existing within the token will overwrite the claim data from the token with the externally sourced information. If an external source does not respond, responds with an error, or the additional claim data cannot be resolved from the response successfully it will not be included in the claim data passed to the claim mapping process.", } func (OIDCProvider) SwaggerDoc() map[string]string { @@ -466,6 +539,26 @@ func (PrefixedClaimMapping) SwaggerDoc() map[string]string { return map_PrefixedClaimMapping } +var map_SourceURL = map[string]string{ + "": "SourceURL configures the options used to build the URL that is queried for external claims.", + "hostname": "hostname is a required hostname for which the external claims are located.\n\nIt must be a valid DNS subdomain name as per RFC1123.\n\nThis means that it must start and end with a lowercase alphanumeric character, must only consist of lowercase alphanumeric characters, '-', and '.'. hostname may optionally specify a port in the format ':{port}'. If a port is specified it must not exceed 65535.\n\nhostname must be at least 1 character in length. When specifying a port, hostname must not exceed 259 characters in length. When not specifying a port, hostname must not exceed 253 characters in length.", + "pathExpression": "pathExpression is a required CEL expression that returns a list of string values used to construct the URL path. Claims from the token used for the request to the kube-apiserver are made available via the `claims` variable. expression must be at least 1 character in length and must not exceed 1024 characters in length.\n\nValues in the returned list will be joined with the hostname using a forward slash (`/`) as a separator. Values in the returned list do not need to include the forward slash. If a forward slash is included in a returned value, it will be encoded as `%2F`.\n\nExample of a static path configuration:\n\n pathExpression: ['realms', 'k8s', 'protocol', 'openid-connect', 'userinfo']\n\nThe above example would resolve to the path: '/realms/k8s/protocol/openid-connect/userinfo'\n\nExample of a dynamic path configuration:\n\n pathExpression: \"['admin', 'realms', 'k8s', 'users'] + [claims.sub] + ['groups']\"\n\nAssuming 'claims.sub' is set to '12345', the above example would resolve to the path: '/admin/realms/k8s/users/12345/groups'", +} + +func (SourceURL) SwaggerDoc() map[string]string { + return map_SourceURL +} + +var map_SourcedClaimMapping = map[string]string{ + "": "SourcedClaimMapping configures the mapping behavior for a single external claim from the response the apiserver received from the external claim source.", + "name": "name is a required name of the claim that will be produced and made available during the claim-to-identity mapping process. name must consist of only lowercase alpha characters and underscores ('_'). name must be at least 1 character and must not exceed 256 characters in length.", + "expression": "expression is a required CEL expression that will produce a value to be assigned to the claim. The full response body from the request to the external claim source is provided via the `response.body` variable.\n\nThe contents of the `response.body` variable varies based on the response received from the external source. It is the responsibility of those configuring this expression to understand what is returned from the external source.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length.", +} + +func (SourcedClaimMapping) SwaggerDoc() map[string]string { + return map_SourcedClaimMapping +} + var map_TokenClaimMapping = map[string]string{ "": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.", "claim": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", @@ -986,6 +1079,44 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { return map_ConsoleStatus } +var map_CRIOCredentialProviderConfig = map[string]string{ + "": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "status": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", +} + +func (CRIOCredentialProviderConfig) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfig +} + +var map_CRIOCredentialProviderConfigList = map[string]string{ + "": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (CRIOCredentialProviderConfigList) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigList +} + +var map_CRIOCredentialProviderConfigSpec = map[string]string{ + "": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "matchImages": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", +} + +func (CRIOCredentialProviderConfigSpec) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigSpec +} + +var map_CRIOCredentialProviderConfigStatus = map[string]string{ + "": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + "conditions": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", +} + +func (CRIOCredentialProviderConfigStatus) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigStatus +} + var map_AWSDNSSpec = map[string]string{ "": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", @@ -1165,9 +1296,9 @@ func (RegistryLocation) SwaggerDoc() map[string]string { var map_RegistrySources = map[string]string{ "": "RegistrySources holds cluster-wide information about how to handle the registries config.", - "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", - "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", - "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.", + "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", "containerRuntimeSearchRegistries": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", } @@ -1737,9 +1868,10 @@ func (InfrastructureList) SwaggerDoc() map[string]string { } var map_InfrastructureSpec = map[string]string{ - "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", - "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", - "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.", + "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", + "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", + "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.", + "controlPlaneTopology": "controlPlaneTopology expresses the desired topology configuration for control nodes.\n\nWhen status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable', a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable.\n\nWhen left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value, no changes are required and no transitions will be triggered.\n\nThis value may be set to match status.controlPlaneTopology regardless of the current value.", } func (InfrastructureSpec) SwaggerDoc() map[string]string { @@ -2082,7 +2214,7 @@ func (VSpherePlatformNodeNetworkingSpec) SwaggerDoc() map[string]string { var map_VSpherePlatformSpec = map[string]string{ "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", - "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except in the case where the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.", + "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Up to 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except when 1.) the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present or 2.) in TechPreview you are able to add and remove vCenters but may not remove all vCenters. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.", "failureDomains": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", "nodeNetworking": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", @@ -2329,24 +2461,76 @@ func (Storage) SwaggerDoc() map[string]string { return map_Storage } -var map_AWSKMSConfig = map[string]string{ - "": "AWSKMSConfig defines the KMS config specific to AWS KMS provider", - "keyARN": "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn:aws:kms:::key/`, where: - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", - "region": "region specifies the AWS region where the KMS instance exists, and follows the format `--`, e.g.: `us-east-1`. Only lowercase letters and hyphens followed by numbers are allowed.", +var map_KMSPluginConfig = map[string]string{ + "": "KMSPluginConfig defines the configuration for the KMS instance that will be used with KMS encryption", + "type": "type defines the kind of platform for the KMS provider. Allowed values are Vault. When set to Vault, the plugin connects to a HashiCorp Vault server for key management.", + "vault": "vault defines the configuration for the Vault KMS plugin. The plugin connects to a Vault Enterprise server that is managed by the user outside the purview of the control plane. This field must be set when type is Vault, and must be unset otherwise.", } -func (AWSKMSConfig) SwaggerDoc() map[string]string { - return map_AWSKMSConfig +func (KMSPluginConfig) SwaggerDoc() map[string]string { + return map_KMSPluginConfig } -var map_KMSConfig = map[string]string{ - "": "KMSConfig defines the configuration for the KMS instance that will be used with KMSEncryptionProvider encryption", - "type": "type defines the kind of platform for the KMS provider. Available provider types are AWS only.", - "aws": "aws defines the key config for using an AWS KMS instance for the encryption. The AWS KMS instance is managed by the user outside the purview of the control plane.", +var map_VaultAppRoleAuthentication = map[string]string{ + "": "VaultAppRoleAuthentication defines the configuration for AppRole authentication with Vault.", + "secret": "secret references a secret in the openshift-config namespace containing the AppRole credentials used to authenticate with Vault. The referenced Secret must contain two keys: \"role-id\" for the AppRole Role ID and \"secret-id\" for the AppRole Secret ID.", } -func (KMSConfig) SwaggerDoc() map[string]string { - return map_KMSConfig +func (VaultAppRoleAuthentication) SwaggerDoc() map[string]string { + return map_VaultAppRoleAuthentication +} + +var map_VaultAuthentication = map[string]string{ + "": "VaultAuthentication defines the authentication method used to authenticate with Vault.", + "type": "type defines the authentication method used to authenticate with Vault. Allowed values are AppRole. When set to AppRole, the plugin uses AppRole credentials to authenticate with Vault.", + "appRole": "appRole defines the configuration for AppRole authentication. This field must be set when type is AppRole, and must be unset otherwise.", +} + +func (VaultAuthentication) SwaggerDoc() map[string]string { + return map_VaultAuthentication +} + +var map_VaultConfigMapReference = map[string]string{ + "": "VaultConfigMapReference references a ConfigMap in the openshift-config namespace.", + "name": "name is the metadata.name of the referenced ConfigMap in the openshift-config namespace. The name must be a valid DNS subdomain name: it must contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character.", +} + +func (VaultConfigMapReference) SwaggerDoc() map[string]string { + return map_VaultConfigMapReference +} + +var map_VaultKMSPluginConfig = map[string]string{ + "": "VaultKMSPluginConfig defines the KMS plugin configuration specific to Vault KMS", + "kmsPluginImage": "kmsPluginImage specifies the container image for the HashiCorp Vault KMS plugin.\n\nThe image must be a fully qualified OCI image pull spec with a SHA256 digest. The format is: host[:port][/namespace]/name@sha256: where the digest must be 64 characters long and consist only of lowercase hexadecimal characters, a-f and 0-9. The total length must be between 75 and 447 characters.\n\nShort names (e.g., \"vault-plugin\" or \"hashicorp/vault-plugin\") are not allowed. The registry hostname must be included and must contain at least one dot. Image tags (e.g., \":latest\", \":v1.0.0\") are not allowed.\n\nConsult the OpenShift documentation for compatible plugin versions with your cluster version, then obtain the image digest for that version from HashiCorp's container registry.\n\nFor disconnected environments, mirror the plugin image to an accessible registry and reference the mirrored location with its digest.", + "vaultAddress": "vaultAddress specifies the address of the HashiCorp Vault instance. The value must be a valid HTTPS URL containing only scheme, host, and optional port. Paths, user info, query parameters, and fragments are not allowed.\n\nFormat: https://hostname[:port] Example: https://vault.example.com:8200\n\nThe value must be between 1 and 512 characters.", + "vaultNamespace": "vaultNamespace specifies the Vault namespace where the Transit secrets engine is mounted. This is only applicable for Vault Enterprise installations. When this field is not set, no namespace is used.\n\nThe value must be between 1 and 4096 characters. The namespace cannot end with a forward slash, cannot contain spaces, and cannot be one of the reserved strings: root, sys, audit, auth, cubbyhole, or identity.", + "tls": "tls contains the TLS configuration for connecting to the Vault server. When this field is not set, system default TLS settings are used.", + "authentication": "authentication defines the authentication method used to authenticate with Vault.", + "transitMount": "transitMount specifies the mount path of the Vault Transit engine.\n\nThe transit mount must be between 1 and 1024 characters, cannot start or end with a forward slash, cannot contain consecutive forward slashes, and must only contain RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward slashes as path separators.", + "transitKey": "transitKey specifies the name of the encryption key in Vault's Transit engine. This key is used to encrypt and decrypt data.\n\nThe transit key must be between 1 and 512 characters, cannot contain forward slashes, and must only contain alphanumeric characters, hyphens, periods, and underscores.", +} + +func (VaultKMSPluginConfig) SwaggerDoc() map[string]string { + return map_VaultKMSPluginConfig +} + +var map_VaultSecretReference = map[string]string{ + "": "VaultSecretReference references a secret in the openshift-config namespace.", + "name": "name is the metadata.name of the referenced secret in the openshift-config namespace. The name must be a valid DNS subdomain name: it must contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character.", +} + +func (VaultSecretReference) SwaggerDoc() map[string]string { + return map_VaultSecretReference +} + +var map_VaultTLSConfig = map[string]string{ + "": "VaultTLSConfig contains TLS configuration for connecting to Vault.", + "caBundle": "caBundle references a ConfigMap in the openshift-config namespace containing the CA certificate bundle used to verify the TLS connection to the Vault server. The referenced ConfigMap must contain the CA bundle in the key \"ca-bundle.crt\". When this field is not set, the system's trusted CA certificates are used.\n\nThe namespace for the ConfigMap is openshift-config.\n\nExample ConfigMap:\n apiVersion: v1\n kind: ConfigMap\n metadata:\n name: vault-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |", + "serverName": "serverName specifies the Server Name Indication (SNI) to use when connecting to Vault via TLS. This is useful when the Vault server's hostname doesn't match its TLS certificate. When this field is not set, the hostname from vaultAddress is used for SNI.