From d416b4e3cb257fdc77b14d7a8ce547672c570f93 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Tue, 31 Aug 2021 16:24:31 +0530 Subject: [PATCH 01/37] showing skiped policy seperately Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 76 +++++++++++++++++-------- pkg/kyverno/apply/apply_command_test.go | 4 +- pkg/kyverno/apply/report.go | 64 ++++++++++----------- pkg/kyverno/apply/report_test.go | 2 +- 4 files changed, 84 insertions(+), 62 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index b81332f5b6..9e660db8bf 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -47,11 +47,11 @@ type Values struct { Policies []Policy `json:"policies"` } -type SkippedPolicy struct { - Name string `json:"name"` - Rules []v1.Rule `json:"rules"` - Variable string `json:"variable"` -} +// type SkippedPolicy struct { +// Name string `json:"name"` +// Rules []v1.Rule `json:"rules"` +// Variable string `json:"variable"` +// } var applyHelp = ` To apply on a resource: @@ -157,7 +157,7 @@ func Command() *cobra.Command { } func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, mutateLogPath string, - variablesString string, valuesFile string, namespace string, policyPaths []string, stdin bool) (validateEngineResponses []*response.EngineResponse, rc *resultCounts, resources []*unstructured.Unstructured, skippedPolicies []SkippedPolicy, err error) { + variablesString string, valuesFile string, namespace string, policyPaths []string, stdin bool) (validateEngineResponses []*response.EngineResponse, rc *resultCounts, resources []*unstructured.Unstructured, skippedPolicies []string, err error) { store.SetMock(true) kubernetesConfig := genericclioptions.NewConfigFlags(true) @@ -270,30 +270,48 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, rc = &resultCounts{} validateEngineResponses = make([]*response.EngineResponse, 0) - skippedPolicies = make([]SkippedPolicy, 0) + // skippedPolicies = make([]SkippedPolicy, 0) + skippedPolicies = make([]string, 0) for _, policy := range mutatedPolicies { err := policy2.Validate(policy, nil, true, openAPIController) + // here skip policy if err != nil { - rc.skip += len(resources) - log.Log.V(3).Info(fmt.Sprintf("skipping policy %v as it is not valid", policy.Name), "error", err) + skippedPolicies = append(skippedPolicies, policy.Name) continue } + // if err != nil { + // rc.skip += len(resources) + // log.Log.V(3).Info(fmt.Sprintf("skipping policy %v as it is not valid", policy.Name), "error", err) + // continue + // } + matches := common.PolicyHasVariables(*policy) variable := common.RemoveDuplicateAndObjectVariables(matches) - - if len(variable) > 0 && variablesString == "" && valuesFile == "" { - rc.skip++ - skipPolicy := SkippedPolicy{ - Name: policy.GetName(), - Rules: policy.Spec.Rules, - Variable: variable, + if len(variable) > 0 { + if len(variables) == 0 { + // check policy in valuesMap + if valuesMap[policy.Name] == nil { + //check for namespce selector + skippedPolicies = append(skippedPolicies, policy.Name) + continue + } } - skippedPolicies = append(skippedPolicies, skipPolicy) - log.Log.V(3).Info(fmt.Sprintf("skipping policy %s as non of the variable values are not passed", policy.Name), "error", fmt.Sprintf("policy have variable - %s", variable)) - continue + // valuesMap, namespaceSelectorMap } + // if len(variable) > 0 && variablesString == "" && valuesFile == "" { + // // skip policy ...can we get specific policy name?? + // rc.skip++ + // skipPolicy := SkippedPolicy{ + // Name: policy.GetName(), + // Rules: policy.Spec.Rules, + // Variable: variable, + // } + // skippedPolicies = append(skippedPolicies, skipPolicy) + // log.Log.V(3).Info(fmt.Sprintf("skipping policy %s as non of the variable values are not passed", policy.Name), "error", fmt.Sprintf("policy have variable - %s", variable)) + // continue + // } for _, resource := range resources { // get values from file for this policy resource combination @@ -352,10 +370,18 @@ func checkMutateLogPath(mutateLogPath string) (mutateLogPathIsDir bool, err erro } // printReportOrViolation - printing policy report/violations -func printReportOrViolation(policyReport bool, validateEngineResponses []*response.EngineResponse, rc *resultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []SkippedPolicy, stdin bool) { +func printReportOrViolation(policyReport bool, validateEngineResponses []*response.EngineResponse, rc *resultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []string, stdin bool) { + if len(skippedPolicies) > 0 { + fmt.Println("----------------------------------------------------------------------\nPolicies Skipped:\n") + for i, policyName := range skippedPolicies { + fmt.Println(i+1, ". ", policyName) + } + fmt.Println("----------------------------------------------------------------------") + } + if policyReport { os.Setenv("POLICY-TYPE", pkgCommon.PolicyReport) - resps := buildPolicyReports(validateEngineResponses, skippedPolicies) + resps := buildPolicyReports(validateEngineResponses) if len(resps) > 0 || resourcesLen == 0 { fmt.Println("----------------------------------------------------------------------\nPOLICY REPORT:\n----------------------------------------------------------------------") report, _ := generateCLIRaw(resps) @@ -365,10 +391,10 @@ func printReportOrViolation(policyReport bool, validateEngineResponses []*respon fmt.Println("----------------------------------------------------------------------\nPOLICY REPORT: skip generating policy report (no validate policy found/resource skipped)") } } else { - rcCount := rc.pass + rc.fail + rc.warn + rc.error + rc.skip - if rcCount < len(resourcePaths) { - rc.skip += len(resourcePaths) - rcCount - } + // rcCount := rc.pass + rc.fail + rc.warn + rc.error + rc.skip + // if rcCount < len(resourcePaths) { + // rc.skip += len(resourcePaths) - rcCount + // } if !stdin { fmt.Printf("\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n", rc.pass, rc.fail, rc.warn, rc.error, rc.skip) diff --git a/pkg/kyverno/apply/apply_command_test.go b/pkg/kyverno/apply/apply_command_test.go index dfd6d9e489..4a6c399486 100644 --- a/pkg/kyverno/apply/apply_command_test.go +++ b/pkg/kyverno/apply/apply_command_test.go @@ -56,8 +56,8 @@ func Test_Apply(t *testing.T) { } for _, tc := range testcases { - validateEngineResponses, _, _, skippedPolicies, _ := applyCommandHelper(tc.ResourcePaths, false, true, "", "", "", "", tc.PolicyPaths, false) - resps := buildPolicyReports(validateEngineResponses, skippedPolicies) + validateEngineResponses, _, _, _, _ := applyCommandHelper(tc.ResourcePaths, false, true, "", "", "", "", tc.PolicyPaths, false) + resps := buildPolicyReports(validateEngineResponses) for i, resp := range resps { compareSummary(tc.expectedPolicyReports[i].Summary, resp.UnstructuredContent()["summary"].(map[string]interface{})) } diff --git a/pkg/kyverno/apply/report.go b/pkg/kyverno/apply/report.go index 630cc4ff90..072c4c9e09 100644 --- a/pkg/kyverno/apply/report.go +++ b/pkg/kyverno/apply/report.go @@ -21,43 +21,39 @@ import ( const clusterpolicyreport = "clusterpolicyreport" // resps is the engine responses generated for a single policy -func buildPolicyReports(resps []*response.EngineResponse, skippedPolicies []SkippedPolicy) (res []*unstructured.Unstructured) { +func buildPolicyReports(resps []*response.EngineResponse) (res []*unstructured.Unstructured) { var raw []byte var err error - for _, sp := range skippedPolicies { - for _, r := range sp.Rules { - result := []*report.PolicyReportResult{ - { - Message: fmt.Sprintln("skipped policy with variables -", sp.Variable), - Policy: sp.Name, - Rule: r.Name, - Result: "skip", - }, - } - - report := &report.PolicyReport{ - TypeMeta: metav1.TypeMeta{ - APIVersion: report.SchemeGroupVersion.String(), - Kind: "PolicyReport", - }, - Results: result, - } - - if raw, err = json.Marshal(report); err != nil { - log.Log.V(3).Info("failed to serialize policy report", "error", err) - continue - } - - reportUnstructured, err := engineutils.ConvertToUnstructured(raw) - if err != nil { - log.Log.V(3).Info("failed to convert policy report", "error", err) - continue - } - - res = append(res, reportUnstructured) - } - } + // for _, sp := range skippedPolicies { + // for _, r := range sp.Rules { + // result := []*report.PolicyReportResult{ + // { + // Message: fmt.Sprintln("skipped policy with variables -", sp.Variable), + // Policy: sp.Name, + // Rule: r.Name, + // Result: "skip", + // }, + // } + // report := &report.PolicyReport{ + // TypeMeta: metav1.TypeMeta{ + // APIVersion: report.SchemeGroupVersion.String(), + // Kind: "PolicyReport", + // }, + // Results: result, + // } + // if raw, err = json.Marshal(report); err != nil { + // log.Log.V(3).Info("failed to serialize policy report", "error", err) + // continue + // } + // reportUnstructured, err := engineutils.ConvertToUnstructured(raw) + // if err != nil { + // log.Log.V(3).Info("failed to convert policy report", "error", err) + // continue + // } + // res = append(res, reportUnstructured) + // } + // } resultsMap := buildPolicyResults(resps) for scope, result := range resultsMap { diff --git a/pkg/kyverno/apply/report_test.go b/pkg/kyverno/apply/report_test.go index dc5c1e0f36..fd24c5fd74 100644 --- a/pkg/kyverno/apply/report_test.go +++ b/pkg/kyverno/apply/report_test.go @@ -72,7 +72,7 @@ var engineResponses = []*response.EngineResponse{ func Test_buildPolicyReports(t *testing.T) { os.Setenv("POLICY-TYPE", common.PolicyReport) - reports := buildPolicyReports(engineResponses, []SkippedPolicy{}) + reports := buildPolicyReports(engineResponses) assert.Assert(t, len(reports) == 2, len(reports)) for _, report := range reports { From 36515ce127a7594570b77f3ec857a67947634770 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Tue, 31 Aug 2021 17:59:18 +0530 Subject: [PATCH 02/37] removing commented code Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 37 +++--------------------------- 1 file changed, 3 insertions(+), 34 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index 9e660db8bf..d070ff6487 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -47,12 +47,6 @@ type Values struct { Policies []Policy `json:"policies"` } -// type SkippedPolicy struct { -// Name string `json:"name"` -// Rules []v1.Rule `json:"rules"` -// Variable string `json:"variable"` -// } - var applyHelp = ` To apply on a resource: kyverno apply /path/to/policy.yaml /path/to/folderOfPolicies --resource=/path/to/resource1 --resource=/path/to/resource2 @@ -275,43 +269,22 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, for _, policy := range mutatedPolicies { err := policy2.Validate(policy, nil, true, openAPIController) - // here skip policy if err != nil { skippedPolicies = append(skippedPolicies, policy.Name) continue } - // if err != nil { - // rc.skip += len(resources) - // log.Log.V(3).Info(fmt.Sprintf("skipping policy %v as it is not valid", policy.Name), "error", err) - // continue - // } - matches := common.PolicyHasVariables(*policy) variable := common.RemoveDuplicateAndObjectVariables(matches) if len(variable) > 0 { if len(variables) == 0 { - // check policy in valuesMap - if valuesMap[policy.Name] == nil { - //check for namespce selector + // check policy in variable file + if valuesFile == "" || valuesMap[policy.Name] == nil { skippedPolicies = append(skippedPolicies, policy.Name) continue } } - // valuesMap, namespaceSelectorMap } - // if len(variable) > 0 && variablesString == "" && valuesFile == "" { - // // skip policy ...can we get specific policy name?? - // rc.skip++ - // skipPolicy := SkippedPolicy{ - // Name: policy.GetName(), - // Rules: policy.Spec.Rules, - // Variable: variable, - // } - // skippedPolicies = append(skippedPolicies, skipPolicy) - // log.Log.V(3).Info(fmt.Sprintf("skipping policy %s as non of the variable values are not passed", policy.Name), "error", fmt.Sprintf("policy have variable - %s", variable)) - // continue - // } for _, resource := range resources { // get values from file for this policy resource combination @@ -372,7 +345,7 @@ func checkMutateLogPath(mutateLogPath string) (mutateLogPathIsDir bool, err erro // printReportOrViolation - printing policy report/violations func printReportOrViolation(policyReport bool, validateEngineResponses []*response.EngineResponse, rc *resultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []string, stdin bool) { if len(skippedPolicies) > 0 { - fmt.Println("----------------------------------------------------------------------\nPolicies Skipped:\n") + fmt.Println("----------------------------------------------------------------------\nPolicies Skipped(as required variables are not provided by the users):\n") for i, policyName := range skippedPolicies { fmt.Println(i+1, ". ", policyName) } @@ -391,10 +364,6 @@ func printReportOrViolation(policyReport bool, validateEngineResponses []*respon fmt.Println("----------------------------------------------------------------------\nPOLICY REPORT: skip generating policy report (no validate policy found/resource skipped)") } } else { - // rcCount := rc.pass + rc.fail + rc.warn + rc.error + rc.skip - // if rcCount < len(resourcePaths) { - // rc.skip += len(resourcePaths) - rcCount - // } if !stdin { fmt.Printf("\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n", rc.pass, rc.fail, rc.warn, rc.error, rc.skip) From dce36634295898df77cf078830492962545678ef Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Tue, 31 Aug 2021 19:27:56 +0530 Subject: [PATCH 03/37] removing error count Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 6 ++---- pkg/kyverno/apply/report.go | 30 ------------------------------ pkg/kyverno/common/common.go | 11 +++++------ pkg/kyverno/common/common_test.go | 2 +- pkg/kyverno/test/test_command.go | 2 +- 5 files changed, 9 insertions(+), 42 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index d070ff6487..4308c14343 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -301,7 +301,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - validateErs, responseError, rcErs, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin) + validateErs, responseError, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin) if err != nil { return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } @@ -310,9 +310,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } else { rc.pass++ } - if rcErs == true { - rc.error++ - } + validateEngineResponses = append(validateEngineResponses, validateErs) } } diff --git a/pkg/kyverno/apply/report.go b/pkg/kyverno/apply/report.go index 072c4c9e09..b0ac120ed8 100644 --- a/pkg/kyverno/apply/report.go +++ b/pkg/kyverno/apply/report.go @@ -25,36 +25,6 @@ func buildPolicyReports(resps []*response.EngineResponse) (res []*unstructured.U var raw []byte var err error - // for _, sp := range skippedPolicies { - // for _, r := range sp.Rules { - // result := []*report.PolicyReportResult{ - // { - // Message: fmt.Sprintln("skipped policy with variables -", sp.Variable), - // Policy: sp.Name, - // Rule: r.Name, - // Result: "skip", - // }, - // } - // report := &report.PolicyReport{ - // TypeMeta: metav1.TypeMeta{ - // APIVersion: report.SchemeGroupVersion.String(), - // Kind: "PolicyReport", - // }, - // Results: result, - // } - // if raw, err = json.Marshal(report); err != nil { - // log.Log.V(3).Info("failed to serialize policy report", "error", err) - // continue - // } - // reportUnstructured, err := engineutils.ConvertToUnstructured(raw) - // if err != nil { - // log.Log.V(3).Info("failed to convert policy report", "error", err) - // continue - // } - // res = append(res, reportUnstructured) - // } - // } - resultsMap := buildPolicyResults(resps) for scope, result := range resultsMap { if scope == clusterpolicyreport { diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index bb38c28e81..5931e55070 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -507,7 +507,7 @@ func MutatePolices(policies []*v1.ClusterPolicy) ([]*v1.ClusterPolicy, error) { // ApplyPolicyOnResource - function to apply policy on resource func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, - mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool) (*response.EngineResponse, bool, bool, error) { + mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool) (*response.EngineResponse, bool, error) { operationIsDelete := false @@ -516,7 +516,6 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } responseError := false - rcError := false engineResponses := make([]*response.EngineResponse, 0) namespaceLabels := make(map[string]string) @@ -533,7 +532,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst resourceNamespace := resource.GetNamespace() namespaceLabels = namespaceSelectorMap[resource.GetNamespace()] if resourceNamespace != "default" && len(namespaceLabels) < 1 { - return &response.EngineResponse{}, responseError, rcError, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) + return &response.EngineResponse{}, responseError, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) } } @@ -573,7 +572,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst if len(mutateResponse.PolicyResponse.Rules) > 0 { yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) if err != nil { - rcError = true + return &response.EngineResponse{}, responseError, sanitizederror.NewWithError("failed to marshal", err) } if mutateLogPath == "" { @@ -588,7 +587,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } else { err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resource.GetName()+"-mutated") if err != nil { - return &response.EngineResponse{}, responseError, rcError, sanitizederror.NewWithError("failed to print mutated result", err) + return &response.EngineResponse{}, responseError, sanitizederror.NewWithError("failed to print mutated result", err) } fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") } @@ -651,7 +650,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } } - return validateResponse, responseError, rcError, nil + return validateResponse, responseError, nil } // PrintMutatedOutput - function to print output in provided file or directory diff --git a/pkg/kyverno/common/common_test.go b/pkg/kyverno/common/common_test.go index b13a61d8e6..c2b087076a 100644 --- a/pkg/kyverno/common/common_test.go +++ b/pkg/kyverno/common/common_test.go @@ -85,7 +85,7 @@ func Test_NamespaceSelector(t *testing.T) { for _, tc := range testcases { policyArray, _ := ut.GetPolicy(tc.policy) resourceArray, _ := GetResource(tc.resource) - validateErs, _, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false) + validateErs, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false) assert.Assert(t, tc.success == validateErs.IsSuccessful()) } } diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 848f8aec61..2ceebdd9e0 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -394,7 +394,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s return sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - validateErs, _, _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false) + validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false) if err != nil { return sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } From 92173fae9bea15f0656949c02a1ecb641a610e6e Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Tue, 31 Aug 2021 19:29:53 +0530 Subject: [PATCH 04/37] small fix Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index 4308c14343..0ce2b07a2c 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -343,7 +343,7 @@ func checkMutateLogPath(mutateLogPath string) (mutateLogPathIsDir bool, err erro // printReportOrViolation - printing policy report/violations func printReportOrViolation(policyReport bool, validateEngineResponses []*response.EngineResponse, rc *resultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []string, stdin bool) { if len(skippedPolicies) > 0 { - fmt.Println("----------------------------------------------------------------------\nPolicies Skipped(as required variables are not provided by the users):\n") + fmt.Println("----------------------------------------------------------------------\nPolicies Skipped(as required variables are not provided by the users):") for i, policyName := range skippedPolicies { fmt.Println(i+1, ". ", policyName) } From 7abc74273c50423c9d01e6f3f7f8c95d90913d0b Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Tue, 31 Aug 2021 21:18:54 +0530 Subject: [PATCH 05/37] added logic for rule based count Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 25 ++++---------- pkg/kyverno/common/common.go | 52 ++++++++++++++++++++++++------ pkg/kyverno/common/common_test.go | 2 +- pkg/kyverno/test/test_command.go | 2 +- 4 files changed, 51 insertions(+), 30 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index 0ce2b07a2c..e2f009815c 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -25,14 +25,6 @@ import ( yaml1 "sigs.k8s.io/yaml" ) -type resultCounts struct { - pass int - fail int - warn int - error int - skip int -} - type Resource struct { Name string `json:"name"` Values map[string]string `json:"values"` @@ -151,7 +143,7 @@ func Command() *cobra.Command { } func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, mutateLogPath string, - variablesString string, valuesFile string, namespace string, policyPaths []string, stdin bool) (validateEngineResponses []*response.EngineResponse, rc *resultCounts, resources []*unstructured.Unstructured, skippedPolicies []string, err error) { + variablesString string, valuesFile string, namespace string, policyPaths []string, stdin bool) (validateEngineResponses []*response.EngineResponse, rc *common.ResultCounts, resources []*unstructured.Unstructured, skippedPolicies []string, err error) { store.SetMock(true) kubernetesConfig := genericclioptions.NewConfigFlags(true) @@ -262,7 +254,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } } - rc = &resultCounts{} + rc = &common.ResultCounts{} validateEngineResponses = make([]*response.EngineResponse, 0) // skippedPolicies = make([]SkippedPolicy, 0) skippedPolicies = make([]string, 0) @@ -301,15 +293,10 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - validateErs, responseError, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin) + validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) if err != nil { return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } - if responseError == true { - rc.fail++ - } else { - rc.pass++ - } validateEngineResponses = append(validateEngineResponses, validateErs) } @@ -341,7 +328,7 @@ func checkMutateLogPath(mutateLogPath string) (mutateLogPathIsDir bool, err erro } // printReportOrViolation - printing policy report/violations -func printReportOrViolation(policyReport bool, validateEngineResponses []*response.EngineResponse, rc *resultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []string, stdin bool) { +func printReportOrViolation(policyReport bool, validateEngineResponses []*response.EngineResponse, rc *common.ResultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []string, stdin bool) { if len(skippedPolicies) > 0 { fmt.Println("----------------------------------------------------------------------\nPolicies Skipped(as required variables are not provided by the users):") for i, policyName := range skippedPolicies { @@ -364,10 +351,10 @@ func printReportOrViolation(policyReport bool, validateEngineResponses []*respon } else { if !stdin { fmt.Printf("\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n", - rc.pass, rc.fail, rc.warn, rc.error, rc.skip) + rc.Pass, rc.Fail, rc.Warn, rc.Error, rc.Skip) } - if rc.fail > 0 || rc.error > 0 { + if rc.Fail > 0 || rc.Error > 0 { os.Exit(1) } } diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 5931e55070..66749afcaf 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -34,7 +34,13 @@ import ( yaml_v2 "sigs.k8s.io/yaml" ) -// GetPolicies - Extracting the policies from multiple YAML +type ResultCounts struct { + Pass int + Fail int + Warn int + Error int + Skip int +} type Policy struct { Name string `json:"name"` Resources []Resource `json:"resources"` @@ -61,6 +67,7 @@ type NamespaceSelector struct { Labels map[string]string `json:"labels"` } +// GetPolicies - Extracting the policies from multiple YAML func GetPolicies(paths []string) (policies []*v1.ClusterPolicy, errors []error) { for _, path := range paths { log.Log.V(5).Info("reading policies", "path", path) @@ -507,7 +514,7 @@ func MutatePolices(policies []*v1.ClusterPolicy) ([]*v1.ClusterPolicy, error) { // ApplyPolicyOnResource - function to apply policy on resource func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, - mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool) (*response.EngineResponse, bool, error) { + mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (*response.EngineResponse, bool, error) { operationIsDelete := false @@ -605,17 +612,44 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst policyCtx := &engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource, JSONContext: ctx, NamespaceLabels: namespaceLabels} validateResponse := engine.Validate(policyCtx) + printCount := 0 if !policyReport { - if !validateResponse.IsSuccessful() { - fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath) - for i, r := range validateResponse.PolicyResponse.Rules { - if !r.Success { - fmt.Printf("%d. %s: %s \n", i+1, r.Name, r.Message) + for _, policyRule := range policy.Spec.Rules { + ruleFoundInEngineResponse := false + for i, valResponseRule := range validateResponse.PolicyResponse.Rules { + fmt.Println("valResponseRule.Name: ", valResponseRule.Name) + fmt.Println("valResponseRule.Success: ", valResponseRule.Success) + if policyRule.Name == valResponseRule.Name { + ruleFoundInEngineResponse = true + if valResponseRule.Success { + rc.Pass++ + } else { + if printCount < 1 { + fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath) + printCount++ + } + + fmt.Printf("%d. %s: %s \n", i+1, valResponseRule.Name, valResponseRule.Message) + rc.Fail++ + } + continue } } - - responseError = true + if !ruleFoundInEngineResponse { + rc.Skip++ + } } + + // if !validateResponse.IsSuccessful() { + // fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath) + // for i, r := range validateResponse.PolicyResponse.Rules { + // if !r.Success { + // fmt.Printf("%d. %s: %s \n", i+1, r.Name, r.Message) + // } + // } + + // responseError = true + // } } var policyHasGenerate bool diff --git a/pkg/kyverno/common/common_test.go b/pkg/kyverno/common/common_test.go index c2b087076a..6476443a71 100644 --- a/pkg/kyverno/common/common_test.go +++ b/pkg/kyverno/common/common_test.go @@ -85,7 +85,7 @@ func Test_NamespaceSelector(t *testing.T) { for _, tc := range testcases { policyArray, _ := ut.GetPolicy(tc.policy) resourceArray, _ := GetResource(tc.resource) - validateErs, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false) + validateErs, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil) assert.Assert(t, tc.success == validateErs.IsSuccessful()) } } diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 2ceebdd9e0..84b38181bd 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -394,7 +394,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s return sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false) + validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) if err != nil { return sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } From 02c584ed8f66684b82974244deb9b7d398bb1cd4 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Wed, 1 Sep 2021 00:07:19 +0530 Subject: [PATCH 06/37] result is printed with mutated policy results Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 15 ++++++++++++--- pkg/kyverno/common/common.go | 31 ++++++++++-------------------- pkg/kyverno/common/common_test.go | 2 +- pkg/kyverno/test/test_command.go | 2 +- 4 files changed, 24 insertions(+), 26 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index e2f009815c..95cb2596da 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -1,6 +1,7 @@ package apply import ( + "encoding/json" "fmt" "os" "path/filepath" @@ -224,6 +225,15 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } } + for _, policy := range mutatedPolicies { + p, err := json.Marshal(policy) + if err != nil { + return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("failed to marsal mutated policy", err) + } + log.Log.V(5).Info("mutated Policy:", string(p)) + + } + resources, err = common.GetResourceAccordingToResourcePath(fs, resourcePaths, cluster, mutatedPolicies, dClient, namespace, policyReport, false, "") if err != nil { fmt.Printf("Error: failed to load resources\nCause: %s\n", err) @@ -250,13 +260,12 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, if len(mutatedPolicies) > 0 && len(resources) > 0 { if !stdin { - fmt.Printf("\napplying %s to %s... \n", msgPolicies, msgResources) + fmt.Printf("\nApplying %s to %s... \n(Total number of result count may vary as the policy is mutated by Kyverno. To check the mutated policy please try with log level 5)", msgPolicies, msgResources) } } rc = &common.ResultCounts{} validateEngineResponses = make([]*response.EngineResponse, 0) - // skippedPolicies = make([]SkippedPolicy, 0) skippedPolicies = make([]string, 0) for _, policy := range mutatedPolicies { @@ -293,7 +302,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) + validateErs, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) if err != nil { return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 66749afcaf..7b9afbab34 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -514,7 +514,7 @@ func MutatePolices(policies []*v1.ClusterPolicy) ([]*v1.ClusterPolicy, error) { // ApplyPolicyOnResource - function to apply policy on resource func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, - mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (*response.EngineResponse, bool, error) { + mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (*response.EngineResponse, error) { operationIsDelete := false @@ -522,7 +522,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst operationIsDelete = true } - responseError := false + // responseError := false engineResponses := make([]*response.EngineResponse, 0) namespaceLabels := make(map[string]string) @@ -539,7 +539,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst resourceNamespace := resource.GetNamespace() namespaceLabels = namespaceSelectorMap[resource.GetNamespace()] if resourceNamespace != "default" && len(namespaceLabels) < 1 { - return &response.EngineResponse{}, responseError, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) + return &response.EngineResponse{}, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) } } @@ -574,12 +574,12 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst for i, r := range mutateResponse.PolicyResponse.Rules { fmt.Printf("\n%d. %s", i+1, r.Message) } - responseError = true + // responseError = true } else { if len(mutateResponse.PolicyResponse.Rules) > 0 { yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) if err != nil { - return &response.EngineResponse{}, responseError, sanitizederror.NewWithError("failed to marshal", err) + return &response.EngineResponse{}, sanitizederror.NewWithError("failed to marshal", err) } if mutateLogPath == "" { @@ -594,7 +594,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } else { err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resource.GetName()+"-mutated") if err != nil { - return &response.EngineResponse{}, responseError, sanitizederror.NewWithError("failed to print mutated result", err) + return &response.EngineResponse{}, sanitizederror.NewWithError("failed to print mutated result", err) } fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") } @@ -616,9 +616,8 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst if !policyReport { for _, policyRule := range policy.Spec.Rules { ruleFoundInEngineResponse := false + for i, valResponseRule := range validateResponse.PolicyResponse.Rules { - fmt.Println("valResponseRule.Name: ", valResponseRule.Name) - fmt.Println("valResponseRule.Success: ", valResponseRule.Success) if policyRule.Name == valResponseRule.Name { ruleFoundInEngineResponse = true if valResponseRule.Success { @@ -635,21 +634,11 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst continue } } + if !ruleFoundInEngineResponse { rc.Skip++ } } - - // if !validateResponse.IsSuccessful() { - // fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath) - // for i, r := range validateResponse.PolicyResponse.Rules { - // if !r.Success { - // fmt.Printf("%d. %s: %s \n", i+1, r.Name, r.Message) - // } - // } - - // responseError = true - // } } var policyHasGenerate bool @@ -680,11 +669,11 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst fmt.Printf("%d. %s \b", i+1, r.Message) } - responseError = true + // responseError = true } } - return validateResponse, responseError, nil + return validateResponse, nil } // PrintMutatedOutput - function to print output in provided file or directory diff --git a/pkg/kyverno/common/common_test.go b/pkg/kyverno/common/common_test.go index 6476443a71..e0bfc3470f 100644 --- a/pkg/kyverno/common/common_test.go +++ b/pkg/kyverno/common/common_test.go @@ -85,7 +85,7 @@ func Test_NamespaceSelector(t *testing.T) { for _, tc := range testcases { policyArray, _ := ut.GetPolicy(tc.policy) resourceArray, _ := GetResource(tc.resource) - validateErs, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil) + validateErs, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil) assert.Assert(t, tc.success == validateErs.IsSuccessful()) } } diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 84b38181bd..76d52f7823 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -394,7 +394,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s return sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) + validateErs, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) if err != nil { return sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } From 1e6b4bdcee50a14d0c6243d66b9169a1cadb4952 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Wed, 1 Sep 2021 18:51:31 +0530 Subject: [PATCH 07/37] skipping variable check for non matching kinds Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index 95cb2596da..028da4e02c 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -260,7 +260,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, if len(mutatedPolicies) > 0 && len(resources) > 0 { if !stdin { - fmt.Printf("\nApplying %s to %s... \n(Total number of result count may vary as the policy is mutated by Kyverno. To check the mutated policy please try with log level 5)", msgPolicies, msgResources) + fmt.Printf("\nApplying %s to %s... \n(Total number of result count may vary as the policy is mutated by Kyverno. To check the mutated policy please try with log level 5)\n", msgPolicies, msgResources) } } @@ -287,6 +287,16 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } } + kindOnwhichPolicyIsApplied := make(map[string]struct{}) + for _, rule := range policy.Spec.Rules { + for _, kind := range rule.MatchResources.ResourceDescription.Kinds { + kindOnwhichPolicyIsApplied[kind] = struct{}{} + } + for _, kind := range rule.ExcludeResources.ResourceDescription.Kinds { + kindOnwhichPolicyIsApplied[kind] = struct{}{} + } + } + for _, resource := range resources { // get values from file for this policy resource combination thisPolicyResourceValues := make(map[string]string) @@ -298,8 +308,11 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, thisPolicyResourceValues[k] = v } - if len(variable) > 0 && len(thisPolicyResourceValues) == 0 && len(store.GetContext().Policies) == 0 { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) + // skipping the variable check for non matching kind + if _, ok := kindOnwhichPolicyIsApplied[resource.GetKind()]; ok { + if len(variable) > 0 && len(thisPolicyResourceValues) == 0 && len(store.GetContext().Policies) == 0 { + return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) + } } validateErs, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) @@ -350,7 +363,7 @@ func printReportOrViolation(policyReport bool, validateEngineResponses []*respon os.Setenv("POLICY-TYPE", pkgCommon.PolicyReport) resps := buildPolicyReports(validateEngineResponses) if len(resps) > 0 || resourcesLen == 0 { - fmt.Println("----------------------------------------------------------------------\nPOLICY REPORT:\n----------------------------------------------------------------------") + fmt.Println("\n----------------------------------------------------------------------\nPOLICY REPORT:\n----------------------------------------------------------------------") report, _ := generateCLIRaw(resps) yamlReport, _ := yaml1.Marshal(report) fmt.Println(string(yamlReport)) From 868537f04dac4685019abf871e32ba1bbd396fec Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 00:02:55 +0530 Subject: [PATCH 08/37] added different logic for policy report in CLI Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 52 ++++++------ pkg/kyverno/apply/apply_command_test.go | 4 +- pkg/kyverno/apply/report.go | 7 +- pkg/kyverno/apply/report_test.go | 4 +- pkg/kyverno/common/common.go | 103 ++++++++++++++++-------- pkg/kyverno/common/common_test.go | 2 +- pkg/kyverno/test/test_command.go | 2 +- 7 files changed, 106 insertions(+), 68 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index 028da4e02c..da7ce2b8bb 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -19,6 +19,7 @@ import ( "github.com/kyverno/kyverno/pkg/kyverno/store" "github.com/kyverno/kyverno/pkg/openapi" policy2 "github.com/kyverno/kyverno/pkg/policy" + "github.com/kyverno/kyverno/pkg/policyreport" "github.com/spf13/cobra" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/cli-runtime/pkg/genericclioptions" @@ -121,12 +122,12 @@ func Command() *cobra.Command { } }() - validateEngineResponses, rc, resources, skippedPolicies, err := applyCommandHelper(resourcePaths, cluster, policyReport, mutateLogPath, variablesString, valuesFile, namespace, policyPaths, stdin) + validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err := applyCommandHelper(resourcePaths, cluster, policyReport, mutateLogPath, variablesString, valuesFile, namespace, policyPaths, stdin) if err != nil { return err } - printReportOrViolation(policyReport, validateEngineResponses, rc, resourcePaths, len(resources), skippedPolicies, stdin) + printReportOrViolation(policyReport, validateEngineResponses, rc, resourcePaths, len(resources), skippedPolicies, stdin, pvInfos) return nil }, } @@ -144,48 +145,48 @@ func Command() *cobra.Command { } func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, mutateLogPath string, - variablesString string, valuesFile string, namespace string, policyPaths []string, stdin bool) (validateEngineResponses []*response.EngineResponse, rc *common.ResultCounts, resources []*unstructured.Unstructured, skippedPolicies []string, err error) { + variablesString string, valuesFile string, namespace string, policyPaths []string, stdin bool) (validateEngineResponses []*response.EngineResponse, rc *common.ResultCounts, resources []*unstructured.Unstructured, skippedPolicies []string, pvInfos []policyreport.Info, err error) { store.SetMock(true) kubernetesConfig := genericclioptions.NewConfigFlags(true) fs := memfs.New() if valuesFile != "" && variablesString != "" { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("pass the values either using set flag or values_file flag", err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("pass the values either using set flag or values_file flag", err) } variables, valuesMap, namespaceSelectorMap, err := common.GetVariable(variablesString, valuesFile, fs, false, "") if err != nil { if !sanitizederror.IsErrorSanitized(err) { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("failed to decode yaml", err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to decode yaml", err) } - return validateEngineResponses, rc, resources, skippedPolicies, err + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err } openAPIController, err := openapi.NewOpenAPIController() if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("failed to initialize openAPIController", err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to initialize openAPIController", err) } var dClient *client.Client if cluster { restConfig, err := kubernetesConfig.ToRESTConfig() if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, err + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err } dClient, err = client.NewClient(restConfig, 15*time.Minute, make(chan struct{}), log.Log) if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, err + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err } } if len(policyPaths) == 0 { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Sprintf("require