\n\nThe value must be a valid DNS hostname: it must contain no more than 253 characters, contain only lowercase alphanumeric characters, '-' or '.', and start and end with an alphanumeric character.", +} + +func (VaultTLSConfig) SwaggerDoc() map[string]string { + return map_VaultTLSConfig } var map_ClusterNetworkEntry = map[string]string{ @@ -2459,6 +2643,15 @@ func (NetworkMigration) SwaggerDoc() map[string]string { return map_NetworkMigration } +var map_NetworkObservabilitySpec = map[string]string{ + "": "NetworkObservabilitySpec defines the configuration for network observability installation", + "installationPolicy": "installationPolicy controls whether network observability is installed during cluster deployment. Valid values are \"InstallAndEnable\" and \"NoAction\". When set to \"InstallAndEnable\", ensure that network observability will be installed and enabled on the cluster. If already installed, no action taken, but if it gets uninstalled, it will install it again. When set to \"NoAction\", nothing will be done regarding Network observability.", +} + +func (NetworkObservabilitySpec) SwaggerDoc() map[string]string { + return map_NetworkObservabilitySpec +} + var map_NetworkSpec = map[string]string{ "": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", "clusterNetwork": "IP address pool to use for pod IPs. This field is immutable after installation.", @@ -2467,6 +2660,7 @@ var map_NetworkSpec = map[string]string{ "externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", "serviceNodePortRange": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", "networkDiagnostics": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", + "networkObservability": "networkObservability is an optional field that configures network observability installation during cluster deployment (day-0). When omitted, unless this is a SNO cluster, network observability will be installed if not already present, after that, no action taken.", } func (NetworkSpec) SwaggerDoc() map[string]string { @@ -3009,6 +3203,7 @@ func (OldTLSProfile) SwaggerDoc() map[string]string { var map_TLSProfileSpec = map[string]string{ "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", + "groups": "groups is an optional, ordered field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. The order of the groups represents a suggested preference, with the most preferred group first. Note that not all platform components honor the ordering: Go-based components use Go's internal preference order and treat this list as a filter of allowed groups rather than an ordered preference. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 7 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1", "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", } @@ -3018,11 +3213,11 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", - "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", - "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", - "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", - "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", - "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", + "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe cipher and groups lists in these profiles are based on version 5.8 of the Mozilla Server Side TLS configuration guidelines. See: https://ssl-config.mozilla.org/guidelines/5.8.json\n\nThe groups are listed in suggested preference order, with the most preferred group first. Note that not all platform components honor the ordering: Go-based components use Go's internal preference order and treat this list as a filter of allowed groups rather than an ordered preference. Note that X25519MLKEM768 is a post-quantum hybrid group that is not FIPS-approved and should be ignored by components running in FIPS mode.\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", + "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The supported groups list includes by default the following groups in suggested preference order (ordering may not be honored by all implementations): X25519MLKEM768, X25519, secp256r1, secp384r1. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe supported groups list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", } func (TLSSecurityProfile) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/pelletier/go-toml/v2/README.md b/vendor/github.com/pelletier/go-toml/v2/README.md index 61cdd181f3..14e6564496 100644 --- a/vendor/github.com/pelletier/go-toml/v2/README.md +++ b/vendor/github.com/pelletier/go-toml/v2/README.md @@ -21,8 +21,6 @@ documentation. import "github.com/pelletier/go-toml/v2" ``` -See [Modules](#Modules). - ## Features ### Stdlib behavior @@ -273,20 +271,6 @@ provided for completeness.

This table can be generated with ./ci.sh benchmark -a -html.

-## Modules - -go-toml uses Go's standard modules system. - -Installation instructions: - -- Go ≥ 1.16: Nothing to do. Use the import in your code. The `go` command deals - with it automatically. -- Go ≥ 1.13: `GO111MODULE=on go get github.com/pelletier/go-toml/v2`. - -In case of trouble: [Go Modules FAQ][mod-faq]. - -[mod-faq]: https://github.com/golang/go/wiki/Modules#why-does-installing-a-tool-via-go-get-fail-with-error-cannot-find-main-module - ## Tools Go-toml provides three handy command line tools: diff --git a/vendor/github.com/pelletier/go-toml/v2/strict.go b/vendor/github.com/pelletier/go-toml/v2/strict.go index 2a147c0260..e9a4be2c32 100644 --- a/vendor/github.com/pelletier/go-toml/v2/strict.go +++ b/vendor/github.com/pelletier/go-toml/v2/strict.go @@ -68,7 +68,7 @@ func (s *strict) MissingField(node *unstable.Node) { s.missing = append(s.missing, unstable.ParserError{ Highlight: s.keyLocation(node), - Message: "missing field", + Message: "unknown field", Key: s.key.Key(), }) } diff --git a/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go b/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go index e7c68dc5c2..1538301236 100644 --- a/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go +++ b/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go @@ -3,6 +3,7 @@ package unstable import ( "bytes" "fmt" + "reflect" "unicode" "github.com/pelletier/go-toml/v2/internal/characters" @@ -83,10 +84,18 @@ func (p *Parser) rangeOfToken(token, rest []byte) Range { } // subsliceOffset returns the byte offset of subslice b within p.data. -// b must be a suffix (tail) of p.data. +// b must share the same backing array as p.data. func (p *Parser) subsliceOffset(b []byte) int { - // b is a suffix of p.data, so its offset is len(p.data) - len(b) - return len(p.data) - len(b) + if len(b) == 0 { + return len(p.data) + } + dataPtr := reflect.ValueOf(p.data).Pointer() + subPtr := reflect.ValueOf(b).Pointer() + offset := int(subPtr - dataPtr) + if offset < 0 || offset > len(p.data) { + panic("subslice is not within data") + } + return offset } // Raw returns the slice corresponding to the bytes in the given range. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/register.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/register.go index 6f42984834..de160b72d3 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/register.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/register.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/resource.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/resource.go index e467c2bfa8..e53da32efe 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/resource.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/resource.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go index d80946fd4d..0240f072d1 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -557,6 +557,10 @@ type AlertmanagerGlobalConfig struct { // wechat defines the default WeChat Config // +optional WeChatConfig *GlobalWeChatConfig `json:"wechat,omitempty"` + + // mattermost defines the default Mattermost Config + // +optional + MattermostConfig *GlobalMattermostConfig `json:"mattermost,omitempty"` } // AlertmanagerStatus is the most recent observed status of the Alertmanager cluster. Read-only. @@ -772,6 +776,16 @@ type GlobalVictorOpsConfig struct { APIKey *v1.SecretKeySelector `json:"apiKey,omitempty"` } +// GlobalMattermostConfig configures global Mattermost parameters. +type GlobalMattermostConfig struct { + // webhookURL defines the default Mattermost Webhook URL. + // + // It requires Alertmanager >= v0.32.0. + // + // +optional + WebhookURL *v1.SecretKeySelector `json:"webhookURL,omitempty"` +} + // HostPort represents a "host:port" network address. type HostPort struct { // host defines the host's address, it can be a DNS name or a literal IP address. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/dns_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/dns_types.go index d68b698312..1a9d27e82c 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/dns_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/dns_types.go @@ -1,4 +1,4 @@ -// Copyright 2024 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/doc.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/doc.go index 64c4725273..61ef677d2c 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/doc.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/doc.go @@ -1,4 +1,4 @@ -// Copyright 2017 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/http_config.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/http_config.go index 1590d23e09..64f07b213f 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/http_config.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/http_config.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go index d7da9bdcaa..0811492c12 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go index dc7ad44ee9..0fd821ba83 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go index e0e62c2f34..b6ee7e7e4f 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -118,6 +118,7 @@ type EnableFeature string // CommonPrometheusFields are the options available to both the Prometheus server and agent. // +k8s:deepcopy-gen=true +// +kubebuilder:validation:XValidation:rule="!has(self.shardingStrategy) || !has(self.shardingStrategy.mode) || self.shardingStrategy.mode != 'Topology' || !has(self.shardingStrategy.topology) || !has(self.shardingStrategy.topology.values) || self.shardingStrategy.topology.values.size() == 0 || (has(self.shards) ? self.shards : 1) >= self.shardingStrategy.topology.values.size()",message="shards must be greater than or equal to the number of topology values when sharding strategy mode is Topology" type CommonPrometheusFields struct { // podMetadata defines labels and annotations which are propagated to the Prometheus pods. // @@ -202,7 +203,8 @@ type CommonPrometheusFields struct { // of the custom resource definition. It is recommended to use // `spec.additionalScrapeConfigs` instead. // - // Note that the ScrapeConfig custom resource definition is currently at Alpha level. + // Note that the ScrapeConfig custom resource definition is currently at Alpha level + // and will be graduated to Beta in a future release. // // +optional ScrapeConfigSelector *metav1.LabelSelector `json:"scrapeConfigSelector,omitempty"` @@ -210,7 +212,8 @@ type CommonPrometheusFields struct { // matches all namespaces. A null label selector matches the current // namespace only. // - // Note that the ScrapeConfig custom resource definition is currently at Alpha level. + // Note that the ScrapeConfig custom resource definition is currently at Alpha level + // and will be graduated to Beta in a future release. // // +optional ScrapeConfigNamespaceSelector *metav1.LabelSelector `json:"scrapeConfigNamespaceSelector,omitempty"` @@ -289,6 +292,14 @@ type CommonPrometheusFields struct { // +optional Shards *int32 `json:"shards,omitempty"` + // shardingStrategy defines the sharding strategy for distributing scraped targets across Prometheus shards. + // + // When not defined, the operator defaults to the 'Address' mode which distributes + // targets based on a hash of the target address. + // + // +optional + ShardingStrategy *ShardingStrategy `json:"shardingStrategy,omitempty"` + // replicaExternalLabelName defines the name of Prometheus external label used to denote the replica name. // The external label will _not_ be added when the field is set to the // empty string (`""`). @@ -1345,7 +1356,9 @@ var ( ) type RetainConfig struct { - // retentionPeriod defines the retentionPeriod for shard retention policy. + // retentionPeriod defines how long the scaled-down shard(s) need to be + // kept before being deleted. + // // +required RetentionPeriod Duration `json:"retentionPeriod"` } @@ -1356,15 +1369,77 @@ type ShardRetentionPolicy struct { // * `Retain`, the operator will keep the pods from the scaled-down shard(s), so the data can still be queried. // // If not defined, the operator assumes the `Delete` value. + // // +kubebuilder:validation:Enum=Retain;Delete // +optional WhenScaled *WhenScaledRetentionType `json:"whenScaled,omitempty"` - // retain defines the config for retention when the retention policy is set to `Retain`. - // This field is ineffective as of now. + // retain defines the config for retention when the retention policy is set + // to `Retain`. + // + // If not defined, the operator will use the retention duration configured + // for the Prometheus data. If the resource uses size-based retention, the + // shard(s) are kept forever (unless manually deleted). + // // +optional Retain *RetainConfig `json:"retain,omitempty"` } +// ShardingStrategyMode defines the sharding mode for Prometheus. +// +kubebuilder:validation:Enum=Address;Topology +type ShardingStrategyMode string + +const ( + // AddressShardingStrategyMode is the default sharding mode. + // Targets are distributed across shards based on a hash of the target address. + AddressShardingStrategyMode ShardingStrategyMode = "Address" + + // TopologyShardingStrategyMode enables zone-aware sharding. + // Each shard is assigned to a specific topology zone and only scrapes targets in that zone. + // (Alpha) Using this mode requires the `PrometheusTopologySharding` feature gate to be enabled. + TopologyShardingStrategyMode ShardingStrategyMode = "Topology" +) + +// TopologyShardingStrategy defines the configuration for topology-aware sharding. +type TopologyShardingStrategy struct { + // externalLabelName defines the name of the Prometheus external label used + // to communicate the topology zone assigned to the Prometheus instance. + // If not defined, it defaults to "zone". + // If set to the empty string, no external label is added to the Prometheus configuration. + // + // +optional + ExternalLabelName *string `json:"externalLabelName,omitempty"` + + // values defines the list of topology values (e.g. zone names) to be used + // for sharding. The configured number of shards must be greater than or + // equal to the number of values. + // + // +listType=atomic + // +optional + Values []string `json:"values,omitempty"` +} + +// ShardingStrategy defines the sharding strategy for Prometheus. +// +kubebuilder:validation:XValidation:rule="!has(self.topology) || (has(self.mode) && self.mode == 'Topology')",message="topology can only be defined when mode is set to 'Topology'" +type ShardingStrategy struct { + // mode defines the sharding mode. Can be 'Address' or 'Topology'. + // + // 'Address' is the default mode and distributes targets across shards + // based on a hash of the target address. + // + // 'Topology' enables zone-aware sharding where each shard is assigned to a + // specific topology zone and only scrapes targets in that zone. + // (Alpha) Using the 'Topology' mode requires the `PrometheusTopologySharding` + // feature gate to be enabled. + // + // +optional + Mode *ShardingStrategyMode `json:"mode,omitempty"` + + // topology defines the configuration for topology-aware sharding. + // This field is only valid when mode is set to 'Topology'. + // +optional + Topology *TopologyShardingStrategy `json:"topology,omitempty"` +} + // PrometheusStatus is the most recent observed status of the Prometheus cluster. // More info: // https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status @@ -1579,10 +1654,10 @@ type ThanosSpec struct { // grpcServerTlsConfig defines the TLS parameters for the gRPC server providing the StoreAPI. // - // Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported. + // Note: Currently only the `minVersion`, `caFile`, `certFile`, `keyFile`, `cipherSuites` and `curves` fields are supported. // // +optional - GRPCServerTLSConfig *TLSConfig `json:"grpcServerTlsConfig,omitempty"` + GRPCServerTLSConfig *GRPCServerTLSConfig `json:"grpcServerTlsConfig,omitempty"` // logLevel for the Thanos sidecar. // +kubebuilder:validation:Enum="";debug;info;warn;error @@ -1867,6 +1942,7 @@ type QueueConfig struct { // Sigv4 defines AWS's Signature Verification 4 signing process to // sign requests. +// +kubebuilder:validation:XValidation:rule="!has(self.externalId) || has(self.roleArn)",message="externalId can only be used when roleArn is specified" // +k8s:openapi-gen=true type Sigv4 struct { // region defines the AWS region. If blank, the region from the default credentials chain used. @@ -1886,6 +1962,12 @@ type Sigv4 struct { // roleArn defines the named AWS profile used to authenticate. // +optional RoleArn string `json:"roleArn,omitempty"` + // externalId defines the external ID used when assuming an AWS role. Can only be used with roleArn. + // It requires Prometheus >= v3.11.0 or Alertmanager >= v0.33.0. Currently not supported by Thanos. + // + // +kubebuilder:validation:MinLength=1 + // +optional + ExternalID string `json:"externalId,omitempty"` // useFIPSSTSEndpoint defines the FIPS mode for the AWS STS endpoint. // It requires Prometheus >= v2.54.0. // diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go index 439b57c53f..e7f80b52c1 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/register.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/register.go index 37786147ab..1e8ec0c706 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/register.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/register.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go index 90bcd79974..d7a9be6aca 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go index a78f5a3d18..b31e02d621 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go @@ -1,4 +1,4 @@ -// Copyright 2020 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -453,10 +453,10 @@ type ThanosRulerSpec struct { // grpcServerTlsConfig defines the gRPC server from which Thanos Querier reads // recorded rule data. // - // Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported. + // Note: Currently only the `minVersion`, `caFile`, `certFile`, `keyFile`, `cipherSuites` and `curves` fields are supported. // // +optional - GRPCServerTLSConfig *TLSConfig `json:"grpcServerTlsConfig,omitempty"` + GRPCServerTLSConfig *GRPCServerTLSConfig `json:"grpcServerTlsConfig,omitempty"` // alertQueryUrl defines how Thanos Ruler will set in the 'Source' field // of all alerts. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/tls_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/tls_types.go index 51e6835279..8a977fc593 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/tls_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/tls_types.go @@ -1,4 +1,4 @@ -// Copyright 2025 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -38,6 +38,43 @@ type TLSConfig struct { TLSFilesConfig `json:",inline"` } +// GRPCServerTLSConfig defines TLS configuration for a gRPC server. +// +k8s:openapi-gen=true +type GRPCServerTLSConfig struct { + TLSConfig `json:",inline"` + + // cipherSuites defines the list of supported cipher suites for TLS + // versions up to TLS 1.2. + // + // If not defined, the Go default cipher suites are used. + // Available cipher suites are documented in the Go documentation: + // https://golang.org/pkg/crypto/tls/#pkg-constants + // + // + // It requires Thanos >= v0.42.0. Note that the operator doesn't verify if + // the Thanos version supports the provided values. + // + // +optional + // +listType=set + // +kubebuilder:validation:MinItems=1 + CipherSuites []string `json:"cipherSuites,omitempty"` + + // curves defines the list of preferred elliptic curves for + // TLS handshakes. + // + // If not defined, the Go default curves are used. + // Available curves are documented in the Go documentation: + // https://golang.org/pkg/crypto/tls/#CurveID + // + // It requires Thanos >= v0.42.0. Note that the operator doesn't verify if + // the Thanos version supports the provided values. + // + // +optional + // +listType=set + // +kubebuilder:validation:MinItems=1 + Curves []string `json:"curves,omitempty"` +} + // Validate semantically validates the given TLSConfig. func (c *TLSConfig) Validate() error { if c == nil { diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go index 36db7f95d3..520efc21f5 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go @@ -1,4 +1,4 @@ -// Copyright 2018 The prometheus-operator Authors +// Copyright The prometheus-operator Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go index fec9816d4a..83a1648ce0 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go @@ -283,6 +283,11 @@ func (in *AlertmanagerGlobalConfig) DeepCopyInto(out *AlertmanagerGlobalConfig) *out = new(GlobalWeChatConfig) (*in).DeepCopyInto(*out) } + if in.MattermostConfig != nil { + in, out := &in.MattermostConfig, &out.MattermostConfig + *out = new(GlobalMattermostConfig) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlertmanagerGlobalConfig. @@ -879,6 +884,11 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) { *out = new(int32) **out = **in } + if in.ShardingStrategy != nil { + in, out := &in.ShardingStrategy, &out.ShardingStrategy + *out = new(ShardingStrategy) + (*in).DeepCopyInto(*out) + } if in.ReplicaExternalLabelName != nil { in, out := &in.ReplicaExternalLabelName, &out.ReplicaExternalLabelName *out = new(string) @@ -1478,6 +1488,32 @@ func (in *Exemplars) DeepCopy() *Exemplars { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GRPCServerTLSConfig) DeepCopyInto(out *GRPCServerTLSConfig) { + *out = *in + in.TLSConfig.DeepCopyInto(&out.TLSConfig) + if in.CipherSuites != nil { + in, out := &in.CipherSuites, &out.CipherSuites + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Curves != nil { + in, out := &in.Curves, &out.Curves + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCServerTLSConfig. +func (in *GRPCServerTLSConfig) DeepCopy() *GRPCServerTLSConfig { + if in == nil { + return nil + } + out := new(GRPCServerTLSConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GlobalJiraConfig) DeepCopyInto(out *GlobalJiraConfig) { *out = *in @@ -1498,6 +1534,26 @@ func (in *GlobalJiraConfig) DeepCopy() *GlobalJiraConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GlobalMattermostConfig) DeepCopyInto(out *GlobalMattermostConfig) { + *out = *in + if in.WebhookURL != nil { + in, out := &in.WebhookURL, &out.WebhookURL + *out = new(corev1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalMattermostConfig. +func (in *GlobalMattermostConfig) DeepCopy() *GlobalMattermostConfig { + if in == nil { + return nil + } + out := new(GlobalMattermostConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GlobalRocketChatConfig) DeepCopyInto(out *GlobalRocketChatConfig) { *out = *in @@ -3632,6 +3688,31 @@ func (in *ShardStatus) DeepCopy() *ShardStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ShardingStrategy) DeepCopyInto(out *ShardingStrategy) { + *out = *in + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(ShardingStrategyMode) + **out = **in + } + if in.Topology != nil { + in, out := &in.Topology, &out.Topology + *out = new(TopologyShardingStrategy) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShardingStrategy. +func (in *ShardingStrategy) DeepCopy() *ShardingStrategy { + if in == nil { + return nil + } + out := new(ShardingStrategy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Sigv4) DeepCopyInto(out *Sigv4) { *out = *in @@ -4015,7 +4096,7 @@ func (in *ThanosRulerSpec) DeepCopyInto(out *ThanosRulerSpec) { } if in.GRPCServerTLSConfig != nil { in, out := &in.GRPCServerTLSConfig, &out.GRPCServerTLSConfig - *out = new(TLSConfig) + *out = new(GRPCServerTLSConfig) (*in).DeepCopyInto(*out) } if in.MinReadySeconds != nil { @@ -4168,7 +4249,7 @@ func (in *ThanosSpec) DeepCopyInto(out *ThanosSpec) { } if in.GRPCServerTLSConfig != nil { in, out := &in.GRPCServerTLSConfig, &out.GRPCServerTLSConfig - *out = new(TLSConfig) + *out = new(GRPCServerTLSConfig) (*in).DeepCopyInto(*out) } if in.VolumeMounts != nil { @@ -4195,6 +4276,31 @@ func (in *ThanosSpec) DeepCopy() *ThanosSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TopologyShardingStrategy) DeepCopyInto(out *TopologyShardingStrategy) { + *out = *in + if in.ExternalLabelName != nil { + in, out := &in.ExternalLabelName, &out.ExternalLabelName + *out = new(string) + **out = **in + } + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopologyShardingStrategy. +func (in *TopologyShardingStrategy) DeepCopy() *TopologyShardingStrategy { + if in == nil { + return nil + } + out := new(TopologyShardingStrategy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TopologySpreadConstraint) DeepCopyInto(out *TopologySpreadConstraint) { *out = *in diff --git a/vendor/github.com/protocolbuffers/txtpbfmt/impl/impl.go b/vendor/github.com/protocolbuffers/txtpbfmt/impl/impl.go index 22422c9a46..22726dbf30 100644 --- a/vendor/github.com/protocolbuffers/txtpbfmt/impl/impl.go +++ b/vendor/github.com/protocolbuffers/txtpbfmt/impl/impl.go @@ -221,10 +221,23 @@ func addToConfig(metaComment string, c *config.Config) error { c.Disable = true case "expand_all_children": c.ExpandAllChildren = true + case "field_sort_order": + if !hasEqualSign { + return fmt.Errorf("format should be %s=, got: %s", key, metaComment) + } + parts := strings.SplitN(val, ":", 2) + if len(parts) != 2 { + return fmt.Errorf("format should be %s=NodeName:field1 field2..., got: %s", key, metaComment) + } + nodeName := strings.TrimSpace(parts[0]) + fields := strings.Fields(parts[1]) + c.AddFieldSortOrder(nodeName, fields...) case "preserve_angle_brackets": c.PreserveAngleBrackets = true case "remove_duplicate_values_for_repeated_fields": c.RemoveDuplicateValuesForRepeatedFields = true + case "require_field_sort_order_to_match_all_fields_in_node": + c.RequireFieldSortOrderToMatchAllFieldsInNode = true case "skip_all_colons": c.SkipAllColons = true case "smartquotes": diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/envelope.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/envelope.go index 8e48cc6fe1..9330576502 100644 --- a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/envelope.go +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/envelope.go @@ -1,8 +1,10 @@ package dsse import ( + "bytes" "encoding/base64" "fmt" + "strconv" ) /* @@ -42,9 +44,27 @@ PAE implements the DSSE Pre-Authentic Encoding https://github.com/secure-systems-lab/dsse/blob/master/protocol.md#signature-definition */ func PAE(payloadType string, payload []byte) []byte { - return []byte(fmt.Sprintf("DSSEv1 %d %s %d %s", - len(payloadType), payloadType, - len(payload), payload)) + // Pre-size to avoid reallocation. Previously fmt.Sprintf copied payload + // into a string and []byte(...) copied it again. + const prefix = "DSSEv1 " + const sep = " " + // Max decimal digits for a non-negative int (len() result) on any + // platform: len("9223372036854775807") == 19. Grow is a hint, so a + // slight overestimate is harmless. + const maxDecimalLen = 19 + var b bytes.Buffer + b.Grow(len(prefix) + + maxDecimalLen + len(sep) + len(payloadType) + len(sep) + + maxDecimalLen + len(sep) + len(payload)) + b.WriteString(prefix) + b.WriteString(strconv.Itoa(len(payloadType))) + b.WriteByte(' ') + b.WriteString(payloadType) + b.WriteByte(' ') + b.WriteString(strconv.Itoa(len(payload))) + b.WriteByte(' ') + b.Write(payload) + return b.Bytes() } /* diff --git a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/verify.go b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/verify.go index 034e4faaf3..5c83d2ec02 100644 --- a/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/verify.go +++ b/vendor/github.com/secure-systems-lab/go-securesystemslib/dsse/verify.go @@ -24,18 +24,26 @@ type AcceptedKey struct { } func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]AcceptedKey, error) { + keys, _, err := ev.VerifyAndDecode(ctx, e) + return keys, err +} + +// VerifyAndDecode behaves identically to Verify but also returns the decoded +// envelope payload, allowing callers who need the payload bytes (e.g., for +// hashing or further parsing) to avoid a second base64 decode. +func (ev *EnvelopeVerifier) VerifyAndDecode(ctx context.Context, e *Envelope) ([]AcceptedKey, []byte, error) { if e == nil { - return nil, errors.New("cannot verify a nil envelope") + return nil, nil, errors.New("cannot verify a nil envelope") } if len(e.Signatures) == 0 { - return nil, ErrNoSignature + return nil, nil, ErrNoSignature } // Decode payload (i.e serialized body) body, err := e.DecodeB64Payload() if err != nil { - return nil, err + return nil, nil, err } // Generate PAE(payloadtype, serialized body) paeEnc := PAE(e.PayloadType, body) @@ -48,7 +56,7 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted for _, s := range e.Signatures { sig, err := b64Decode(s.Sig) if err != nil { - return nil, err + return nil, nil, err } // Loop over the providers. @@ -97,14 +105,14 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted // Sanity if with some reflect magic this happens. if ev.threshold <= 0 || ev.threshold > len(ev.providers) { - return nil, errors.New("invalid threshold") + return nil, nil, errors.New("invalid threshold") } if len(usedKeyids) < ev.threshold { - return acceptedKeys, fmt.Errorf("accepted signatures do not match threshold, Found: %d, Expected %d", len(acceptedKeys), ev.threshold) + return acceptedKeys, nil, fmt.Errorf("accepted signatures do not match threshold, Found: %d, Expected %d", len(acceptedKeys), ev.threshold) } - return acceptedKeys, nil + return acceptedKeys, body, nil } func NewEnvelopeVerifier(v ...Verifier) (*EnvelopeVerifier, error) { diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify.go index 6caf1a4ddb..4d99def26e 100644 --- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify.go +++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify.go @@ -144,6 +144,17 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { NewBundleFormat: c.NewBundleFormat, } + // Check to see if we are using the new bundle format or not + if !c.LocalImage { + ref, err := name.ParseReference(images[0], c.NameOptions...) + if err == nil && !c.NewBundleFormat { + newBundles, _, err := cosign.GetBundles(ctx, ref, co) + if len(newBundles) > 0 && err == nil { + co.NewBundleFormat = true + } + } + } + if c.TrustedRootPath != "" { co.TrustedMaterial, err = root.NewTrustedRootFromPath(c.TrustedRootPath) if err != nil { @@ -161,7 +172,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { } } - if c.NewBundleFormat { + if co.NewBundleFormat { if c.CertRef != "" { return fmt.Errorf("unsupported: certificate may not be provided using --certificate when using --new-bundle-format (cert must be in bundle)") } @@ -184,7 +195,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { } // If we are using signed timestamps and there is no trusted root, we need to load the TSA certificates - if co.UseSignedTimestamps && co.TrustedMaterial == nil && !c.NewBundleFormat { + if co.UseSignedTimestamps && co.TrustedMaterial == nil && !co.NewBundleFormat { tsaCertificates, err := cosign.GetTSACerts(ctx, c.TSACertChainPath, cosign.GetTufTargets) if err != nil { return fmt.Errorf("unable to load TSA certificates: %w", err) @@ -194,7 +205,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { co.TSAIntermediateCertificates = tsaCertificates.IntermediateCerts } - if !c.IgnoreTlog && !c.NewBundleFormat { + if !c.IgnoreTlog && !co.NewBundleFormat { if c.RekorURL != "" { rekorClient, err := rekor.NewClient(c.RekorURL) if err != nil { @@ -251,7 +262,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { return fmt.Errorf("initializing piv token verifier: %w", err) } case certRef != "": - if c.NewBundleFormat { + if co.NewBundleFormat { // This shouldn't happen because we already checked for this above in checkSigstoreBundleUnsupportedOptions return fmt.Errorf("unsupported: certificate reference currently not supported with --new-bundle-format") } @@ -322,7 +333,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { var bundleVerified bool if c.LocalImage { - if c.NewBundleFormat { + if co.NewBundleFormat { verified, bundleVerified, err = cosign.VerifyLocalImageAttestations(ctx, img, co) if err != nil { return err @@ -341,7 +352,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { return fmt.Errorf("parsing reference: %w", err) } - if c.NewBundleFormat { + if co.NewBundleFormat { // OCI bundle always contains attestation verified, bundleVerified, err = cosign.VerifyImageAttestations(ctx, ref, co) if err != nil { diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify_attestation.