policy"), err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("require policy"), err) } if (len(policyPaths) > 0 && policyPaths[0] == "-") && len(resourcePaths) > 0 && resourcePaths[0] == "-" { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("a stdin pipe can be used for either policies or resources, not both", err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("a stdin pipe can be used for either policies or resources, not both", err) } policies, err := common.GetPoliciesFromPaths(fs, policyPaths, false, "") @@ -195,15 +196,15 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } if len(resourcePaths) == 0 && !cluster { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Sprintf("resource file(s) or cluster required"), err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("resource file(s) or cluster required"), err) } mutateLogPathIsDir, err := checkMutateLogPath(mutateLogPath) if err != nil { if !sanitizederror.IsErrorSanitized(err) { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("failed to create file/folder", err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to create file/folder", err) } - return validateEngineResponses, rc, resources, skippedPolicies, err + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err } // empty the previous contents of the file just in case if the file already existed before with some content(so as to perform overwrites) @@ -212,23 +213,23 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, _, err := os.OpenFile(mutateLogPath, os.O_TRUNC|os.O_WRONLY, 0644) if err != nil { if !sanitizederror.IsErrorSanitized(err) { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("failed to truncate the existing file at "+mutateLogPath, err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to truncate the existing file at "+mutateLogPath, err) } - return validateEngineResponses, rc, resources, skippedPolicies, err + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err } } mutatedPolicies, err := common.MutatePolices(policies) if err != nil { if !sanitizederror.IsErrorSanitized(err) { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("failed to mutate policy", err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to mutate policy", err) } } for _, policy := range mutatedPolicies { p, err := json.Marshal(policy) if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("failed to marsal mutated policy", err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to marsal mutated policy", err) } log.Log.V(5).Info("mutated Policy:", string(p)) @@ -241,7 +242,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } if (len(resources) > 1 || len(mutatedPolicies) > 1) && variablesString != "" { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError("currently `set` flag supports variable for single policy applied on single resource ", nil) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("currently `set` flag supports variable for single policy applied on single resource ", nil) } if variablesString != "" { @@ -311,20 +312,21 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, // skipping the variable check for non matching kind if _, ok := kindOnwhichPolicyIsApplied[resource.GetKind()]; ok { if len(variable) > 0 && len(thisPolicyResourceValues) == 0 && len(store.GetContext().Policies) == 0 { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) } } - validateErs, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) + validateErs, info, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } + pvInfos = append(pvInfos, info) validateEngineResponses = append(validateEngineResponses, validateErs) } } - return validateEngineResponses, rc, resources, skippedPolicies, nil + return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, nil } // checkMutateLogPath - checking path for printing mutated resource (-o flag) @@ -350,7 +352,7 @@ func checkMutateLogPath(mutateLogPath string) (mutateLogPathIsDir bool, err erro } // printReportOrViolation - printing policy report/violations -func printReportOrViolation(policyReport bool, validateEngineResponses []*response.EngineResponse, rc *common.ResultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []string, stdin bool) { +func printReportOrViolation(policyReport bool, validateEngineResponses []*response.EngineResponse, rc *common.ResultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []string, stdin bool, pvInfos []policyreport.Info) { if len(skippedPolicies) > 0 { fmt.Println("----------------------------------------------------------------------\nPolicies Skipped(as required variables are not provided by the users):") for i, policyName := range skippedPolicies { @@ -361,7 +363,7 @@ func printReportOrViolation(policyReport bool, validateEngineResponses []*respon if policyReport { os.Setenv("POLICY-TYPE", pkgCommon.PolicyReport) - resps := buildPolicyReports(validateEngineResponses) + resps := buildPolicyReports(validateEngineResponses, pvInfos) if len(resps) > 0 || resourcesLen == 0 { fmt.Println("\n----------------------------------------------------------------------\nPOLICY REPORT:\n----------------------------------------------------------------------") report, _ := generateCLIRaw(resps) diff --git a/pkg/kyverno/apply/apply_command_test.go b/pkg/kyverno/apply/apply_command_test.go index 4a6c399486..c5d6ecfd77 100644 --- a/pkg/kyverno/apply/apply_command_test.go +++ b/pkg/kyverno/apply/apply_command_test.go @@ -56,8 +56,8 @@ func Test_Apply(t *testing.T) { } for _, tc := range testcases { - validateEngineResponses, _, _, _, _ := applyCommandHelper(tc.ResourcePaths, false, true, "", "", "", "", tc.PolicyPaths, false) - resps := buildPolicyReports(validateEngineResponses) + validateEngineResponses, _, _, _, info, _ := applyCommandHelper(tc.ResourcePaths, false, true, "", "", "", "", tc.PolicyPaths, false) + resps := buildPolicyReports(validateEngineResponses, info) for i, resp := range resps { compareSummary(tc.expectedPolicyReports[i].Summary, resp.UnstructuredContent()["summary"].(map[string]interface{})) } diff --git a/pkg/kyverno/apply/report.go b/pkg/kyverno/apply/report.go index b0ac120ed8..d8e4d49ccd 100644 --- a/pkg/kyverno/apply/report.go +++ b/pkg/kyverno/apply/report.go @@ -21,11 +21,11 @@ import ( const clusterpolicyreport = "clusterpolicyreport" // resps is the engine responses generated for a single policy -func buildPolicyReports(resps []*response.EngineResponse) (res []*unstructured.Unstructured) { +func buildPolicyReports(resps []*response.EngineResponse, pvInfos []policyreport.Info) (res []*unstructured.Unstructured) { var raw []byte var err error - resultsMap := buildPolicyResults(resps) + resultsMap := buildPolicyResults(resps, pvInfos) for scope, result := range resultsMap { if scope == clusterpolicyreport { report := &report.ClusterPolicyReport{ @@ -74,9 +74,8 @@ func buildPolicyReports(resps []*response.EngineResponse) (res []*unstructured.U // buildPolicyResults returns a string-PolicyReportResult map // the key of the map is one of "clusterpolicyreport", "policyreport-ns-" -func buildPolicyResults(resps []*response.EngineResponse) map[string][]*report.PolicyReportResult { +func buildPolicyResults(resps []*response.EngineResponse, infos []policyreport.Info) map[string][]*report.PolicyReportResult { results := make(map[string][]*report.PolicyReportResult) - infos := policyreport.GeneratePRsFromEngineResponse(resps, log.Log) now := metav1.Timestamp{Seconds: time.Now().Unix()} for _, info := range infos { diff --git a/pkg/kyverno/apply/report_test.go b/pkg/kyverno/apply/report_test.go index fd24c5fd74..625e4a60c4 100644 --- a/pkg/kyverno/apply/report_test.go +++ b/pkg/kyverno/apply/report_test.go @@ -72,7 +72,7 @@ var engineResponses = []*response.EngineResponse{ func Test_buildPolicyReports(t *testing.T) { os.Setenv("POLICY-TYPE", common.PolicyReport) - reports := buildPolicyReports(engineResponses) + reports := buildPolicyReports(engineResponses, nil) assert.Assert(t, len(reports) == 2, len(reports)) for _, report := range reports { @@ -97,7 +97,7 @@ func Test_buildPolicyReports(t *testing.T) { func Test_buildPolicyResults(t *testing.T) { os.Setenv("POLICY-TYPE", common.PolicyReport) - results := buildPolicyResults(engineResponses) + results := buildPolicyResults(engineResponses, nil) assert.Assert(t, len(results[clusterpolicyreport]) == 2, len(results[clusterpolicyreport])) assert.Assert(t, len(results["policyreport-ns-policy1-namespace"]) == 2, len(results["policyreport-ns-policy1-namespace"])) diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 7b9afbab34..53ce83f9ab 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -16,6 +16,7 @@ import ( "github.com/go-git/go-billy/v5" "github.com/go-logr/logr" v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" + report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2" pkgcommon "github.com/kyverno/kyverno/pkg/common" client "github.com/kyverno/kyverno/pkg/dclient" "github.com/kyverno/kyverno/pkg/engine" @@ -25,6 +26,7 @@ import ( sanitizederror "github.com/kyverno/kyverno/pkg/kyverno/sanitizedError" "github.com/kyverno/kyverno/pkg/kyverno/store" "github.com/kyverno/kyverno/pkg/policymutation" + "github.com/kyverno/kyverno/pkg/policyreport" "github.com/kyverno/kyverno/pkg/utils" ut "github.com/kyverno/kyverno/pkg/utils" yamlv2 "gopkg.in/yaml.v2" @@ -514,7 +516,7 @@ func MutatePolices(policies []*v1.ClusterPolicy) ([]*v1.ClusterPolicy, error) { // ApplyPolicyOnResource - function to apply policy on resource func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, - mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (*response.EngineResponse, error) { + mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (*response.EngineResponse, policyreport.Info, error) { operationIsDelete := false @@ -539,7 +541,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst resourceNamespace := resource.GetNamespace() namespaceLabels = namespaceSelectorMap[resource.GetNamespace()] if resourceNamespace != "default" && len(namespaceLabels) < 1 { - return &response.EngineResponse{}, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) + return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) } } @@ -579,7 +581,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst if len(mutateResponse.PolicyResponse.Rules) > 0 { yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) if err != nil { - return &response.EngineResponse{}, sanitizederror.NewWithError("failed to marshal", err) + return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError("failed to marshal", err) } if mutateLogPath == "" { @@ -594,7 +596,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } else { err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resource.GetName()+"-mutated") if err != nil { - return &response.EngineResponse{}, sanitizederror.NewWithError("failed to print mutated result", err) + return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError("failed to print mutated result", err) } fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") } @@ -612,34 +614,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst policyCtx := &engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource, JSONContext: ctx, NamespaceLabels: namespaceLabels} validateResponse := engine.Validate(policyCtx) - printCount := 0 - if !policyReport { - for _, policyRule := range policy.Spec.Rules { - ruleFoundInEngineResponse := false - - for i, valResponseRule := range validateResponse.PolicyResponse.Rules { - if policyRule.Name == valResponseRule.Name { - ruleFoundInEngineResponse = true - if valResponseRule.Success { - rc.Pass++ - } else { - if printCount < 1 { - fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath) - printCount++ - } - - fmt.Printf("%d. %s: %s \n", i+1, valResponseRule.Name, valResponseRule.Message) - rc.Fail++ - } - continue - } - } - - if !ruleFoundInEngineResponse { - rc.Skip++ - } - } - } + info := checkValidateEngineResponse(policy, validateResponse, resPath, rc) var policyHasGenerate bool for _, rule := range policy.Spec.Rules { @@ -673,7 +648,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } } - return validateResponse, nil + return validateResponse, info, nil } // PrintMutatedOutput - function to print output in provided file or directory @@ -798,3 +773,65 @@ func GetResourceAccordingToResourcePath(fs billy.Filesystem, resourcePaths []str } return resources, err } + +func checkValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *response.EngineResponse, resPath string, rc *ResultCounts) policyreport.Info { + var violatedRules []v1.ViolatedRule + printCount := 0 + for _, policyRule := range policy.Spec.Rules { + ruleFoundInEngineResponse := false + + for i, valResponseRule := range validateResponse.PolicyResponse.Rules { + if policyRule.Name == valResponseRule.Name { + ruleFoundInEngineResponse = true + vrule := v1.ViolatedRule{ + Name: valResponseRule.Name, + Type: valResponseRule.Type, + Message: valResponseRule.Message, + } + + if valResponseRule.Success { + rc.Pass++ + vrule.Check = report.StatusPass + } else { + if printCount < 1 { + fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath) + printCount++ + } + + fmt.Printf("%d. %s: %s \n", i+1, valResponseRule.Name, valResponseRule.Message) + rc.Fail++ + vrule.Check = report.StatusFail + } + violatedRules = append(violatedRules, vrule) + continue + } + } + + if !ruleFoundInEngineResponse { + rc.Skip++ + vruleSkip := v1.ViolatedRule{ + Name: policyRule.Name, + Type: "Validation", + Message: policyRule.Validation.Message, + Check: report.StatusSkip, + } + violatedRules = append(violatedRules, vruleSkip) + } + + } + return buildPVInfo(validateResponse, violatedRules) +} + +func buildPVInfo(er *response.EngineResponse, violatedRules []v1.ViolatedRule) policyreport.Info { + info := policyreport.Info{ + PolicyName: er.PolicyResponse.Policy.Name, + Namespace: er.PatchedResource.GetNamespace(), + Results: []policyreport.EngineResponseResult{ + { + Resource: er.GetResourceSpec(), + Rules: violatedRules, + }, + }, + } + return info +} diff --git a/pkg/kyverno/common/common_test.go b/pkg/kyverno/common/common_test.go index e0bfc3470f..6476443a71 100644 --- a/pkg/kyverno/common/common_test.go +++ b/pkg/kyverno/common/common_test.go @@ -85,7 +85,7 @@ func Test_NamespaceSelector(t *testing.T) { for _, tc := range testcases { policyArray, _ := ut.GetPolicy(tc.policy) resourceArray, _ := GetResource(tc.resource) - validateErs, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil) + validateErs, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil) assert.Assert(t, tc.success == validateErs.IsSuccessful()) } } diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 76d52f7823..84b38181bd 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -394,7 +394,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s return sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - validateErs, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) + validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) if err != nil { return sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } From 7690a20752194e8813ce54cd234ef4ef2a251e1e Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 01:06:29 +0530 Subject: [PATCH 09/37] fixed apply test cases Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 54 +++--- pkg/kyverno/apply/apply_command_test.go | 8 +- pkg/kyverno/apply/report.go | 7 +- pkg/kyverno/apply/report_test.go | 193 +++++++++---------- pkg/kyverno/common/common.go | 26 +-- pkg/kyverno/common/common_test.go | 168 ++++++++-------- pkg/kyverno/test/test_command.go | 4 +- test/best_practices/disallow_latest_tag.yaml | 1 + test/resources/pod_with_latest_tag.yaml | 10 + 9 files changed, 237 insertions(+), 234 deletions(-) create mode 100644 test/resources/pod_with_latest_tag.yaml diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index da7ce2b8bb..1083a9c7a8 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -13,7 +13,6 @@ import ( v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" pkgCommon "github.com/kyverno/kyverno/pkg/common" client "github.com/kyverno/kyverno/pkg/dclient" - "github.com/kyverno/kyverno/pkg/engine/response" "github.com/kyverno/kyverno/pkg/kyverno/common" sanitizederror "github.com/kyverno/kyverno/pkg/kyverno/sanitizedError" "github.com/kyverno/kyverno/pkg/kyverno/store" @@ -122,12 +121,12 @@ func Command() *cobra.Command { } }() - validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err := applyCommandHelper(resourcePaths, cluster, policyReport, mutateLogPath, variablesString, valuesFile, namespace, policyPaths, stdin) + rc, resources, skippedPolicies, pvInfos, err := applyCommandHelper(resourcePaths, cluster, policyReport, mutateLogPath, variablesString, valuesFile, namespace, policyPaths, stdin) if err != nil { return err } - printReportOrViolation(policyReport, validateEngineResponses, rc, resourcePaths, len(resources), skippedPolicies, stdin, pvInfos) + printReportOrViolation(policyReport, rc, resourcePaths, len(resources), skippedPolicies, stdin, pvInfos) return nil }, } @@ -145,48 +144,47 @@ func Command() *cobra.Command { } func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, mutateLogPath string, - variablesString string, valuesFile string, namespace string, policyPaths []string, stdin bool) (validateEngineResponses []*response.EngineResponse, rc *common.ResultCounts, resources []*unstructured.Unstructured, skippedPolicies []string, pvInfos []policyreport.Info, err error) { - + variablesString string, valuesFile string, namespace string, policyPaths []string, stdin bool) (rc *common.ResultCounts, resources []*unstructured.Unstructured, skippedPolicies []string, pvInfos []policyreport.Info, err error) { store.SetMock(true) kubernetesConfig := genericclioptions.NewConfigFlags(true) fs := memfs.New() if valuesFile != "" && variablesString != "" { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("pass the values either using set flag or values_file flag", err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("pass the values either using set flag or values_file flag", err) } variables, valuesMap, namespaceSelectorMap, err := common.GetVariable(variablesString, valuesFile, fs, false, "") if err != nil { if !sanitizederror.IsErrorSanitized(err) { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to decode yaml", err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to decode yaml", err) } - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err + return rc, resources, skippedPolicies, pvInfos, err } openAPIController, err := openapi.NewOpenAPIController() if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to initialize openAPIController", err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to initialize openAPIController", err) } var dClient *client.Client if cluster { restConfig, err := kubernetesConfig.ToRESTConfig() if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err + return rc, resources, skippedPolicies, pvInfos, err } dClient, err = client.NewClient(restConfig, 15*time.Minute, make(chan struct{}), log.Log) if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err + return rc, resources, skippedPolicies, pvInfos, err } } if len(policyPaths) == 0 { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("require policy"), err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("require policy"), err) } if (len(policyPaths) > 0 && policyPaths[0] == "-") && len(resourcePaths) > 0 && resourcePaths[0] == "-" { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("a stdin pipe can be used for either policies or resources, not both", err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("a stdin pipe can be used for either policies or resources, not both", err) } policies, err := common.GetPoliciesFromPaths(fs, policyPaths, false, "") @@ -196,15 +194,15 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } if len(resourcePaths) == 0 && !cluster { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("resource file(s) or cluster required"), err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("resource file(s) or cluster required"), err) } mutateLogPathIsDir, err := checkMutateLogPath(mutateLogPath) if err != nil { if !sanitizederror.IsErrorSanitized(err) { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to create file/folder", err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to create file/folder", err) } - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err + return rc, resources, skippedPolicies, pvInfos, err } // empty the previous contents of the file just in case if the file already existed before with some content(so as to perform overwrites) @@ -213,23 +211,23 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, _, err := os.OpenFile(mutateLogPath, os.O_TRUNC|os.O_WRONLY, 0644) if err != nil { if !sanitizederror.IsErrorSanitized(err) { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to truncate the existing file at "+mutateLogPath, err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to truncate the existing file at "+mutateLogPath, err) } - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, err + return rc, resources, skippedPolicies, pvInfos, err } } mutatedPolicies, err := common.MutatePolices(policies) if err != nil { if !sanitizederror.IsErrorSanitized(err) { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to mutate policy", err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to mutate policy", err) } } for _, policy := range mutatedPolicies { p, err := json.Marshal(policy) if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to marsal mutated policy", err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to marsal mutated policy", err) } log.Log.V(5).Info("mutated Policy:", string(p)) @@ -242,7 +240,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } if (len(resources) > 1 || len(mutatedPolicies) > 1) && variablesString != "" { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("currently `set` flag supports variable for single policy applied on single resource ", nil) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("currently `set` flag supports variable for single policy applied on single resource ", nil) } if variablesString != "" { @@ -266,7 +264,6 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } rc = &common.ResultCounts{} - validateEngineResponses = make([]*response.EngineResponse, 0) skippedPolicies = make([]string, 0) for _, policy := range mutatedPolicies { @@ -312,21 +309,20 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, // skipping the variable check for non matching kind if _, ok := kindOnwhichPolicyIsApplied[resource.GetKind()]; ok { if len(variable) > 0 && len(thisPolicyResourceValues) == 0 && len(store.GetContext().Policies) == 0 { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) } } - validateErs, info, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) + info, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) if err != nil { - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } pvInfos = append(pvInfos, info) - validateEngineResponses = append(validateEngineResponses, validateErs) } } - return validateEngineResponses, rc, resources, skippedPolicies, pvInfos, nil + return rc, resources, skippedPolicies, pvInfos, nil } // checkMutateLogPath - checking path for printing mutated resource (-o flag) @@ -352,7 +348,7 @@ func checkMutateLogPath(mutateLogPath string) (mutateLogPathIsDir bool, err erro } // printReportOrViolation - printing policy report/violations -func printReportOrViolation(policyReport bool, validateEngineResponses []*response.EngineResponse, rc *common.ResultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []string, stdin bool, pvInfos []policyreport.Info) { +func printReportOrViolation(policyReport bool, rc *common.ResultCounts, resourcePaths []string, resourcesLen int, skippedPolicies []string, stdin bool, pvInfos []policyreport.Info) { if len(skippedPolicies) > 0 { fmt.Println("----------------------------------------------------------------------\nPolicies Skipped(as required variables are not provided by the users):") for i, policyName := range skippedPolicies { @@ -363,7 +359,7 @@ func printReportOrViolation(policyReport bool, validateEngineResponses []*respon if policyReport { os.Setenv("POLICY-TYPE", pkgCommon.PolicyReport) - resps := buildPolicyReports(validateEngineResponses, pvInfos) + resps := buildPolicyReports(pvInfos) if len(resps) > 0 || resourcesLen == 0 { fmt.Println("\n----------------------------------------------------------------------\nPOLICY REPORT:\n----------------------------------------------------------------------") report, _ := generateCLIRaw(resps) diff --git a/pkg/kyverno/apply/apply_command_test.go b/pkg/kyverno/apply/apply_command_test.go index c5d6ecfd77..19b1676c56 100644 --- a/pkg/kyverno/apply/apply_command_test.go +++ b/pkg/kyverno/apply/apply_command_test.go @@ -31,12 +31,12 @@ func Test_Apply(t *testing.T) { }, }, { - PolicyPaths: []string{"../../../test/best_practices/require_pod_requests_limits.yaml"}, + PolicyPaths: []string{"../../../test/best_practices/disallow_latest_tag.yaml"}, ResourcePaths: []string{"../../../test/resources/pod_with_latest_tag.yaml"}, expectedPolicyReports: []preport.PolicyReport{ { Summary: preport.PolicyReportSummary{ - Pass: 0, + Pass: 1, Fail: 1, Skip: 0, Error: 0, @@ -56,8 +56,8 @@ func Test_Apply(t *testing.T) { } for _, tc := range testcases { - validateEngineResponses, _, _, _, info, _ := applyCommandHelper(tc.ResourcePaths, false, true, "", "", "", "", tc.PolicyPaths, false) - resps := buildPolicyReports(validateEngineResponses, info) + _, _, _, info, _ := applyCommandHelper(tc.ResourcePaths, false, true, "", "", "", "", tc.PolicyPaths, false) + resps := buildPolicyReports(info) for i, resp := range resps { compareSummary(tc.expectedPolicyReports[i].Summary, resp.UnstructuredContent()["summary"].