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify_attestation.go index 9c53a70dc2..d34525e645 100644 --- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify_attestation.go +++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify_attestation.go @@ -121,6 +121,18 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e UseSignedTimestamps: c.TSACertChainPath != "" || c.UseSignedTimestamps, NewBundleFormat: c.NewBundleFormat, } + + // Check to see if we are using the new bundle format or not + if !c.LocalImage { + ref, err := name.ParseReference(images[0], c.NameOptions...) + if err == nil && !c.NewBundleFormat { + newBundles, _, err := cosign.GetBundles(ctx, ref, co) + if len(newBundles) > 0 && err == nil { + co.NewBundleFormat = true + } + } + } + if c.CheckClaims { co.ClaimVerifier = cosign.IntotoSubjectClaimVerifier } @@ -141,7 +153,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e } } - if c.NewBundleFormat { + if co.NewBundleFormat { if err = checkSigstoreBundleUnsupportedOptions(c); err != nil { return err } @@ -151,7 +163,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e } // Ignore Signed Certificate Timestamp if the flag is set or a key is provided - if co.TrustedMaterial == nil && shouldVerifySCT(c.IgnoreSCT, c.KeyRef, c.Sk) && !c.NewBundleFormat { + if co.TrustedMaterial == nil && shouldVerifySCT(c.IgnoreSCT, c.KeyRef, c.Sk) && !co.NewBundleFormat { co.CTLogPubKeys, err = cosign.GetCTLogPubs(ctx) if err != nil { return fmt.Errorf("getting ctlog public keys: %w", err) @@ -159,7 +171,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e } // If we are using signed timestamps, we need to load the TSA certificates - if co.UseSignedTimestamps && co.TrustedMaterial == nil && !c.NewBundleFormat { + if co.UseSignedTimestamps && co.TrustedMaterial == nil && !co.NewBundleFormat { tsaCertificates, err := cosign.GetTSACerts(ctx, c.TSACertChainPath, cosign.GetTufTargets) if err != nil { return fmt.Errorf("unable to load TSA certificates: %w", err) @@ -217,7 +229,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e return fmt.Errorf("initializing piv token verifier: %w", err) } case c.CertRef != "": - if c.NewBundleFormat { + if co.NewBundleFormat { // This shouldn't happen because we already checked for this above in checkSigstoreBundleUnsupportedOptions return fmt.Errorf("unsupported: certificate reference currently not supported with --new-bundle-format") } @@ -260,7 +272,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e co.SCT = sct } case c.TrustedRootPath != "": - if !c.NewBundleFormat { + if !co.NewBundleFormat { return fmt.Errorf("unsupported: trusted root path currently only supported with --new-bundle-format") } diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify_blob_attestation.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify_blob_attestation.go index de50f4ab96..4919aed78d 100644 --- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify_blob_attestation.go +++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/verify/verify_blob_attestation.go @@ -247,6 +247,41 @@ func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath st return err } + sigContent, err := bundle.SignatureContent() + if err != nil { + return fmt.Errorf("fetching signature content: %w", err) + } + + envContent := sigContent.EnvelopeContent() + if envContent == nil { + return fmt.Errorf("bundle does not contain a DSSE envelope") + } + + rawEnv := envContent.RawEnvelope() + if rawEnv == nil { + return fmt.Errorf("bundle does not contain a raw DSSE envelope") + } + + payloadBytes, err := json.Marshal(rawEnv) + if err != nil { + return fmt.Errorf("marshaling envelope: %w", err) + } + + att, err := static.NewAttestation(payloadBytes) + if err != nil { + return fmt.Errorf("creating attestation from envelope: %w", err) + } + + // This checks the predicate type -- if no error is returned and no payload is, then + // the attestation is not of the given predicate type. + b, gotPredicateType, err := policy.AttestationToPayloadJSON(ctx, c.PredicateType, att) + if err != nil { + return fmt.Errorf("converting to consumable policy validation: %w", err) + } + if b == nil { + return fmt.Errorf("invalid predicate type, expected %s got %s", c.PredicateType, gotPredicateType) + } + ui.Infof(ctx, "Verified OK") return nil } @@ -415,7 +450,11 @@ func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath st // This checks the predicate type -- if no error is returned and no payload is, then // the attestation is not of the given predicate type. - if b, gotPredicateType, err := policy.AttestationToPayloadJSON(ctx, c.PredicateType, signature); b == nil && err == nil { + b, gotPredicateType, err := policy.AttestationToPayloadJSON(ctx, c.PredicateType, signature) + if err != nil { + return fmt.Errorf("converting to consumable policy validation: %w", err) + } + if b == nil { return fmt.Errorf("invalid predicate type, expected %s got %s", c.PredicateType, gotPredicateType) } diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go index 6c8e34e811..7bd95a91f1 100644 --- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go +++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go @@ -1620,7 +1620,7 @@ func verifyImageSignaturesExperimentalOCI(ctx context.Context, signedImgRef name return verifySignatures(ctx, sigs, h, co) } -func getBundles(_ context.Context, signedImgRef name.Reference, co *CheckOpts) ([]*sgbundle.Bundle, *v1.Hash, error) { +func GetBundles(_ context.Context, signedImgRef name.Reference, co *CheckOpts) ([]*sgbundle.Bundle, *v1.Hash, error) { // This is a carefully optimized sequence for fetching the signatures of the // entity that minimizes registry requests when supplied with a digest input digest, err := ociremote.ResolveDigest(signedImgRef, co.RegistryClientOpts...) @@ -1667,7 +1667,7 @@ func getBundles(_ context.Context, signedImgRef name.Reference, co *CheckOpts) ( // verifyImageAttestationsSigstoreBundle verifies attestations from attached sigstore bundles func verifyImageAttestationsSigstoreBundle(ctx context.Context, signedImgRef name.Reference, co *CheckOpts) (checkedAttestations []oci.Signature, atLeastOneBundleVerified bool, err error) { - bundles, hash, err := getBundles(ctx, signedImgRef, co) + bundles, hash, err := GetBundles(ctx, signedImgRef, co) if err != nil { return nil, false, err } diff --git a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1/sigstore_bundle.pb.go b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1/sigstore_bundle.pb.go index 9d43f66c0f..128977e5e1 100644 --- a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1/sigstore_bundle.pb.go +++ b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1/sigstore_bundle.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 +// protoc-gen-go v1.36.10 +// protoc v7.34.1 // source: sigstore_bundle.proto package v1 @@ -387,85 +387,27 @@ func (*Bundle_DsseEnvelope) isBundle_Content() {} var File_sigstore_bundle_proto protoreflect.FileDescriptor -var file_sigstore_bundle_proto_rawDesc = string([]byte{ - 0x0a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x16, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x1a, - 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, - 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x0e, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x14, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x5f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7a, 0x0a, - 0x19, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x5d, 0x0a, 0x12, 0x72, 0x66, - 0x63, 0x33, 0x31, 0x36, 0x31, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, - 0x52, 0x46, 0x43, 0x33, 0x31, 0x36, 0x31, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x54, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x11, 0x72, 0x66, 0x63, 0x33, 0x31, 0x36, 0x31, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x22, 0xf4, 0x03, 0x0a, 0x14, 0x56, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x65, 0x72, 0x69, - 0x61, 0x6c, 0x12, 0x51, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, - 0x69, 0x65, 0x72, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x69, 0x0a, 0x16, 0x78, 0x35, 0x30, 0x39, 0x5f, 0x63, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x58, - 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, - 0x61, 0x69, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x14, 0x78, 0x35, 0x30, 0x39, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, - 0x12, 0x50, 0x0a, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x58, - 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x12, 0x4e, 0x0a, 0x0c, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x69, - 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, - 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x74, 0x6c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x69, - 0x65, 0x73, 0x12, 0x71, 0x0a, 0x1b, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x5f, - 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x61, 0x74, - 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, - 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x2e, 0x76, 0x31, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x52, 0x19, 0x74, 0x69, 0x6d, 0x65, - 0x73, 0x74, 0x61, 0x6d, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x44, 0x61, 0x74, 0x61, 0x42, 0x09, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, - 0x22, 0xbf, 0x02, 0x0a, 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, - 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x66, 0x0a, 0x15, 0x76, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x61, 0x74, 0x65, 0x72, - 0x69, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x2e, - 0x76, 0x31, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, - 0x61, 0x74, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x14, 0x76, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x65, 0x72, 0x69, - 0x61, 0x6c, 0x12, 0x5c, 0x0a, 0x11, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, - 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, - 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x69, - 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x10, - 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x12, 0x3f, 0x0a, 0x0d, 0x64, 0x73, 0x73, 0x65, 0x5f, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, - 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x69, 0x6f, 0x2e, 0x69, 0x6e, 0x74, - 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x42, 0x03, 0xe0, 0x41, - 0x02, 0x48, 0x00, 0x52, 0x0c, 0x64, 0x73, 0x73, 0x65, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, - 0x65, 0x42, 0x09, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x4a, 0x04, 0x08, 0x05, - 0x10, 0x33, 0x42, 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x2e, - 0x76, 0x31, 0x42, 0x0b, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, - 0x01, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, - 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, - 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, - 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, 0x53, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x3a, 0x3a, 0x56, 0x31, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -}) +const file_sigstore_bundle_proto_rawDesc = "" + + "\n" + + "\x15sigstore_bundle.proto\x12\x16dev.sigstore.bundle.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x0eenvelope.proto\x1a\x15sigstore_common.proto\x1a\x14sigstore_rekor.proto\"z\n" + + "\x19TimestampVerificationData\x12]\n" + + "\x12rfc3161_timestamps\x18\x01 \x03(\v2..dev.sigstore.common.v1.RFC3161SignedTimestampR\x11rfc3161Timestamps\"\xf4\x03\n" + + "\x14VerificationMaterial\x12Q\n" + + "\n" + + "public_key\x18\x01 \x01(\v2+.dev.sigstore.common.v1.PublicKeyIdentifierB\x03\xe0A\x02H\x00R\tpublicKey\x12i\n" + + "\x16x509_certificate_chain\x18\x02 \x01(\v2,.dev.sigstore.common.v1.X509CertificateChainB\x03\xe0A\x02H\x00R\x14x509CertificateChain\x12P\n" + + "\vcertificate\x18\x05 \x01(\v2'.dev.sigstore.common.v1.X509CertificateB\x03\xe0A\x02H\x00R\vcertificate\x12N\n" + + "\ftlog_entries\x18\x03 \x03(\v2+.dev.sigstore.rekor.v1.TransparencyLogEntryR\vtlogEntries\x12q\n" + + "\x1btimestamp_verification_data\x18\x04 \x01(\v21.dev.sigstore.bundle.v1.TimestampVerificationDataR\x19timestampVerificationDataB\t\n" + + "\acontent\"\xbf\x02\n" + + "\x06Bundle\x12\x1d\n" + + "\n" + + "media_type\x18\x01 \x01(\tR\tmediaType\x12f\n" + + "\x15verification_material\x18\x02 \x01(\v2,.dev.sigstore.bundle.v1.VerificationMaterialB\x03\xe0A\x02R\x14verificationMaterial\x12\\\n" + + "\x11message_signature\x18\x03 \x01(\v2(.dev.sigstore.common.v1.MessageSignatureB\x03\xe0A\x02H\x00R\x10messageSignature\x12?\n" + + "\rdsse_envelope\x18\x04 \x01(\v2\x13.io.intoto.EnvelopeB\x03\xe0A\x02H\x00R\fdsseEnvelopeB\t\n" + + "\acontentJ\x04\b\x05\x103B|\n" + + "\x1cdev.sigstore.proto.bundle.v1B\vBundleProtoP\x01Z6github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1\xea\x02\x14Sigstore::Bundle::V1b\x06proto3" var ( file_sigstore_bundle_proto_rawDescOnce sync.Once diff --git a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go index 5f339b2d78..4730718f47 100644 --- a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 +// protoc-gen-go v1.36.10 +// protoc v7.34.1 // source: sigstore_common.proto package v1 @@ -51,8 +51,14 @@ const ( HashAlgorithm_SHA2_256 HashAlgorithm = 1 HashAlgorithm_SHA2_384 HashAlgorithm = 2 HashAlgorithm_SHA2_512 HashAlgorithm = 3 - HashAlgorithm_SHA3_256 HashAlgorithm = 4 - HashAlgorithm_SHA3_384 HashAlgorithm = 5 + // Used for LMS + // + // Deprecated: Marked as deprecated in sigstore_common.proto. + HashAlgorithm_SHA3_256 HashAlgorithm = 4 + // Used for LMS + // + // Deprecated: Marked as deprecated in sigstore_common.proto. + HashAlgorithm_SHA3_384 HashAlgorithm = 5 ) // Enum value maps for HashAlgorithm. @@ -161,9 +167,7 @@ const ( // LMS and LM-OTS // // These algorithms are deprecated and should not be used. - // Keys and signatures MAY be used by private Sigstore - // deployments, but will not be supported by the public - // good instance. + // There are no plans to support SLH-DSA at this time. // // USER WARNING: LMS and LM-OTS are both stateful signature schemes. // Using them correctly requires discretion and careful consideration @@ -179,18 +183,21 @@ const ( PublicKeyDetails_LMOTS_SHA256 PublicKeyDetails = 15 // ML-DSA // - // These ML_DSA_65 and ML-DSA_87 algorithms are the pure variants that - // take data to sign rather than the prehash variants (HashML-DSA), which - // take digests. While considered quantum-resistant, their usage + // These ML_DSA_44, ML_DSA_65 and ML-DSA_87 algorithms are the pure variants + // that take data to sign rather than the prehash variants (HashML-DSA), which + // take digests. While considered quantum-resistant, their usage // involves tradeoffs in that signatures and keys are much larger, and // this makes deployments more costly. // - // USER WARNING: ML_DSA_65 and ML_DSA_87 are experimental algorithms. + // USER WARNING: ML_DSA_44, ML_DSA_65 and ML_DSA_87 are experimental algorithms. // In the future they MAY be used by private Sigstore deployments, but - // they are not yet fully functional. This warning will be removed when + // they are not yet fully functional. This warning will be removed when // these algorithms are widely supported by Sigstore clients and servers, // but care should still be taken for production environments. - PublicKeyDetails_ML_DSA_65 PublicKeyDetails = 21 // See NIST FIPS 204 + // + // See NIST FIPS 204, RFC 9881 for algorithm identifiers + PublicKeyDetails_ML_DSA_44 PublicKeyDetails = 23 + PublicKeyDetails_ML_DSA_65 PublicKeyDetails = 21 PublicKeyDetails_ML_DSA_87 PublicKeyDetails = 22 ) @@ -218,6 +225,7 @@ var ( 20: "PKIX_ECDSA_P521_SHA_256", 14: "LMS_SHA256", 15: "LMOTS_SHA256", + 23: "ML_DSA_44", 21: "ML_DSA_65", 22: "ML_DSA_87", } @@ -243,6 +251,7 @@ var ( "PKIX_ECDSA_P521_SHA_256": 20, "LMS_SHA256": 14, "LMOTS_SHA256": 15, + "ML_DSA_44": 23, "ML_DSA_65": 21, "ML_DSA_87": 22, } @@ -1062,160 +1071,95 @@ func (x *TimeRange) GetEnd() *timestamppb.Timestamp { var File_sigstore_common_proto protoreflect.FileDescriptor -var file_sigstore_common_proto_rawDesc = string([]byte{ - 0x0a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x16, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x1a, - 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, - 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x69, 0x0a, 0x0a, 0x48, 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x12, - 0x43, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, - 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, - 0x69, 0x74, 0x68, 0x6d, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x80, 0x01, 0x0a, - 0x10, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x12, 0x49, 0x0a, 0x0e, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x64, 0x69, 0x67, - 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x52, 0x0d, 0x6d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x09, - 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, - 0x23, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, - 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6b, - 0x65, 0x79, 0x49, 0x64, 0x22, 0x48, 0x0a, 0x16, 0x52, 0x46, 0x43, 0x33, 0x31, 0x36, 0x31, 0x53, - 0x69, 0x67, 0x6e, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x2e, - 0x0a, 0x10, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0f, 0x73, - 0x69, 0x67, 0x6e, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xd9, - 0x01, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x09, - 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, - 0x00, 0x52, 0x08, 0x72, 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, 0x73, 0x88, 0x01, 0x01, 0x12, 0x49, - 0x0a, 0x0b, 0x6b, 0x65, 0x79, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x0a, 0x6b, - 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x43, 0x0a, 0x09, 0x76, 0x61, 0x6c, - 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x48, - 0x01, 0x52, 0x08, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x88, 0x01, 0x01, 0x42, 0x0c, - 0x0a, 0x0a, 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x42, 0x0c, 0x0a, 0x0a, - 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x22, 0x29, 0x0a, 0x13, 0x50, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, - 0x72, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x68, 0x69, 0x6e, 0x74, 0x22, 0x27, 0x0a, 0x10, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x13, 0x0a, 0x02, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x02, 0x69, 0x64, 0x22, 0x6d, - 0x0a, 0x19, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x61, 0x69, 0x72, 0x12, 0x3a, 0x0a, 0x03, 0x6f, - 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, - 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x52, 0x03, 0x6f, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x58, 0x0a, - 0x11, 0x44, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x75, 0x69, 0x73, 0x68, 0x65, 0x64, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, - 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x33, 0x0a, 0x0f, 0x58, 0x35, 0x30, 0x39, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x20, 0x0a, 0x09, 0x72, 0x61, - 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, - 0x41, 0x02, 0x52, 0x08, 0x72, 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9e, 0x01, 0x0a, - 0x16, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, - 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x46, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x53, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, - 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, - 0x18, 0x0a, 0x06, 0x72, 0x65, 0x67, 0x65, 0x78, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x00, 0x52, 0x06, 0x72, 0x65, 0x67, 0x65, 0x78, 0x70, 0x12, 0x16, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x42, 0x0a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x63, 0x0a, - 0x14, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x4b, 0x0a, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x64, 0x65, - 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x52, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x73, 0x22, 0x78, 0x0a, 0x09, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, - 0x30, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, - 0x74, 0x12, 0x31, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x48, 0x00, 0x52, 0x03, 0x65, 0x6e, - 0x64, 0x88, 0x01, 0x01, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x65, 0x6e, 0x64, 0x2a, 0x75, 0x0a, 0x0d, - 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1e, 0x0a, - 0x1a, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, - 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, - 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x53, - 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, - 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, - 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x33, 0x38, - 0x34, 0x10, 0x05, 0x2a, 0x8f, 0x05, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, - 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x22, 0x0a, 0x1e, 0x50, 0x55, 0x42, 0x4c, - 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x44, 0x45, 0x54, 0x41, 0x49, 0x4c, 0x53, 0x5f, 0x55, - 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x11, - 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, - 0x35, 0x10, 0x01, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x15, 0x0a, 0x0d, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x02, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x18, - 0x0a, 0x10, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x56, 0x35, 0x10, 0x03, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x14, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, - 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x04, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x21, - 0x0a, 0x1d, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x56, 0x31, 0x35, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, - 0x09, 0x12, 0x21, 0x0a, 0x1d, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, - 0x43, 0x53, 0x31, 0x56, 0x31, 0x35, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, - 0x35, 0x36, 0x10, 0x0a, 0x12, 0x21, 0x0a, 0x1d, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, - 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, 0x31, 0x35, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, - 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x1c, 0x0a, 0x18, 0x50, 0x4b, 0x49, 0x58, 0x5f, - 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, - 0x32, 0x35, 0x36, 0x10, 0x10, 0x12, 0x1c, 0x0a, 0x18, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, - 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, - 0x36, 0x10, 0x11, 0x12, 0x1c, 0x0a, 0x18, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, - 0x50, 0x53, 0x53, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, - 0x12, 0x12, 0x24, 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, - 0x50, 0x32, 0x35, 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, - 0x36, 0x10, 0x06, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, - 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, - 0x35, 0x36, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, - 0x53, 0x41, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x33, 0x38, 0x34, 0x10, - 0x0c, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, - 0x50, 0x35, 0x32, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x12, 0x10, - 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, - 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, - 0x5f, 0x50, 0x48, 0x10, 0x08, 0x12, 0x1f, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, - 0x44, 0x53, 0x41, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, - 0x10, 0x13, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x1f, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, - 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, - 0x36, 0x10, 0x14, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x12, 0x0a, 0x0a, 0x4c, 0x4d, 0x53, 0x5f, 0x53, - 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0e, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x14, 0x0a, 0x0c, 0x4c, - 0x4d, 0x4f, 0x54, 0x53, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0f, 0x1a, 0x02, 0x08, - 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x4d, 0x4c, 0x5f, 0x44, 0x53, 0x41, 0x5f, 0x36, 0x35, 0x10, 0x15, - 0x12, 0x0d, 0x0a, 0x09, 0x4d, 0x4c, 0x5f, 0x44, 0x53, 0x41, 0x5f, 0x38, 0x37, 0x10, 0x16, 0x22, - 0x04, 0x08, 0x17, 0x10, 0x32, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, - 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, - 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, - 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, - 0x03, 0x55, 0x52, 0x49, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, - 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03, 0x42, 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, - 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, - 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, - 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -}) +const file_sigstore_common_proto_rawDesc = "" + + "\n" + + "\x15sigstore_common.proto\x12\x16dev.sigstore.common.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"i\n" + + "\n" + + "HashOutput\x12C\n" + + "\talgorithm\x18\x01 \x01(\x0e2%.dev.sigstore.common.v1.HashAlgorithmR\talgorithm\x12\x16\n" + + "\x06digest\x18\x02 \x01(\fR\x06digest\"\x80\x01\n" + + "\x10MessageSignature\x12I\n" + + "\x0emessage_digest\x18\x01 \x01(\v2\".dev.sigstore.common.v1.HashOutputR\rmessageDigest\x12!\n" + + "\tsignature\x18\x02 \x01(\fB\x03\xe0A\x02R\tsignature\"#\n" + + "\x05LogId\x12\x1a\n" + + "\x06key_id\x18\x01 \x01(\fB\x03\xe0A\x02R\x05keyId\"H\n" + + "\x16RFC3161SignedTimestamp\x12.\n" + + "\x10signed_timestamp\x18\x01 \x01(\fB\x03\xe0A\x02R\x0fsignedTimestamp\"\xd9\x01\n" + + "\tPublicKey\x12 \n" + + "\traw_bytes\x18\x01 \x01(\fH\x00R\brawBytes\x88\x01\x01\x12I\n" + + "\vkey_details\x18\x02 \x01(\x0e2(.dev.sigstore.common.v1.PublicKeyDetailsR\n" + + "keyDetails\x12C\n" + + "\tvalid_for\x18\x03 \x01(\v2!.dev.sigstore.common.v1.TimeRangeH\x01R\bvalidFor\x88\x01\x01B\f\n" + + "\n" + + "_raw_bytesB\f\n" + + "\n" + + "_valid_for\")\n" + + "\x13PublicKeyIdentifier\x12\x12\n" + + "\x04hint\x18\x01 \x01(\tR\x04hint\"'\n" + + "\x10ObjectIdentifier\x12\x13\n" + + "\x02id\x18\x01 \x03(\x05B\x03\xe0A\x02R\x02id\"m\n" + + "\x19ObjectIdentifierValuePair\x12:\n" + + "\x03oid\x18\x01 \x01(\v2(.dev.sigstore.common.v1.ObjectIdentifierR\x03oid\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value\"X\n" + + "\x11DistinguishedName\x12\"\n" + + "\forganization\x18\x01 \x01(\tR\forganization\x12\x1f\n" + + "\vcommon_name\x18\x02 \x01(\tR\n" + + "commonName\"3\n" + + "\x0fX509Certificate\x12 \n" + + "\traw_bytes\x18\x01 \x01(\fB\x03\xe0A\x02R\brawBytes\"\x9e\x01\n" + + "\x16SubjectAlternativeName\x12F\n" + + "\x04type\x18\x01 \x01(\x0e22.dev.sigstore.common.v1.SubjectAlternativeNameTypeR\x04type\x12\x18\n" + + "\x06regexp\x18\x02 \x01(\tH\x00R\x06regexp\x12\x16\n" + + "\x05value\x18\x03 \x01(\tH\x00R\x05valueB\n" + + "\n" + + "\bidentity\"c\n" + + "\x14X509CertificateChain\x12K\n" + + "\fcertificates\x18\x01 \x03(\v2'.dev.sigstore.common.v1.X509CertificateR\fcertificates\"x\n" + + "\tTimeRange\x120\n" + + "\x05start\x18\x01 \x01(\v2\x1a.google.protobuf.TimestampR\x05start\x121\n" + + "\x03end\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampH\x00R\x03end\x88\x01\x01B\x06\n" + + "\x04_end*}\n" + + "\rHashAlgorithm\x12\x1e\n" + + "\x1aHASH_ALGORITHM_UNSPECIFIED\x10\x00\x12\f\n" + + "\bSHA2_256\x10\x01\x12\f\n" + + "\bSHA2_384\x10\x02\x12\f\n" + + "\bSHA2_512\x10\x03\x12\x10\n" + + "\bSHA3_256\x10\x04\x1a\x02\b\x01\x12\x10\n" + + "\bSHA3_384\x10\x05\x1a\x02\b\x01*\x9e\x05\n" + + "\x10PublicKeyDetails\x12\"\n" + + "\x1ePUBLIC_KEY_DETAILS_UNSPECIFIED\x10\x00\x12\x19\n" + + "\x11PKCS1_RSA_PKCS1V5\x10\x01\x1a\x02\b\x01\x12\x15\n" + + "\rPKCS1_RSA_PSS\x10\x02\x1a\x02\b\x01\x12\x18\n" + + "\x10PKIX_RSA_PKCS1V5\x10\x03\x1a\x02\b\x01\x12\x14\n" + + "\fPKIX_RSA_PSS\x10\x04\x1a\x02\b\x01\x12!\n" + + "\x1dPKIX_RSA_PKCS1V15_2048_SHA256\x10\t\x12!\n" + + "\x1dPKIX_RSA_PKCS1V15_3072_SHA256\x10\n" + + "\x12!\n" + + "\x1dPKIX_RSA_PKCS1V15_4096_SHA256\x10\v\x12\x1c\n" + + "\x18PKIX_RSA_PSS_2048_SHA256\x10\x10\x12\x1c\n" + + "\x18PKIX_RSA_PSS_3072_SHA256\x10\x11\x12\x1c\n" + + "\x18PKIX_RSA_PSS_4096_SHA256\x10\x12\x12$\n" + + "\x1cPKIX_ECDSA_P256_HMAC_SHA_256\x10\x06\x1a\x02\b\x01\x12\x1b\n" + + "\x17PKIX_ECDSA_P256_SHA_256\x10\x05\x12\x1b\n" + + "\x17PKIX_ECDSA_P384_SHA_384\x10\f\x12\x1b\n" + + "\x17PKIX_ECDSA_P521_SHA_512\x10\r\x12\x10\n" + + "\fPKIX_ED25519\x10\a\x12\x13\n" + + "\x0fPKIX_ED25519_PH\x10\b\x12\x1f\n" + + "\x17PKIX_ECDSA_P384_SHA_256\x10\x13\x1a\x02\b\x01\x12\x1f\n" + + "\x17PKIX_ECDSA_P521_SHA_256\x10\x14\x1a\x02\b\x01\x12\x12\n" + + "\n" + + "LMS_SHA256\x10\x0e\x1a\x02\b\x01\x12\x14\n" + + "\fLMOTS_SHA256\x10\x0f\x1a\x02\b\x01\x12\r\n" + + "\tML_DSA_44\x10\x17\x12\r\n" + + "\tML_DSA_65\x10\x15\x12\r\n" + + "\tML_DSA_87\x10\x16\"\x04\b\x18\x102*o\n" + + "\x1aSubjectAlternativeNameType\x12-\n" + + ")SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED\x10\x00\x12\t\n" + + "\x05EMAIL\x10\x01\x12\a\n" + + "\x03URI\x10\x02\x12\x0e\n" + + "\n" + + "OTHER_NAME\x10\x03B|\n" + + "\x1cdev.sigstore.proto.common.v1B\vCommonProtoP\x01Z6github.com/sigstore/protobuf-specs/gen/pb-go/common/v1\xea\x02\x14Sigstore::Common::V1b\x06proto3" var ( file_sigstore_common_proto_rawDescOnce sync.Once diff --git a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/dsse/envelope.pb.go b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/dsse/envelope.pb.go index 298e2439ef..77a81a40f0 100644 --- a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/dsse/envelope.pb.go +++ b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/dsse/envelope.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 +// protoc-gen-go v1.36.10 +// protoc v7.34.1 // source: envelope.proto package dsse @@ -169,26 +169,18 @@ func (x *Signature) GetKeyid() string { var File_envelope_proto protoreflect.FileDescriptor -var file_envelope_proto_rawDesc = string([]byte{ - 0x0a, 0x0e, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x09, 0x69, 0x6f, 0x2e, 0x69, 0x6e, 0x74, 0x6f, 0x74, 0x6f, 0x22, 0x7c, 0x0a, 0x08, 0x45, - 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, - 0x61, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, - 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x54, 0x79, 0x70, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x0a, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x69, 0x6f, 0x2e, 0x69, 0x6e, 0x74, - 0x6f, 0x74, 0x6f, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x0a, 0x73, - 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x22, 0x33, 0x0a, 0x09, 0x53, 0x69, 0x67, - 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x69, 0x67, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x03, 0x73, 0x69, 0x67, 0x12, 0x14, 0x0a, 0x05, 0x6b, 0x65, 0x79, 0x69, - 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x65, 0x79, 0x69, 0x64, 0x42, 0x44, - 0x5a, 0x31, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, - 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x64, - 0x73, 0x73, 0x65, 0xea, 0x02, 0x0e, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, - 0x44, 0x53, 0x53, 0x45, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -}) +const file_envelope_proto_rawDesc = "" + + "\n" + + "\x0eenvelope.proto\x12\tio.intoto\"|\n" + + "\bEnvelope\x12\x18\n" + + "\apayload\x18\x01 \x01(\fR\apayload\x12 \n" + + "\vpayloadType\x18\x02 \x01(\tR\vpayloadType\x124\n" + + "\n" + + "signatures\x18\x03 \x03(\v2\x14.io.intoto.SignatureR\n" + + "signatures\"3\n" + + "\tSignature\x12\x10\n" + + "\x03sig\x18\x01 \x01(\fR\x03sig\x12\x14\n" + + "\x05keyid\x18\x02 \x01(\tR\x05keyidBDZ1github.com/sigstore/protobuf-specs/gen/pb-go/dsse\xea\x02\x0eSigstore::DSSEb\x06proto3" var ( file_envelope_proto_rawDescOnce sync.Once diff --git a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1/sigstore_rekor.pb.go b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1/sigstore_rekor.pb.go index 43b3111ebf..2e94c90088 100644 --- a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1/sigstore_rekor.pb.go +++ b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1/sigstore_rekor.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 +// protoc-gen-go v1.36.10 +// protoc v7.34.1 // source: sigstore_rekor.proto package v1 @@ -428,78 +428,35 @@ func (x *TransparencyLogEntry) GetCanonicalizedBody() []byte { var File_sigstore_rekor_proto protoreflect.FileDescriptor -var file_sigstore_rekor_proto_rawDesc = string([]byte{ - 0x0a, 0x14, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x6b, 0x6f, 0x72, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, - 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x45, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64, 0x56, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x17, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, 0x1d, 0x0a, - 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x2d, 0x0a, 0x0a, - 0x43, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x1f, 0x0a, 0x08, 0x65, 0x6e, - 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, - 0x02, 0x52, 0x08, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x22, 0xdb, 0x01, 0x0a, 0x0e, - 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x20, - 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x49, 0x6e, 0x64, 0x65, 0x78, - 0x12, 0x20, 0x0a, 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x48, 0x61, - 0x73, 0x68, 0x12, 0x20, 0x0a, 0x09, 0x74, 0x72, 0x65, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x74, 0x72, 0x65, 0x65, - 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1b, 0x0a, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x18, 0x04, - 0x20, 0x03, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, - 0x73, 0x12, 0x46, 0x0a, 0x0a, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x68, - 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x63, - 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x22, 0x4d, 0x0a, 0x10, 0x49, 0x6e, 0x63, - 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x12, 0x39, 0x0a, - 0x16, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x74, 0x69, - 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, - 0x41, 0x02, 0x52, 0x14, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x54, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xc7, 0x03, 0x0a, 0x14, 0x54, 0x72, 0x61, - 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x20, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x49, 0x6e, - 0x64, 0x65, 0x78, 0x12, 0x39, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67, - 0x49, 0x64, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x4a, - 0x0a, 0x0c, 0x6b, 0x69, 0x6e, 0x64, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x69, 0x6e, - 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x6b, - 0x69, 0x6e, 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x0f, 0x69, 0x6e, - 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0e, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, - 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x54, 0x0a, 0x11, 0x69, 0x6e, 0x63, 0x6c, - 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6e, 0x63, 0x6c, - 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x52, 0x10, 0x69, 0x6e, - 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x12, 0x53, - 0x0a, 0x0f, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x6f, - 0x66, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, - 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, - 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x0e, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, - 0x6f, 0x6f, 0x66, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, - 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x11, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x42, 0x6f, - 0x64, 0x79, 0x42, 0x78, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, - 0x31, 0x42, 0x0a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, - 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, - 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x72, 0x65, - 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x13, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, -}) +const file_sigstore_rekor_proto_rawDesc = "" + + "\n" + + "\x14sigstore_rekor.proto\x12\x15dev.sigstore.rekor.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x15sigstore_common.proto\"E\n" + + "\vKindVersion\x12\x17\n" + + "\x04kind\x18\x01 \x01(\tB\x03\xe0A\x02R\x04kind\x12\x1d\n" + + "\aversion\x18\x02 \x01(\tB\x03\xe0A\x02R\aversion\"-\n" + + "\n" + + "Checkpoint\x12\x1f\n" + + "\benvelope\x18\x01 \x01(\tB\x03\xe0A\x02R\benvelope\"\xdb\x01\n" + + "\x0eInclusionProof\x12 \n" + + "\tlog_index\x18\x01 \x01(\x03B\x03\xe0A\x02R\blogIndex\x12 \n" + + "\troot_hash\x18\x02 \x01(\fB\x03\xe0A\x02R\brootHash\x12 \n" + + "\ttree_size\x18\x03 \x01(\x03B\x03\xe0A\x02R\btreeSize\x12\x1b\n" + + "\x06hashes\x18\x04 \x03(\fB\x03\xe0A\x02R\x06hashes\x12F\n" + + "\n" + + "checkpoint\x18\x05 \x01(\v2!.dev.sigstore.rekor.v1.CheckpointB\x03\xe0A\x02R\n" + + "checkpoint\"M\n" + + "\x10InclusionPromise\x129\n" + + "\x16signed_entry_timestamp\x18\x01 \x01(\fB\x03\xe0A\x02R\x14signedEntryTimestamp\"\xc7\x03\n" + + "\x14TransparencyLogEntry\x12 \n" + + "\tlog_index\x18\x01 \x01(\x03B\x03\xe0A\x02R\blogIndex\x129\n" + + "\x06log_id\x18\x02 \x01(\v2\x1d.dev.sigstore.common.v1.LogIdB\x03\xe0A\x02R\x05logId\x12J\n" + + "\fkind_version\x18\x03 \x01(\v2\".dev.sigstore.rekor.v1.KindVersionB\x03\xe0A\x02R\vkindVersion\x12,\n" + + "\x0fintegrated_time\x18\x04 \x01(\x03B\x03\xe0A\x02R\x0eintegratedTime\x12T\n" + + "\x11inclusion_promise\x18\x05 \x01(\v2'.dev.sigstore.rekor.v1.InclusionPromiseR\x10inclusionPromise\x12S\n" + + "\x0finclusion_proof\x18\x06 \x01(\v2%.dev.sigstore.rekor.v1.InclusionProofB\x03\xe0A\x02R\x0einclusionProof\x12-\n" + + "\x12canonicalized_body\x18\a \x01(\fR\x11canonicalizedBodyBx\n" + + "\x1bdev.sigstore.proto.rekor.v1B\n" + + "RekorProtoP\x01Z5github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1\xea\x02\x13Sigstore::Rekor::V1b\x06proto3" var ( file_sigstore_rekor_proto_rawDescOnce sync.Once diff --git a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go index 580d1c69f5..f1521b9cb7 100644 --- a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go +++ b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 +// protoc-gen-go v1.36.10 +// protoc v7.34.1 // source: sigstore_trustroot.proto package v1 @@ -361,13 +361,10 @@ func (x *CertificateAuthority) GetOperator() string { // previously used instance -- otherwise signatures made in the past cannot // be verified. // -// All the listed instances SHOULD be sorted by the 'valid_for' in ascending -// order, that is, the oldest instance first. Only the last instance is -// allowed to have their 'end' timestamp unset. All previous instances MUST -// have a closed interval of validity. The last instance MAY have a closed -// interval. Clients MUST accept instances that overlaps in time, if not -// clients may experience problems during rotations of verification -// materials. +// All the listed instances SHOULD be sorted by the 'valid_for.start' +// in ascending order, that is, the oldest instance first. Clients +// MUST accept instances that overlaps in time, if not clients may +// experience problems during rotations of verification materials. // // To be able to manage planned rotations of either transparency logs or // certificate authorities, clienst MUST accept lists of instances where @@ -852,157 +849,61 @@ func (x *ClientTrustConfig) GetSigningConfig() *SigningConfig { var File_sigstore_trustroot_proto protoreflect.FileDescriptor -var file_sigstore_trustroot_proto_rawDesc = string([]byte{ - 0x0a, 0x18, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, - 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, 0x02, - 0x0a, 0x17, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, - 0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x61, 0x73, - 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x62, 0x61, 0x73, - 0x65, 0x55, 0x72, 0x6c, 0x12, 0x4c, 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x61, 0x6c, 0x67, - 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, - 0x74, 0x68, 0x6d, 0x52, 0x0d, 0x68, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, - 0x68, 0x6d, 0x12, 0x40, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x12, 0x34, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, - 0x67, 0x49, 0x64, 0x52, 0x05, 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x49, 0x0a, 0x11, 0x63, 0x68, - 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, - 0x6f, 0x67, 0x49, 0x64, 0x52, 0x0f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, - 0x4b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, - 0x72, 0x22, 0x96, 0x02, 0x0a, 0x14, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x43, 0x0a, 0x07, 0x73, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x64, 0x65, - 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x75, 0x69, 0x73, 0x68, - 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, - 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, - 0x69, 0x12, 0x4b, 0x0a, 0x0a, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x58, - 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, - 0x61, 0x69, 0x6e, 0x52, 0x09, 0x63, 0x65, 0x72, 0x74, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x3e, - 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x52, - 0x61, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x12, 0x1a, - 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x22, 0x92, 0x03, 0x0a, 0x0b, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, - 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, - 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x48, 0x0a, 0x05, 0x74, 0x6c, 0x6f, - 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, - 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, - 0x79, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x05, 0x74, 0x6c, - 0x6f, 0x67, 0x73, 0x12, 0x68, 0x0a, 0x17, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, - 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x4a, 0x0a, - 0x06, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, - 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, - 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, - 0x65, 0x52, 0x06, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x12, 0x64, 0x0a, 0x15, 0x74, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, - 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, - 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x14, 0x74, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, - 0xea, 0x03, 0x0a, 0x0d, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x3b, 0x0a, 0x07, 0x63, 0x61, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x06, 0x63, 0x61, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x3f, 0x0a, - 0x09, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, - 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x52, 0x08, 0x6f, 0x69, 0x64, 0x63, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x4a, - 0x0a, 0x0f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x75, 0x72, 0x6c, - 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, - 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, - 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x6b, - 0x6f, 0x72, 0x54, 0x6c, 0x6f, 0x67, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x72, 0x65, - 0x6b, 0x6f, 0x72, 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, - 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x54, 0x6c, 0x6f, - 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3d, 0x0a, 0x08, 0x74, 0x73, 0x61, 0x5f, 0x75, - 0x72, 0x6c, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, - 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, 0x74, - 0x73, 0x61, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x4e, 0x0a, 0x0a, 0x74, 0x73, 0x61, 0x5f, 0x63, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, - 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, - 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x74, 0x73, 0x61, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x05, 0x22, 0xa3, 0x01, 0x0a, - 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x61, - 0x6a, 0x6f, 0x72, 0x5f, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x41, 0x70, 0x69, 0x56, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, - 0x66, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x76, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x76, 0x61, - 0x6c, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x6f, 0x72, 0x22, 0x74, 0x0a, 0x14, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x08, 0x73, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, - 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xd8, 0x01, 0x0a, 0x11, 0x43, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, - 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x4e, 0x0a, - 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, - 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, - 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x54, 0x0a, - 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, - 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0d, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x2a, 0x4e, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1e, 0x0a, 0x1a, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, - 0x45, 0x5f, 0x53, 0x45, 0x4c, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, - 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4c, 0x4c, 0x10, 0x01, 0x12, - 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x58, 0x41, 0x43, - 0x54, 0x10, 0x03, 0x42, 0x88, 0x01, 0x0a, 0x1f, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x42, 0x0e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, - 0x6f, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, - 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, - 0x74, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x17, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, - 0x3a, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -}) +const file_sigstore_trustroot_proto_rawDesc = "" + + "\n" + + "\x18sigstore_trustroot.proto\x12\x19dev.sigstore.trustroot.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x15sigstore_common.proto\"\xe1\x02\n" + + "\x17TransparencyLogInstance\x12\x19\n" + + "\bbase_url\x18\x01 \x01(\tR\abaseUrl\x12L\n" + + "\x0ehash_algorithm\x18\x02 \x01(\x0e2%.dev.sigstore.common.v1.HashAlgorithmR\rhashAlgorithm\x12@\n" + + "\n" + + "public_key\x18\x03 \x01(\v2!.dev.sigstore.common.v1.PublicKeyR\tpublicKey\x124\n" + + "\x06log_id\x18\x04 \x01(\v2\x1d.dev.sigstore.common.v1.LogIdR\x05logId\x12I\n" + + "\x11checkpoint_key_id\x18\x05 \x01(\v2\x1d.dev.sigstore.common.v1.LogIdR\x0fcheckpointKeyId\x12\x1a\n" + + "\boperator\x18\x06 \x01(\tR\boperator\"\x96\x02\n" + + "\x14CertificateAuthority\x12C\n" + + "\asubject\x18\x01 \x01(\v2).dev.sigstore.common.v1.DistinguishedNameR\asubject\x12\x10\n" + + "\x03uri\x18\x02 \x01(\tR\x03uri\x12K\n" + + "\n" + + "cert_chain\x18\x03 \x01(\v2,.dev.sigstore.common.v1.X509CertificateChainR\tcertChain\x12>\n" + + "\tvalid_for\x18\x04 \x01(\v2!.dev.sigstore.common.v1.TimeRangeR\bvalidFor\x12\x1a\n" + + "\boperator\x18\x05 \x01(\tR\boperator\"\x92\x03\n" + + "\vTrustedRoot\x12\x1d\n" + + "\n" + + "media_type\x18\x01 \x01(\tR\tmediaType\x12H\n" + + "\x05tlogs\x18\x02 \x03(\v22.dev.sigstore.trustroot.v1.TransparencyLogInstanceR\x05tlogs\x12h\n" + + "\x17certificate_authorities\x18\x03 \x03(\v2/.dev.sigstore.trustroot.v1.CertificateAuthorityR\x16certificateAuthorities\x12J\n" + + "\x06ctlogs\x18\x04 \x03(\v22.dev.sigstore.trustroot.v1.TransparencyLogInstanceR\x06ctlogs\x12d\n" + + "\x15timestamp_authorities\x18\x05 \x03(\v2/.dev.sigstore.trustroot.v1.CertificateAuthorityR\x14timestampAuthorities\"\xea\x03\n" + + "\rSigningConfig\x12\x1d\n" + + "\n" + + "media_type\x18\x05 \x01(\tR\tmediaType\x12;\n" + + "\aca_urls\x18\x06 \x03(\v2\".dev.sigstore.trustroot.v1.ServiceR\x06caUrls\x12?\n" + + "\toidc_urls\x18\a \x03(\v2\".dev.sigstore.trustroot.v1.ServiceR\boidcUrls\x12J\n" + + "\x0frekor_tlog_urls\x18\b \x03(\v2\".dev.sigstore.trustroot.v1.ServiceR\rrekorTlogUrls\x12[\n" + + "\x11rekor_tlog_config\x18\t \x01(\v2/.dev.sigstore.trustroot.v1.ServiceConfigurationR\x0frekorTlogConfig\x12=\n" + + "\btsa_urls\x18\n" + + " \x03(\v2\".dev.sigstore.trustroot.v1.ServiceR\atsaUrls\x12N\n" + + "\n" + + "tsa_config\x18\v \x01(\v2/.dev.sigstore.trustroot.v1.ServiceConfigurationR\ttsaConfigJ\x04\b\x01\x10\x05\"\xb7\x01\n" + + "\aService\x12\x15\n" + + "\x03url\x18\x01 \x01(\tB\x03\xe0A\x02R\x03url\x12/\n" + + "\x11major_api_version\x18\x02 \x01(\rB\x03\xe0A\x02R\x0fmajorApiVersion\x12C\n" + + "\tvalid_for\x18\x03 \x01(\v2!.dev.sigstore.common.v1.TimeRangeB\x03\xe0A\x02R\bvalidFor\x12\x1f\n" + + "\boperator\x18\x04 \x01(\tB\x03\xe0A\x02R\boperator\"y\n" + + "\x14ServiceConfiguration\x12K\n" + + "\bselector\x18\x01 \x01(\x0e2*.dev.sigstore.trustroot.v1.ServiceSelectorB\x03\xe0A\x02R\bselector\x12\x14\n" + + "\x05count\x18\x02 \x01(\rR\x05count\"\xd8\x01\n" + + "\x11ClientTrustConfig\x12\x1d\n" + + "\n" + + "media_type\x18\x01 \x01(\tR\tmediaType\x12N\n" + + "\ftrusted_root\x18\x02 \x01(\v2&.dev.sigstore.trustroot.v1.TrustedRootB\x03\xe0A\x02R\vtrustedRoot\x12T\n" + + "\x0esigning_config\x18\x03 \x01(\v2(.dev.sigstore.trustroot.v1.SigningConfigB\x03\xe0A\x02R\rsigningConfig*N\n" + + "\x0fServiceSelector\x12\x1e\n" + + "\x1aSERVICE_SELECTOR_UNDEFINED\x10\x00\x12\a\n" + + "\x03ALL\x10\x01\x12\a\n" + + "\x03ANY\x10\x02\x12\t\n" + + "\x05EXACT\x10\x03B\x88\x01\n" + + "\x1fdev.sigstore.proto.trustroot.v1B\x0eTrustRootProtoP\x01Z9github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1\xea\x02\x17Sigstore::TrustRoot::V1b\x06proto3" var ( file_sigstore_trustroot_proto_rawDescOnce sync.Once diff --git a/vendor/github.com/sigstore/rekor/pkg/client/rekor_client.go b/vendor/github.com/sigstore/rekor/pkg/client/rekor_client.go index 5f55aa9839..cf3060f37f 100644 --- a/vendor/github.com/sigstore/rekor/pkg/client/rekor_client.go +++ b/vendor/github.com/sigstore/rekor/pkg/client/rekor_client.go @@ -15,7 +15,10 @@ package client import ( + "bytes" "crypto/tls" + "fmt" + "io" "net/http" "net/url" @@ -29,6 +32,36 @@ import ( "github.com/sigstore/rekor/pkg/util" ) +// maxErrorBodyBytes caps how much of the final response body we embed in +// the error message to avoid flooding terminals with large payloads. +const maxErrorBodyBytes = 512 + +// retryErrorHandler makes the final error surfaced after retries include the +// underlying cause (transport error or final response status + body snippet). +// Without a custom handler retryablehttp's default message is just +// " giving up after N attempt(s)", which hides the actual +// reason the retries failed — especially when the server returned an error +// response (5xx) rather than a transport error. See +// https://github.com/sigstore/rekor/issues/2640. +func retryErrorHandler(resp *http.Response, err error, numTries int) (*http.Response, error) { + if err != nil { + return nil, fmt.Errorf("giving up after %d attempt(s): %w", numTries, err) + } + if resp != nil { + defer resp.Body.Close() + body, readErr := io.ReadAll(io.LimitReader(resp.Body, maxErrorBodyBytes)) + snippet := string(bytes.TrimSpace(body)) + if readErr == nil && snippet != "" { + return nil, fmt.Errorf("giving up after %d attempt(s): status %d: %s", + numTries, resp.StatusCode, snippet) + } + return nil, fmt.Errorf("giving up after %d attempt(s): status %d", + numTries, resp.StatusCode) + } + + return nil, fmt.Errorf("giving up after %d attempt(s)", numTries) +} + func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error) { url, err := url.Parse(rekorServerURL) if err != nil { @@ -54,6 +87,7 @@ func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error retryableClient.RetryWaitMin = o.RetryWaitMin retryableClient.RetryWaitMax = o.RetryWaitMax retryableClient.Logger = o.Logger + retryableClient.ErrorHandler = retryErrorHandler httpClient := retryableClient.StandardClient() httpClient.Transport = createRoundTripper(httpClient.Transport, o) diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/create_log_entry_parameters.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/create_log_entry_parameters.go index 481fa2bda5..5a7418e535 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/create_log_entry_parameters.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/create_log_entry_parameters.go @@ -18,9 +18,6 @@ package entries -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "net/http" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/create_log_entry_responses.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/create_log_entry_responses.go index de665ed9cb..198047ed0c 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/create_log_entry_responses.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/create_log_entry_responses.go @@ -18,9 +18,6 @@ package entries -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "encoding/json" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/entries_client.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/entries_client.go index 24f633cf66..713b0ef671 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/entries_client.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/entries_client.go @@ -18,9 +18,6 @@ package entries -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "github.com/go-openapi/runtime" httptransport "github.com/go-openapi/runtime/client" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_index_parameters.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_index_parameters.go index e225227511..8ec6c28042 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_index_parameters.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_index_parameters.go @@ -18,9 +18,6 @@ package entries -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "net/http" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_index_responses.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_index_responses.go index 40e17b3cfc..6be99b7e40 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_index_responses.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_index_responses.go @@ -18,9 +18,6 @@ package entries -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "encoding/json" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go index 5c88b52654..ddd769ad9d 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go @@ -18,9 +18,6 @@ package entries -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "net/http" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_uuid_responses.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_uuid_responses.go index 3498e27287..9ea6b57f14 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_uuid_responses.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/get_log_entry_by_uuid_responses.go @@ -18,9 +18,6 @@ package entries -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "encoding/json" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/search_log_query_parameters.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/search_log_query_parameters.go index ed158ce23e..ce248ff9a7 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/search_log_query_parameters.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/search_log_query_parameters.go @@ -18,9 +18,6 @@ package entries -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "net/http" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/search_log_query_responses.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/search_log_query_responses.go index 13d5ba2786..7891f4b915 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/search_log_query_responses.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/search_log_query_responses.go @@ -18,9 +18,6 @@ package entries -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "encoding/json" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/index/index_client.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/index/index_client.go index 80db490317..8acf59d4df 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/index/index_client.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/index/index_client.go @@ -18,9 +18,6 @@ package index -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "github.com/go-openapi/runtime" httptransport "github.com/go-openapi/runtime/client" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/index/search_index_parameters.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/index/search_index_parameters.go index c1694193ef..90f2e0f325 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/index/search_index_parameters.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/index/search_index_parameters.go @@ -18,9 +18,6 @@ package index -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "net/http" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/index/search_index_responses.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/index/search_index_responses.go index 8c62eca17b..951a1254d3 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/index/search_index_responses.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/index/search_index_responses.go @@ -18,9 +18,6 @@ package index -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "encoding/json" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/get_public_key_parameters.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/get_public_key_parameters.go index b4248c933a..b649e08976 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/get_public_key_parameters.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/get_public_key_parameters.go @@ -18,9 +18,6 @@ package pubkey -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "net/http" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/get_public_key_responses.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/get_public_key_responses.go index 70dbc452a3..923ee3cf6e 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/get_public_key_responses.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/get_public_key_responses.go @@ -18,9 +18,6 @@ package pubkey -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "encoding/json" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/pubkey_client.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/pubkey_client.go index 7f4db7d8cf..d2ed8be91f 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/pubkey_client.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/pubkey/pubkey_client.go @@ -18,9 +18,6 @@ package pubkey -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "github.com/go-openapi/runtime" httptransport "github.com/go-openapi/runtime/client" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/rekor_client.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/rekor_client.go index bee3811184..131c7e1639 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/rekor_client.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/rekor_client.go @@ -18,9 +18,6 @@ package client -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "github.com/go-openapi/runtime" httptransport "github.com/go-openapi/runtime/client" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_parameters.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_parameters.go index e0ae2cdd31..764c2e9d4c 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_parameters.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_parameters.go @@ -18,9 +18,6 @@ package tlog -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "net/http" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_responses.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_responses.go index 3d98f88cdf..5b69389dec 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_responses.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_info_responses.go @@ -18,9 +18,6 @@ package tlog -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "encoding/json" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_proof_parameters.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_proof_parameters.go index 2b21ad887c..505ca2cbb3 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_proof_parameters.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_proof_parameters.go @@ -18,9 +18,6 @@ package tlog -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "net/http" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_proof_responses.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_proof_responses.go index ae8e50d287..d025173d21 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_proof_responses.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/get_log_proof_responses.go @@ -18,9 +18,6 @@ package tlog -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "encoding/json" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/tlog_client.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/tlog_client.go index ff174ebfa2..c58fe252c9 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/tlog_client.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/client/tlog/tlog_client.go @@ -18,9 +18,6 @@ package tlog -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "github.com/go-openapi/runtime" httptransport "github.com/go-openapi/runtime/client" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine.go index 5607679fdf..d3c460e731 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_schema.go index 00f76926c3..646b414b4a 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // AlpineSchema Alpine Package Schema // // # Schema for Alpine package objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_v001_schema.go index c77008ce7a..f748022d51 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/alpine_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/consistency_proof.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/consistency_proof.go index 804ddd11a9..ae87d835ff 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/consistency_proof.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/consistency_proof.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "strconv" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/cose.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/cose.go index 8de4083baf..58cd4e3b1c 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/cose.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/cose.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_schema.go index 8f90160503..325a8a6ab9 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // CoseSchema COSE Schema // // # COSE for Rekord objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_v001_schema.go index 9dafe29ce3..69a3c0c65e 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/cose_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse.go index dde562054c..40b48b304e 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_schema.go index 0dc5c87ed3..e9526fc0fc 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // DSSESchema DSSE Schema // // log entry schema for dsse envelopes diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go index 8cad568daf..efbcff1752 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/dsse_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/error.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/error.go index ac14f2026e..6dcec446cf 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/error.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/error.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord.go index b3e1f8a3bd..1c2c48bdb3 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_schema.go index 67fc8ababa..960dd131be 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // HashedrekordSchema Hashedrekord Schema // // # Schema for Hashedrekord objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_v001_schema.go index 866842e569..85b3fcbb31 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/hashedrekord_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/helm.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/helm.go index d19b8bc8c9..3cab983af8 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/helm.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/helm.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_schema.go index 305a9e16fd..4952e3738c 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // HelmSchema Helm Schema // // # Schema for Helm objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_v001_schema.go index 1d52e1e4f5..3274e1d096 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/helm_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/inactive_shard_log_info.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/inactive_shard_log_info.go index c555eb2da6..7cbcdc9c27 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/inactive_shard_log_info.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/inactive_shard_log_info.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/inclusion_proof.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/inclusion_proof.go index 86f0d7b94e..a228b27f97 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/inclusion_proof.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/inclusion_proof.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "strconv" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto.go index 4f208de1d5..6a79e48686 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_schema.go index 142f0a1942..2e09d5db1d 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // IntotoSchema Intoto Schema // // # Intoto for Rekord objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v001_schema.go index d3a6ca42f4..912a34c522 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go index 4ea4dcc58a..c3a4c959c5 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/intoto_v002_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/jar.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/jar.go index 3df3d21b8a..71d25cd701 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/jar.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/jar.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_schema.go index 0cd3126ef5..aedf7c3fdf 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // JarSchema JAR Schema // // # Schema for JAR objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_v001_schema.go index 64335c3687..f3808966b5 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/jar_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/log_entry.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/log_entry.go index 65cf4f4b77..bd25ee7378 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/log_entry.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/log_entry.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/log_info.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/log_info.go index 6cbb9d64a2..b42dfbb24f 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/log_info.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/log_info.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/proposed_entry.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/proposed_entry.go index 5b734a5fff..141730a18b 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/proposed_entry.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/proposed_entry.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord.go index 81c8ff0545..d862850726 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_schema.go index 9c33e4044e..52f03af052 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // RekordSchema Rekor Schema // // # Schema for Rekord objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_v001_schema.go index 0f4977ca73..ab3a323369 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rekord_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161.go index ef8d42e7a2..b18aa31a72 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_schema.go index 319358d400..536a1bc742 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // Rfc3161Schema Timestamp Schema // // # Schema for RFC 3161 timestamp objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_v001_schema.go index c2037cd7ad..a2d7a3642a 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rfc3161_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm.go index 8b1f10c77e..4ff2a264ee 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_schema.go index 2520dfb9c7..22b6749ca3 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // RpmSchema RPM Schema // // # Schema for RPM objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_v001_schema.go index a7636bd5fc..4506414a4e 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/rpm_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go index 98f7ee84c5..ff672558a4 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" "encoding/json" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_log_query.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_log_query.go index 6833c8f6d8..874f51f07e 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_log_query.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_log_query.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" @@ -42,7 +39,7 @@ import ( type SearchLogQuery struct { entriesField []ProposedEntry - // entry u UI ds + // entry UUIDs // Max Items: 10 // Min Items: 1 EntryUUIDs []string `json:"entryUUIDs"` diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf.go index a5f6eff0f7..98997da594 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "bytes" "context" diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_schema.go index 7c944ef92d..71f17ca846 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - // TUFSchema TUF Schema // // # Schema for TUF metadata objects diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go index 69b5e93d61..b66058702c 100644 --- a/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go +++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/tuf_v001_schema.go @@ -18,9 +18,6 @@ package models -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - import ( "context" stderrors "errors" diff --git a/vendor/github.com/sigstore/rekor/pkg/types/dsse/dsse.go b/vendor/github.com/sigstore/rekor/pkg/types/dsse/dsse.go index 9036fe5625..9b82729672 100644 --- a/vendor/github.com/sigstore/rekor/pkg/types/dsse/dsse.go +++ b/vendor/github.com/sigstore/rekor/pkg/types/dsse/dsse.go @@ -55,6 +55,10 @@ func (it BaseDSSEType) UnmarshalEntry(pe models.ProposedEntry) (types.EntryImpl, return nil, errors.New("cannot unmarshal non-DSSE types") } + if in.APIVersion == nil { + return nil, errors.New("api version cannot be nil") + } + return it.VersionedUnmarshal(in, *in.APIVersion) } diff --git a/vendor/github.com/sigstore/rekor/pkg/types/entries.go b/vendor/github.com/sigstore/rekor/pkg/types/entries.go index 06a8525bd9..a39bff4076 100644 --- a/vendor/github.com/sigstore/rekor/pkg/types/entries.go +++ b/vendor/github.com/sigstore/rekor/pkg/types/entries.go @@ -22,6 +22,7 @@ import ( "fmt" "net/url" "reflect" + "sync/atomic" "github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer" "github.com/go-openapi/strfmt" @@ -60,6 +61,33 @@ type ProposedEntryIterator interface { // EntryFactory describes a factory function that can generate structs for a specific versioned type type EntryFactory func() EntryImpl +// allowedKindsForSubmission restricts the set of kinds that CreateVersionedEntry +// will accept. +// This restriction only applies to the insertion path. Read paths are unaffected +// so that entries written to the log under a previous configuration are still readable. +var allowedKindsForSubmission atomic.Pointer[map[string]struct{}] + +// SetAllowedKindsForSubmission configures the set of kinds that CreateVersionedEntry +// will accept. +func SetAllowedKindsForSubmission(kinds []string) { + m := make(map[string]struct{}, len(kinds)) + for _, k := range kinds { + m[k] = struct{}{} + } + allowedKindsForSubmission.Store(&m) +} + +// isKindAllowedForSubmission reports whether the given kind may be inserted +// into the log via CreateVersionedEntry. +func isKindAllowedForSubmission(kind string) bool { + m := allowedKindsForSubmission.Load() + if m == nil { + return true + } + _, ok := (*m)[kind] + return ok +} + func NewProposedEntry(ctx context.Context, kind, version string, props ArtifactProperties) (models.ProposedEntry, error) { if tf, found := TypeMap.Load(kind); found { t := tf.(func() TypeImpl)() @@ -80,6 +108,9 @@ func CreateVersionedEntry(pe models.ProposedEntry) (EntryImpl, error) { return nil, err } kind := pe.Kind() + if !isKindAllowedForSubmission(kind) { + return nil, fmt.Errorf("entry kind '%v' is not enabled for submission on this server", kind) + } if tf, found := TypeMap.Load(kind); found { if !tf.(func() TypeImpl)().IsSupportedVersion(ei.APIVersion()) { return nil, fmt.Errorf("entry kind '%v' does not support inserting entries of version '%v'", kind, ei.APIVersion()) diff --git a/vendor/github.com/sigstore/rekor/pkg/types/hashedrekord/hashedrekord.go b/vendor/github.com/sigstore/rekor/pkg/types/hashedrekord/hashedrekord.go index 66395c7a05..778d9e5b44 100644 --- a/vendor/github.com/sigstore/rekor/pkg/types/hashedrekord/hashedrekord.go +++ b/vendor/github.com/sigstore/rekor/pkg/types/hashedrekord/hashedrekord.go @@ -55,6 +55,10 @@ func (rt BaseRekordType) UnmarshalEntry(pe models.ProposedEntry) (types.EntryImp return nil, fmt.Errorf("cannot unmarshal non-hashed Rekord types: %s", pe.Kind()) } + if rekord.APIVersion == nil { + return nil, errors.New("api version cannot be nil") + } + return rt.VersionedUnmarshal(rekord, *rekord.APIVersion) } diff --git a/vendor/github.com/sigstore/rekor/pkg/types/intoto/intoto.go b/vendor/github.com/sigstore/rekor/pkg/types/intoto/intoto.go index 2bfba39468..8aa2b8ddc9 100644 --- a/vendor/github.com/sigstore/rekor/pkg/types/intoto/intoto.go +++ b/vendor/github.com/sigstore/rekor/pkg/types/intoto/intoto.go @@ -57,6 +57,10 @@ func (it BaseIntotoType) UnmarshalEntry(pe models.ProposedEntry) (types.EntryImp return nil, errors.New("cannot unmarshal non-Rekord types") } + if in.APIVersion == nil { + return nil, errors.New("api version cannot be nil") + } + return it.VersionedUnmarshal(in, *in.APIVersion) } diff --git a/vendor/github.com/sigstore/rekor/pkg/types/rekord/rekord.go b/vendor/github.com/sigstore/rekor/pkg/types/rekord/rekord.go index 902dbf71ee..c02d05d73e 100644 --- a/vendor/github.com/sigstore/rekor/pkg/types/rekord/rekord.go +++ b/vendor/github.com/sigstore/rekor/pkg/types/rekord/rekord.go @@ -55,6 +55,10 @@ func (rt BaseRekordType) UnmarshalEntry(pe models.ProposedEntry) (types.EntryImp return nil, errors.New("cannot unmarshal non-Rekord types") } + if rekord.APIVersion == nil { + return nil, errors.New("api version cannot be nil") + } + return rt.VersionedUnmarshal(rekord, *rekord.APIVersion) } diff --git a/vendor/github.com/sigstore/rekor/pkg/types/types.go b/vendor/github.com/sigstore/rekor/pkg/types/types.go index 72722321b1..5e327d42ed 100644 --- a/vendor/github.com/sigstore/rekor/pkg/types/types.go +++ b/vendor/github.com/sigstore/rekor/pkg/types/types.go @@ -73,11 +73,21 @@ func (rt *RekorType) IsSupportedVersion(proposedVersion string) bool { return slices.Contains(rt.SupportedVersions(), proposedVersion) } +// ListSupportedKinds returns all loaded entry kinds +func ListSupportedKinds() []string { + var l []string + TypeMap.Range(func(k, _ any) bool { + l = append(l, k.(string)) + return true + }) + return l +} + // ListImplementedTypes returns a list of all type strings currently known to // be implemented func ListImplementedTypes() []string { retVal := []string{} - TypeMap.Range(func(k interface{}, v interface{}) bool { + TypeMap.Range(func(k, v any) bool { tf := v.(func() TypeImpl) for _, verStr := range tf().SupportedVersions() { retVal = append(retVal, fmt.Sprintf("%v:%v", k.(string), verStr)) diff --git a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go index 325813d692..5ecf346dbf 100644 --- a/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go +++ b/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go @@ -27,6 +27,7 @@ import ( "fmt" "github.com/secure-systems-lab/go-securesystemslib/encrypted" + "github.com/youmark/pkcs8" ) const ( @@ -107,6 +108,26 @@ func UnmarshalPEMToPrivateKey(pemBytes []byte, pf PassFunc) (crypto.PrivateKey, if derBlock == nil { return nil, errors.New("PEM decoding failed") } + + // Handle legacy encrypted PEM blocks + if x509.IsEncryptedPEMBlock(derBlock) { //nolint:staticcheck + if pf == nil { + return nil, errors.New("private key is encrypted, but no password function was provided") + } + password, err := pf(false) + if err != nil { + return nil, err + } + decryptedBytes, err := x509.DecryptPEMBlock(derBlock, password) //nolint:staticcheck + if err != nil { + return nil, fmt.Errorf("failed to decrypt legacy PEM block: %w", err) + } + derBlock = &pem.Block{ + Type: derBlock.Type, + Bytes: decryptedBytes, + } + } + switch derBlock.Type { case string(PrivateKeyPEMType): return x509.ParsePKCS8PrivateKey(derBlock.Bytes) @@ -114,6 +135,19 @@ func UnmarshalPEMToPrivateKey(pemBytes []byte, pf PassFunc) (crypto.PrivateKey, return x509.ParsePKCS1PrivateKey(derBlock.Bytes) case string(ECPrivateKeyPEMType): return x509.ParseECPrivateKey(derBlock.Bytes) + case "ENCRYPTED PRIVATE KEY": + if pf == nil { + return nil, errors.New("private key is encrypted, but no password function was provided") + } + password, err := pf(false) + if err != nil { + return nil, err + } + decryptedKey, err := pkcs8.ParsePKCS8PrivateKey(derBlock.Bytes, password) + if err != nil { + return nil, fmt.Errorf("failed to decrypt and parse encrypted private key: %w", err) + } + return decryptedKey, nil case string(EncryptedSigstorePrivateKeyPEMType), string(encryptedCosignPrivateKeyPEMType): derBytes := derBlock.Bytes if pf != nil { diff --git a/vendor/github.com/sigstore/sigstore/pkg/oauth/interactive.go b/vendor/github.com/sigstore/sigstore/pkg/oauth/interactive.go index d24d89d746..1267cab4c7 100644 --- a/vendor/github.com/sigstore/sigstore/pkg/oauth/interactive.go +++ b/vendor/github.com/sigstore/sigstore/pkg/oauth/interactive.go @@ -65,18 +65,12 @@ func GetInteractiveSuccessHTML(autoclose bool, timeout int) (string, error) { sigstore authentication successful! - {{ if .Autoclose -}} - {{- else -}} -
- You may now close this page. -
- {{- end }}