(map[string]interface{})) } diff --git a/pkg/kyverno/apply/report.go b/pkg/kyverno/apply/report.go index d8e4d49ccd..686b3621b8 100644 --- a/pkg/kyverno/apply/report.go +++ b/pkg/kyverno/apply/report.go @@ -7,7 +7,6 @@ import ( "time" report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2" - "github.com/kyverno/kyverno/pkg/engine/response" "github.com/kyverno/kyverno/pkg/engine/utils" engineutils "github.com/kyverno/kyverno/pkg/engine/utils" "github.com/kyverno/kyverno/pkg/policyreport" @@ -21,11 +20,11 @@ import ( const clusterpolicyreport = "clusterpolicyreport" // resps is the engine responses generated for a single policy -func buildPolicyReports(resps []*response.EngineResponse, pvInfos []policyreport.Info) (res []*unstructured.Unstructured) { +func buildPolicyReports(pvInfos []policyreport.Info) (res []*unstructured.Unstructured) { var raw []byte var err error - resultsMap := buildPolicyResults(resps, pvInfos) + resultsMap := buildPolicyResults(pvInfos) for scope, result := range resultsMap { if scope == clusterpolicyreport { report := &report.ClusterPolicyReport{ @@ -74,7 +73,7 @@ func buildPolicyReports(resps []*response.EngineResponse, pvInfos []policyreport // buildPolicyResults returns a string-PolicyReportResult map // the key of the map is one of "clusterpolicyreport", "policyreport-ns-" -func buildPolicyResults(resps []*response.EngineResponse, infos []policyreport.Info) map[string][]*report.PolicyReportResult { +func buildPolicyResults(infos []policyreport.Info) map[string][]*report.PolicyReportResult { results := make(map[string][]*report.PolicyReportResult) now := metav1.Timestamp{Seconds: time.Now().Unix()} diff --git a/pkg/kyverno/apply/report_test.go b/pkg/kyverno/apply/report_test.go index 625e4a60c4..e08b449f3e 100644 --- a/pkg/kyverno/apply/report_test.go +++ b/pkg/kyverno/apply/report_test.go @@ -1,118 +1,113 @@ package apply import ( - "os" "testing" preport "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2" report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2" - "github.com/kyverno/kyverno/pkg/common" - "github.com/kyverno/kyverno/pkg/engine/response" - "github.com/kyverno/kyverno/pkg/engine/utils" "gotest.tools/assert" v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) -var engineResponses = []*response.EngineResponse{ - { - PatchedResource: unstructured.Unstructured{ - Object: map[string]interface{}{ - "kind": "Pod", - "metadata": map[string]interface{}{ - "name": "policy1-pod", - "namespace": "policy1-namespace", - }, - }, - }, - PolicyResponse: response.PolicyResponse{ - Policy: response.PolicySpec{Name: "policy1"}, - Resource: response.ResourceSpec{Name: "policy1-pod"}, - Rules: []response.RuleResponse{ - { - Name: "policy1-rule1", - Type: utils.Validation.String(), - Success: true, - }, - { - Name: "policy1-rule2", - Type: utils.Validation.String(), - Success: false, - }, - }, - }, - }, - { - PatchedResource: unstructured.Unstructured{ - Object: map[string]interface{}{ - "kind": "ClusterRole", - "metadata": map[string]interface{}{ - "name": "policy2-clusterrole", - }, - }, - }, - PolicyResponse: response.PolicyResponse{ - Policy: response.PolicySpec{Name: "clusterpolicy2"}, - Resource: response.ResourceSpec{Name: "policy2-clusterrole"}, - Rules: []response.RuleResponse{ - { - Name: "clusterpolicy2-rule1", - Type: utils.Validation.String(), - Success: true, - }, - { - Name: "clusterpolicy2-rule2", - Type: utils.Validation.String(), - Success: false, - }, - }, - }, - }, -} +// var engineResponses = []*response.EngineResponse{ +// { +// PatchedResource: unstructured.Unstructured{ +// Object: map[string]interface{}{ +// "kind": "Pod", +// "metadata": map[string]interface{}{ +// "name": "policy1-pod", +// "namespace": "policy1-namespace", +// }, +// }, +// }, +// PolicyResponse: response.PolicyResponse{ +// Policy: response.PolicySpec{Name: "policy1"}, +// Resource: response.ResourceSpec{Name: "policy1-pod"}, +// Rules: []response.RuleResponse{ +// { +// Name: "policy1-rule1", +// Type: utils.Validation.String(), +// Success: true, +// }, +// { +// Name: "policy1-rule2", +// Type: utils.Validation.String(), +// Success: false, +// }, +// }, +// }, +// }, +// { +// PatchedResource: unstructured.Unstructured{ +// Object: map[string]interface{}{ +// "kind": "ClusterRole", +// "metadata": map[string]interface{}{ +// "name": "policy2-clusterrole", +// }, +// }, +// }, +// PolicyResponse: response.PolicyResponse{ +// Policy: response.PolicySpec{Name: "clusterpolicy2"}, +// Resource: response.ResourceSpec{Name: "policy2-clusterrole"}, +// Rules: []response.RuleResponse{ +// { +// Name: "clusterpolicy2-rule1", +// Type: utils.Validation.String(), +// Success: true, +// }, +// { +// Name: "clusterpolicy2-rule2", +// Type: utils.Validation.String(), +// Success: false, +// }, +// }, +// }, +// }, +// } -func Test_buildPolicyReports(t *testing.T) { - os.Setenv("POLICY-TYPE", common.PolicyReport) - reports := buildPolicyReports(engineResponses, nil) - assert.Assert(t, len(reports) == 2, len(reports)) +// func Test_buildPolicyReports(t *testing.T) { +// os.Setenv("POLICY-TYPE", common.PolicyReport) +// reports := buildPolicyReports(engineResponses, nil) +// assert.Assert(t, len(reports) == 2, len(reports)) - for _, report := range reports { - if report.GetNamespace() == "" { - assert.Assert(t, report.GetName() == clusterpolicyreport) - assert.Assert(t, report.GetKind() == "ClusterPolicyReport") - assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2) - assert.Assert(t, - report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1, - report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64)) - } else { - assert.Assert(t, report.GetName() == "policyreport-ns-policy1-namespace") - assert.Assert(t, report.GetKind() == "PolicyReport") - assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2) - assert.Assert(t, - report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1, - report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64)) - } - } -} +// for _, report := range reports { +// if report.GetNamespace() == "" { +// assert.Assert(t, report.GetName() == clusterpolicyreport) +// assert.Assert(t, report.GetKind() == "ClusterPolicyReport") +// assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2) +// assert.Assert(t, +// report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1, +// report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64)) +// } else { +// assert.Assert(t, report.GetName() == "policyreport-ns-policy1-namespace") +// assert.Assert(t, report.GetKind() == "PolicyReport") +// assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2) +// assert.Assert(t, +// report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1, +// report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64)) +// } +// } +// } -func Test_buildPolicyResults(t *testing.T) { - os.Setenv("POLICY-TYPE", common.PolicyReport) +// func Test_buildPolicyResults(t *testing.T) { +// os.Setenv("POLICY-TYPE", common.PolicyReport) - results := buildPolicyResults(engineResponses, nil) - assert.Assert(t, len(results[clusterpolicyreport]) == 2, len(results[clusterpolicyreport])) - assert.Assert(t, len(results["policyreport-ns-policy1-namespace"]) == 2, len(results["policyreport-ns-policy1-namespace"])) +// results := buildPolicyResults(engineResponses, nil) +// assert.Assert(t, len(results[clusterpolicyreport]) == 2, len(results[clusterpolicyreport])) +// assert.Assert(t, len(results["policyreport-ns-policy1-namespace"]) == 2, len(results["policyreport-ns-policy1-namespace"])) - for _, result := range results { - assert.Assert(t, len(result) == 2, len(result)) - for _, r := range result { - switch r.Rule { - case "policy1-rule1", "clusterpolicy2-rule1": - assert.Assert(t, r.Result == report.PolicyResult(preport.StatusPass)) - case "policy1-rule2", "clusterpolicy2-rule2": - assert.Assert(t, r.Result == report.PolicyResult(preport.StatusFail)) - } - } - } -} +// for _, result := range results { +// assert.Assert(t, len(result) == 2, len(result)) +// for _, r := range result { +// switch r.Rule { +// case "policy1-rule1", "clusterpolicy2-rule1": +// assert.Assert(t, r.Result == report.PolicyResult(preport.StatusPass)) +// case "policy1-rule2", "clusterpolicy2-rule2": +// assert.Assert(t, r.Result == report.PolicyResult(preport.StatusFail)) +// } +// } +// } +// } func Test_calculateSummary(t *testing.T) { results := []*report.PolicyReportResult{ diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 53ce83f9ab..ed0530ce79 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -516,7 +516,7 @@ func MutatePolices(policies []*v1.ClusterPolicy) ([]*v1.ClusterPolicy, error) { // ApplyPolicyOnResource - function to apply policy on resource func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, - mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (*response.EngineResponse, policyreport.Info, error) { + mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (policyreport.Info, error) { operationIsDelete := false @@ -541,7 +541,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst resourceNamespace := resource.GetNamespace() namespaceLabels = namespaceSelectorMap[resource.GetNamespace()] if resourceNamespace != "default" && len(namespaceLabels) < 1 { - return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) + return policyreport.Info{}, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) } } @@ -581,7 +581,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst if len(mutateResponse.PolicyResponse.Rules) > 0 { yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) if err != nil { - return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError("failed to marshal", err) + return policyreport.Info{}, sanitizederror.NewWithError("failed to marshal", err) } if mutateLogPath == "" { @@ -596,7 +596,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } else { err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resource.GetName()+"-mutated") if err != nil { - return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError("failed to print mutated result", err) + return policyreport.Info{}, sanitizederror.NewWithError("failed to print mutated result", err) } fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") } @@ -614,7 +614,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst policyCtx := &engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource, JSONContext: ctx, NamespaceLabels: namespaceLabels} validateResponse := engine.Validate(policyCtx) - info := checkValidateEngineResponse(policy, validateResponse, resPath, rc) + info := checkValidateEngineResponse(policy, validateResponse, resPath, rc, policyReport) var policyHasGenerate bool for _, rule := range policy.Spec.Rules { @@ -648,7 +648,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } } - return validateResponse, info, nil + return info, nil } // PrintMutatedOutput - function to print output in provided file or directory @@ -774,7 +774,7 @@ func GetResourceAccordingToResourcePath(fs billy.Filesystem, resourcePaths []str return resources, err } -func checkValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *response.EngineResponse, resPath string, rc *ResultCounts) policyreport.Info { +func checkValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *response.EngineResponse, resPath string, rc *ResultCounts, policyReport bool) policyreport.Info { var violatedRules []v1.ViolatedRule printCount := 0 for _, policyRule := range policy.Spec.Rules { @@ -793,12 +793,14 @@ func checkValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *res rc.Pass++ vrule.Check = report.StatusPass } else { - if printCount < 1 { - fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath) - printCount++ - } + if !policyReport { + if printCount < 1 { + fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath) + printCount++ + } - fmt.Printf("%d. %s: %s \n", i+1, valResponseRule.Name, valResponseRule.Message) + fmt.Printf("%d. %s: %s \n", i+1, valResponseRule.Name, valResponseRule.Message) + } rc.Fail++ vrule.Check = report.StatusFail } diff --git a/pkg/kyverno/common/common_test.go b/pkg/kyverno/common/common_test.go index 6476443a71..010849e13c 100644 --- a/pkg/kyverno/common/common_test.go +++ b/pkg/kyverno/common/common_test.go @@ -1,91 +1,91 @@ package common -import ( - "testing" +// import ( +// "testing" - ut "github.com/kyverno/kyverno/pkg/utils" - "gotest.tools/assert" -) +// ut "github.com/kyverno/kyverno/pkg/utils" +// "gotest.tools/assert" +// ) -var policyNamespaceSelector = []byte(`{ - "apiVersion": "kyverno.io/v1", - "kind": "ClusterPolicy", - "metadata": { - "name": "enforce-pod-name" - }, - "spec": { - "validationFailureAction": "audit", - "background": true, - "rules": [ - { - "name": "validate-name", - "match": { - "resources": { - "kinds": [ - "Pod" - ], - "namespaceSelector": { - "matchExpressions": [ - { - "key": "foo.com/managed-state", - "operator": "In", - "values": [ - "managed" - ] - } - ] - } - } - }, - "validate": { - "message": "The Pod must end with -nginx", - "pattern": { - "metadata": { - "name": "*-nginx" - } - } - } - } - ] - } - } -`) +// var policyNamespaceSelector = []byte(`{ +// "apiVersion": "kyverno.io/v1", +// "kind": "ClusterPolicy", +// "metadata": { +// "name": "enforce-pod-name" +// }, +// "spec": { +// "validationFailureAction": "audit", +// "background": true, +// "rules": [ +// { +// "name": "validate-name", +// "match": { +// "resources": { +// "kinds": [ +// "Pod" +// ], +// "namespaceSelector": { +// "matchExpressions": [ +// { +// "key": "foo.com/managed-state", +// "operator": "In", +// "values": [ +// "managed" +// ] +// } +// ] +// } +// } +// }, +// "validate": { +// "message": "The Pod must end with -nginx", +// "pattern": { +// "metadata": { +// "name": "*-nginx" +// } +// } +// } +// } +// ] +// } +// } +// `) -func Test_NamespaceSelector(t *testing.T) { - type TestCase struct { - policy []byte - resource []byte - namespaceSelectorMap map[string]map[string]string - success bool - } +// func Test_NamespaceSelector(t *testing.T) { +// type TestCase struct { +// policy []byte +// resource []byte +// namespaceSelectorMap map[string]map[string]string +// success bool +// } - testcases := []TestCase{ - { - policy: policyNamespaceSelector, - resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-fail"}]}}`), - namespaceSelectorMap: map[string]map[string]string{ - "test1": { - "foo.com/managed-state": "managed", - }, - }, - success: false, - }, - { - policy: policyNamespaceSelector, - resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"test-nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-pass"}]}}`), - namespaceSelectorMap: map[string]map[string]string{ - "test1": { - "foo.com/managed-state": "managed", - }, - }, - success: true, - }, - } +// testcases := []TestCase{ +// { +// policy: policyNamespaceSelector, +// resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-fail"}]}}`), +// namespaceSelectorMap: map[string]map[string]string{ +// "test1": { +// "foo.com/managed-state": "managed", +// }, +// }, +// success: false, +// }, +// { +// policy: policyNamespaceSelector, +// resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"test-nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-pass"}]}}`), +// namespaceSelectorMap: map[string]map[string]string{ +// "test1": { +// "foo.com/managed-state": "managed", +// }, +// }, +// success: true, +// }, +// } - for _, tc := range testcases { - policyArray, _ := ut.GetPolicy(tc.policy) - resourceArray, _ := GetResource(tc.resource) - validateErs, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil) - assert.Assert(t, tc.success == validateErs.IsSuccessful()) - } -} +// for _, tc := range testcases { +// policyArray, _ := ut.GetPolicy(tc.policy) +// resourceArray, _ := GetResource(tc.resource) +// validateErs, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil) +// assert.Assert(t, tc.success == validateErs.IsSuccessful()) +// } +// } diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 84b38181bd..f2628f19d3 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -394,11 +394,11 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s return sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - validateErs, _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) + _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) if err != nil { return sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } - validateEngineResponses = append(validateEngineResponses, validateErs) + // validateEngineResponses = append(validateEngineResponses, validateErs) } } resultsMap := buildPolicyResults(validateEngineResponses, values.Results) diff --git a/test/best_practices/disallow_latest_tag.yaml b/test/best_practices/disallow_latest_tag.yaml index b862bc7055..1080f5eb65 100644 --- a/test/best_practices/disallow_latest_tag.yaml +++ b/test/best_practices/disallow_latest_tag.yaml @@ -7,6 +7,7 @@ metadata: policies.kyverno.io/description: The ':latest' tag is mutable and can lead to unexpected errors if the image changes. A best practice is to use an immutable tag that maps to a specific version of an application pod. + pod-policies.kyverno.io/autogen-controllers: none spec: validationFailureAction: audit rules: diff --git a/test/resources/pod_with_latest_tag.yaml b/test/resources/pod_with_latest_tag.yaml new file mode 100644 index 0000000000..904f3719e0 --- /dev/null +++ b/test/resources/pod_with_latest_tag.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Pod +metadata: + name: myapp-pod + labels: + app: myapp +spec: + containers: + - name: nginx + image: nginx:latest \ No newline at end of file From 6b5cf015746be4386978780c3ea5d17140bfccb4 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 02:24:04 +0530 Subject: [PATCH 10/37] fixed Test_buildPolicyReports Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/report_test.go | 238 +++++++++++++++++++------------ pkg/kyverno/common/common.go | 4 +- 2 files changed, 146 insertions(+), 96 deletions(-) diff --git a/pkg/kyverno/apply/report_test.go b/pkg/kyverno/apply/report_test.go index e08b449f3e..fe0a99f907 100644 --- a/pkg/kyverno/apply/report_test.go +++ b/pkg/kyverno/apply/report_test.go @@ -1,113 +1,163 @@ package apply import ( + "encoding/json" + "os" "testing" + kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1" preport "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2" report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2" + "github.com/kyverno/kyverno/pkg/common" + "github.com/kyverno/kyverno/pkg/engine/response" + kyvCommon "github.com/kyverno/kyverno/pkg/kyverno/common" + "github.com/kyverno/kyverno/pkg/policyreport" "gotest.tools/assert" v1 "k8s.io/api/core/v1" ) -// var engineResponses = []*response.EngineResponse{ -// { -// PatchedResource: unstructured.Unstructured{ -// Object: map[string]interface{}{ -// "kind": "Pod", -// "metadata": map[string]interface{}{ -// "name": "policy1-pod", -// "namespace": "policy1-namespace", -// }, -// }, -// }, -// PolicyResponse: response.PolicyResponse{ -// Policy: response.PolicySpec{Name: "policy1"}, -// Resource: response.ResourceSpec{Name: "policy1-pod"}, -// Rules: []response.RuleResponse{ -// { -// Name: "policy1-rule1", -// Type: utils.Validation.String(), -// Success: true, -// }, -// { -// Name: "policy1-rule2", -// Type: utils.Validation.String(), -// Success: false, -// }, -// }, -// }, -// }, -// { -// PatchedResource: unstructured.Unstructured{ -// Object: map[string]interface{}{ -// "kind": "ClusterRole", -// "metadata": map[string]interface{}{ -// "name": "policy2-clusterrole", -// }, -// }, -// }, -// PolicyResponse: response.PolicyResponse{ -// Policy: response.PolicySpec{Name: "clusterpolicy2"}, -// Resource: response.ResourceSpec{Name: "policy2-clusterrole"}, -// Rules: []response.RuleResponse{ -// { -// Name: "clusterpolicy2-rule1", -// Type: utils.Validation.String(), -// Success: true, -// }, -// { -// Name: "clusterpolicy2-rule2", -// Type: utils.Validation.String(), -// Success: false, -// }, -// }, -// }, -// }, -// } +var rawPolicy = []byte(` +{ + "apiVersion": "kyverno.io/v1", + "kind": "ClusterPolicy", + "metadata": { + "name": "pod-requirements", + "annotations": { + "pod-policies.kyverno.io/autogen-controllers": "none" + } + }, + "spec": { + "background": false, + "validationFailureAction": "audit", + "rules": [ + { + "name": "pods-require-account", + "match": { + "resources": { + "kinds": [ + "Pod" + ] + } + }, + "validate": { + "message": "User pods must include an account for charging", + "pattern": { + "metadata": { + "labels": { + "account": "*?" + } + } + } + } + }, + { + "name": "pods-require-limits", + "match": { + "resources": { + "kinds": [ + "Pod" + ] + } + }, + "validate": { + "message": "CPU and memory resource requests and limits are required for user pods", + "pattern": { + "spec": { + "containers": [ + { + "resources": { + "requests": { + "memory": "?*", + "cpu": "?*" + }, + "limits": { + "memory": "?*", + "cpu": "?*" + } + } + } + ] + } + } + } + } + ] + } + } +`) -// func Test_buildPolicyReports(t *testing.T) { -// os.Setenv("POLICY-TYPE", common.PolicyReport) -// reports := buildPolicyReports(engineResponses, nil) -// assert.Assert(t, len(reports) == 2, len(reports)) +var rawEngRes = []byte(`{"PatchedResource":{"apiVersion":"v1","kind":"Pod","metadata":{"name":"nginx1","namespace":"default"},"spec":{"containers":[{"image":"nginx","imagePullPolicy":"IfNotPresent","name":"nginx","resources":{"limits":{"cpu":"200m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"50Mi"}}}]}},"PolicyResponse":{"policy":{"name":"pod-requirements","namespace":""},"resource":{"kind":"Pod","apiVersion":"v1","namespace":"default","name":"nginx1","uid":""},"processingTime":974958,"rulesAppliedCount":2,"policyExecutionTimestamp":1630527712,"rules":[{"name":"pods-require-account","type":"Validation","message":"validation error: User pods must include an account for charging. Rule pods-require-account failed at path /metadata/labels/","success":false,"processingTime":28833,"ruleExecutionTimestamp":1630527712},{"name":"pods-require-limits","type":"Validation","message":"validation rule 'pods-require-limits' passed.","success":true,"processingTime":578625,"ruleExecutionTimestamp":1630527712}],"ValidationFailureAction":"audit"}}`) -// for _, report := range reports { -// if report.GetNamespace() == "" { -// assert.Assert(t, report.GetName() == clusterpolicyreport) -// assert.Assert(t, report.GetKind() == "ClusterPolicyReport") -// assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2) -// assert.Assert(t, -// report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1, -// report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64)) -// } else { -// assert.Assert(t, report.GetName() == "policyreport-ns-policy1-namespace") -// assert.Assert(t, report.GetKind() == "PolicyReport") -// assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2) -// assert.Assert(t, -// report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1, -// report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64)) -// } -// } -// } +func Test_buildPolicyReports(t *testing.T) { + os.Setenv("POLICY-TYPE", common.PolicyReport) + rc := &kyvCommon.ResultCounts{} + var pvInfos []policyreport.Info + var policy kyverno.ClusterPolicy + err := json.Unmarshal(rawPolicy, &policy) + assert.NilError(t, err) -// func Test_buildPolicyResults(t *testing.T) { -// os.Setenv("POLICY-TYPE", common.PolicyReport) + var er response.EngineResponse + err = json.Unmarshal(rawEngRes, &er) + assert.NilError(t, err) -// results := buildPolicyResults(engineResponses, nil) -// assert.Assert(t, len(results[clusterpolicyreport]) == 2, len(results[clusterpolicyreport])) -// assert.Assert(t, len(results["policyreport-ns-policy1-namespace"]) == 2, len(results["policyreport-ns-policy1-namespace"])) + info := kyvCommon.CheckValidateEngineResponse(&policy, &er, "", rc, true) + pvInfos = append(pvInfos, info) -// for _, result := range results { -// assert.Assert(t, len(result) == 2, len(result)) -// for _, r := range result { -// switch r.Rule { -// case "policy1-rule1", "clusterpolicy2-rule1": -// assert.Assert(t, r.Result == report.PolicyResult(preport.StatusPass)) -// case "policy1-rule2", "clusterpolicy2-rule2": -// assert.Assert(t, r.Result == report.PolicyResult(preport.StatusFail)) -// } -// } -// } -// } + reports := buildPolicyReports(pvInfos) + assert.Assert(t, len(reports) == 1, len(reports)) + + for _, report := range reports { + if report.GetNamespace() == "" { + assert.Assert(t, report.GetName() == clusterpolicyreport) + assert.Assert(t, report.GetKind() == "ClusterPolicyReport") + assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2) + assert.Assert(t, + report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1, + report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64)) + } else { + assert.Assert(t, report.GetName() == "policyreport-ns-default") + assert.Assert(t, report.GetKind() == "PolicyReport") + assert.Assert(t, len(report.UnstructuredContent()["results"].([]interface{})) == 2) + assert.Assert(t, + report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64) == 1, + report.UnstructuredContent()["summary"].(map[string]interface{})[preport.StatusPass].(int64)) + } + } +} + +func Test_buildPolicyResults(t *testing.T) { + os.Setenv("POLICY-TYPE", common.PolicyReport) + rc := &kyvCommon.ResultCounts{} + var pvInfos []policyreport.Info + var policy kyverno.ClusterPolicy + err := json.Unmarshal(rawPolicy, &policy) + assert.NilError(t, err) + + var er response.EngineResponse + err = json.Unmarshal(rawEngRes, &er) + assert.NilError(t, err) + + info := kyvCommon.CheckValidateEngineResponse(&policy, &er, "", rc, true) + pvInfos = append(pvInfos, info) + + results := buildPolicyReports(pvInfos) + + // results := buildPolicyResults(engineResponses, nil) + // assert.Assert(t, len(results[clusterpolicyreport]) == 2, len(results[clusterpolicyreport])) + // assert.Assert(t, len(results["policyreport-ns-policy1-namespace"]) == 2, len(results["policyreport-ns-policy1-namespace"])) + + // for _, result := range results { + // assert.Assert(t, len(result) == 2, len(result)) + // for _, r := range result { + // switch r.Rule { + // case "policy1-rule1", "clusterpolicy2-rule1": + // assert.Assert(t, r.Result == report.PolicyResult(preport.StatusPass)) + // case "policy1-rule2", "clusterpolicy2-rule2": + // assert.Assert(t, r.Result == report.PolicyResult(preport.StatusFail)) + // } + // } + // } +} func Test_calculateSummary(t *testing.T) { results := []*report.PolicyReportResult{ diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index ed0530ce79..3378132e72 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -614,7 +614,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst policyCtx := &engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource, JSONContext: ctx, NamespaceLabels: namespaceLabels} validateResponse := engine.Validate(policyCtx) - info := checkValidateEngineResponse(policy, validateResponse, resPath, rc, policyReport) + info := CheckValidateEngineResponse(policy, validateResponse, resPath, rc, policyReport) var policyHasGenerate bool for _, rule := range policy.Spec.Rules { @@ -774,7 +774,7 @@ func GetResourceAccordingToResourcePath(fs billy.Filesystem, resourcePaths []str return resources, err } -func checkValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *response.EngineResponse, resPath string, rc *ResultCounts, policyReport bool) policyreport.Info { +func CheckValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *response.EngineResponse, resPath string, rc *ResultCounts, policyReport bool) policyreport.Info { var violatedRules []v1.ViolatedRule printCount := 0 for _, policyRule := range policy.Spec.Rules { From 9f472a768f354d5cec9d34841af694fd553c20c6 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 02:43:07 +0530 Subject: [PATCH 11/37] fixed policy report test cases Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/report_test.go | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/pkg/kyverno/apply/report_test.go b/pkg/kyverno/apply/report_test.go index fe0a99f907..09fd06c020 100644 --- a/pkg/kyverno/apply/report_test.go +++ b/pkg/kyverno/apply/report_test.go @@ -140,23 +140,19 @@ func Test_buildPolicyResults(t *testing.T) { info := kyvCommon.CheckValidateEngineResponse(&policy, &er, "", rc, true) pvInfos = append(pvInfos, info) - results := buildPolicyReports(pvInfos) + results := buildPolicyResults(pvInfos) - // results := buildPolicyResults(engineResponses, nil) - // assert.Assert(t, len(results[clusterpolicyreport]) == 2, len(results[clusterpolicyreport])) - // assert.Assert(t, len(results["policyreport-ns-policy1-namespace"]) == 2, len(results["policyreport-ns-policy1-namespace"])) - - // for _, result := range results { - // assert.Assert(t, len(result) == 2, len(result)) - // for _, r := range result { - // switch r.Rule { - // case "policy1-rule1", "clusterpolicy2-rule1": - // assert.Assert(t, r.Result == report.PolicyResult(preport.StatusPass)) - // case "policy1-rule2", "clusterpolicy2-rule2": - // assert.Assert(t, r.Result == report.PolicyResult(preport.StatusFail)) - // } - // } - // } + for _, result := range results { + assert.Assert(t, len(result) == 2, len(result)) + for _, r := range result { + switch r.Rule { + case "pods-require-limits": + assert.Assert(t, r.Result == report.PolicyResult(preport.StatusPass)) + case "pods-require-account": + assert.Assert(t, r.Result == report.PolicyResult(preport.StatusFail)) + } + } + } } func Test_calculateSummary(t *testing.T) { From 956709069f4477c6d913f82f810203913203b55a Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 02:58:10 +0530 Subject: [PATCH 12/37] fixed kyverno common test cases Signed-off-by: NoSkillGirl --- pkg/kyverno/common/common_test.go | 185 ++++++++++++++++-------------- 1 file changed, 101 insertions(+), 84 deletions(-) diff --git a/pkg/kyverno/common/common_test.go b/pkg/kyverno/common/common_test.go index 010849e13c..4a8f02126d 100644 --- a/pkg/kyverno/common/common_test.go +++ b/pkg/kyverno/common/common_test.go @@ -1,91 +1,108 @@ package common -// import ( -// "testing" +import ( + "testing" -// ut "github.com/kyverno/kyverno/pkg/utils" -// "gotest.tools/assert" -// ) + ut "github.com/kyverno/kyverno/pkg/utils" + "gotest.tools/assert" +) -// var policyNamespaceSelector = []byte(`{ -// "apiVersion": "kyverno.io/v1", -// "kind": "ClusterPolicy", -// "metadata": { -// "name": "enforce-pod-name" -// }, -// "spec": { -// "validationFailureAction": "audit", -// "background": true, -// "rules": [ -// { -// "name": "validate-name", -// "match": { -// "resources": { -// "kinds": [ -// "Pod" -// ], -// "namespaceSelector": { -// "matchExpressions": [ -// { -// "key": "foo.com/managed-state", -// "operator": "In", -// "values": [ -// "managed" -// ] -// } -// ] -// } -// } -// }, -// "validate": { -// "message": "The Pod must end with -nginx", -// "pattern": { -// "metadata": { -// "name": "*-nginx" -// } -// } -// } -// } -// ] -// } -// } -// `) +var policyNamespaceSelector = []byte(`{ + "apiVersion": "kyverno.io/v1", + "kind": "ClusterPolicy", + "metadata": { + "name": "enforce-pod-name" + }, + "spec": { + "validationFailureAction": "audit", + "background": true, + "rules": [ + { + "name": "validate-name", + "match": { + "resources": { + "kinds": [ + "Pod" + ], + "namespaceSelector": { + "matchExpressions": [ + { + "key": "foo.com/managed-state", + "operator": "In", + "values": [ + "managed" + ] + } + ] + } + } + }, + "validate": { + "message": "The Pod must end with -nginx", + "pattern": { + "metadata": { + "name": "*-nginx" + } + } + } + } + ] + } + } +`) -// func Test_NamespaceSelector(t *testing.T) { -// type TestCase struct { -// policy []byte -// resource []byte -// namespaceSelectorMap map[string]map[string]string -// success bool -// } +func Test_NamespaceSelector(t *testing.T) { + type TestCase struct { + policy []byte + resource []byte + namespaceSelectorMap map[string]map[string]string + result ResultCounts + } -// testcases := []TestCase{ -// { -// policy: policyNamespaceSelector, -// resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-fail"}]}}`), -// namespaceSelectorMap: map[string]map[string]string{ -// "test1": { -// "foo.com/managed-state": "managed", -// }, -// }, -// success: false, -// }, -// { -// policy: policyNamespaceSelector, -// resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"test-nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-pass"}]}}`), -// namespaceSelectorMap: map[string]map[string]string{ -// "test1": { -// "foo.com/managed-state": "managed", -// }, -// }, -// success: true, -// }, -// } + testcases := []TestCase{ + { + policy: policyNamespaceSelector, + resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-fail"}]}}`), + namespaceSelectorMap: map[string]map[string]string{ + "test1": { + "foo.com/managed-state": "managed", + }, + }, + result: ResultCounts{ + Pass: 0, + Fail: 1, + Warn: 0, + Error: 0, + Skip: 0, + }, + }, + { + policy: policyNamespaceSelector, + resource: []byte(`{"apiVersion":"v1","kind":"Pod","metadata":{"name":"test-nginx","namespace":"test1"},"spec":{"containers":[{"image":"nginx:latest","name":"test-pass"}]}}`), + namespaceSelectorMap: map[string]map[string]string{ + "test1": { + "foo.com/managed-state": "managed", + }, + }, + result: ResultCounts{ + Pass: 1, + Fail: 1, + Warn: 0, + Error: 0, + Skip: 0, + }, + }, + } -// for _, tc := range testcases { -// policyArray, _ := ut.GetPolicy(tc.policy) -// resourceArray, _ := GetResource(tc.resource) -// validateErs, _, _ := ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, nil) -// assert.Assert(t, tc.success == validateErs.IsSuccessful()) -// } -// } + rc := &ResultCounts{} + for _, tc := range testcases { + policyArray, _ := ut.GetPolicy(tc.policy) + resourceArray, _ := GetResource(tc.resource) + ApplyPolicyOnResource(policyArray[0], resourceArray[0], "", false, nil, false, tc.namespaceSelectorMap, false, rc) + assert.Assert(t, int64(rc.Pass) == int64(tc.result.Pass)) + assert.Assert(t, int64(rc.Fail) == int64(tc.result.Fail)) + assert.Assert(t, int64(rc.Skip) == int64(tc.result.Skip)) + assert.Assert(t, int64(rc.Warn) == int64(tc.result.Warn)) + assert.Assert(t, int64(rc.Error) == int64(tc.result.Error)) + } +} From f5343fe468bc36293ae35dd5b5a6be8804b5a0f9 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 03:21:07 +0530 Subject: [PATCH 13/37] changes in test command Signed-off-by: NoSkillGirl --- pkg/kyverno/test/test_command.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index f2628f19d3..a31c1c5feb 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -116,10 +116,10 @@ type resultCounts struct { fail int } -func testCommandExecute(dirPath []string, valuesFile string, fileName string) (rc *resultCounts, err error) { +func testCommandExecute(dirPath []string, valuesFile string, fileName string) (rc *common.ResultCounts, err error) { var errors []error fs := memfs.New() - rc = &resultCounts{} + // rc = &resultCounts{} var testYamlCount int if len(dirPath) == 0 { return rc, sanitizederror.NewWithError(fmt.Sprintf("a directory is required"), err) @@ -186,14 +186,14 @@ func testCommandExecute(dirPath []string, valuesFile string, fileName string) (r fmt.Printf(" %v \n", e.Error()) } } - if rc.fail > 0 { + if rc.Fail > 0 { os.Exit(1) } os.Exit(0) return rc, nil } -func getLocalDirTestFiles(fs billy.Filesystem, path, fileName, valuesFile string, rc *resultCounts) []error { +func getLocalDirTestFiles(fs billy.Filesystem, path, fileName, valuesFile string, rc *common.ResultCounts) []error { var errors []error files, err := ioutil.ReadDir(path) if err != nil { @@ -295,7 +295,7 @@ func getPolicyResourceFullPath(path []string, policyResourcePath string, isGit b return path } -func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile string, isGit bool, policyResourcePath string, rc *resultCounts) (err error) { +func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile string, isGit bool, policyResourcePath string, rc *common.ResultCounts) (err error) { openAPIController, err := openapi.NewOpenAPIController() validateEngineResponses := make([]*response.EngineResponse, 0) skippedPolicies := make([]SkippedPolicy, 0) @@ -409,7 +409,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s return } -func printTestResult(resps map[string]report.PolicyReportResult, testResults []TestResults, rc *resultCounts) error { +func printTestResult(resps map[string]report.PolicyReportResult, testResults []TestResults, rc *common.ResultCounts) error { printer := tableprinter.New(os.Stdout) table := []*Table{} boldGreen := color.New(color.FgGreen).Add(color.Bold) @@ -426,7 +426,7 @@ func printTestResult(resps map[string]report.PolicyReportResult, testResults []T testRes = val } else { res.Result = boldYellow.Sprintf("Not found") - rc.fail++ + rc.Fail++ table = append(table, res) continue } @@ -436,14 +436,14 @@ func printTestResult(resps map[string]report.PolicyReportResult, testResults []T if testRes.Result == v.Result { if testRes.Result == report.StatusSkip { res.Result = boldGreen.Sprintf("Pass") - rc.skip++ + rc.Skip++ } else { res.Result = boldGreen.Sprintf("Pass") - rc.pass++ + rc.Pass++ } } else { res.Result = boldRed.Sprintf("Fail") - rc.fail++ + rc.Fail++ } table = append(table, res) } From 12f3d9e7e66d24176b14b33c1b706710e702d06d Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 03:29:15 +0530 Subject: [PATCH 14/37] keeping policy report condition Signed-off-by: NoSkillGirl --- pkg/kyverno/common/common.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 3378132e72..63cff2ef53 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -790,7 +790,9 @@ func CheckValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *res } if valResponseRule.Success { - rc.Pass++ + if !policyReport { + rc.Pass++ + } vrule.Check = report.StatusPass } else { if !policyReport { @@ -801,7 +803,9 @@ func CheckValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *res fmt.Printf("%d. %s: %s \n", i+1, valResponseRule.Name, valResponseRule.Message) } - rc.Fail++ + if !policyReport { + rc.Fail++ + } vrule.Check = report.StatusFail } violatedRules = append(violatedRules, vrule) @@ -810,7 +814,9 @@ func CheckValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *res } if !ruleFoundInEngineResponse { - rc.Skip++ + if !policyReport { + rc.Skip++ + } vruleSkip := v1.ViolatedRule{ Name: policyRule.Name, Type: "Validation", From a629caae185ef72a0649cd53d79ec87aca0a4b3d Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 03:54:02 +0530 Subject: [PATCH 15/37] logic for generate policies Signed-off-by: NoSkillGirl --- pkg/kyverno/common/common.go | 67 +++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 24 deletions(-) diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 63cff2ef53..a98d1af408 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -612,9 +612,19 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } } - policyCtx := &engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource, JSONContext: ctx, NamespaceLabels: namespaceLabels} - validateResponse := engine.Validate(policyCtx) - info := CheckValidateEngineResponse(policy, validateResponse, resPath, rc, policyReport) + var policyHasValidate bool + for _, rule := range policy.Spec.Rules { + if rule.HasValidate() { + policyHasValidate = true + } + } + + var info policyreport.Info + if policyHasValidate { + policyCtx := &engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource, JSONContext: ctx, NamespaceLabels: namespaceLabels} + validateResponse := engine.Validate(policyCtx) + info = CheckValidateEngineResponse(policy, validateResponse, resPath, rc, policyReport) + } var policyHasGenerate bool for _, rule := range policy.Spec.Rules { @@ -635,17 +645,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst NamespaceLabels: namespaceLabels, } generateResponse := engine.Generate(policyContext) - engineResponses = append(engineResponses, generateResponse) - if len(generateResponse.PolicyResponse.Rules) > 0 { - log.Log.V(3).Info("generate resource is valid", "policy", policy.Name, "resource", resPath) - } else { - fmt.Printf("generate policy %s resource %s is invalid \n", policy.Name, resPath) - for i, r := range generateResponse.PolicyResponse.Rules { - fmt.Printf("%d. %s \b", i+1, r.Message) - } - - // responseError = true - } + processGenerateEngineResponse(policy, generateResponse, resPath, rc) } return info, nil @@ -790,9 +790,7 @@ func CheckValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *res } if valResponseRule.Success { - if !policyReport { - rc.Pass++ - } + rc.Pass++ vrule.Check = report.StatusPass } else { if !policyReport { @@ -800,12 +798,9 @@ func CheckValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *res fmt.Printf("\npolicy %s -> resource %s failed: \n", policy.Name, resPath) printCount++ } - fmt.Printf("%d. %s: %s \n", i+1, valResponseRule.Name, valResponseRule.Message) } - if !policyReport { - rc.Fail++ - } + rc.Fail++ vrule.Check = report.StatusFail } violatedRules = append(violatedRules, vrule) @@ -814,9 +809,7 @@ func CheckValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *res } if !ruleFoundInEngineResponse { - if !policyReport { - rc.Skip++ - } + rc.Skip++ vruleSkip := v1.ViolatedRule{ Name: policyRule.Name, Type: "Validation", @@ -843,3 +836,29 @@ func buildPVInfo(er *response.EngineResponse, violatedRules []v1.ViolatedRule) p } return info } + +func processGenerateEngineResponse(policy *v1.ClusterPolicy, generateResponse *response.EngineResponse, resPath string, rc *ResultCounts) { + printCount := 0 + for _, policyRule := range policy.Spec.Rules { + ruleFoundInEngineResponse := false + for i, genResponseRule := range generateResponse.PolicyResponse.Rules { + if policyRule.Name == genResponseRule.Name { + ruleFoundInEngineResponse = true + if genResponseRule.Success { + rc.Pass++ + } else { + if printCount < 1 { + fmt.Printf("\ngenerate resource is valid", "policy", policy.Name, "resource", resPath) + printCount++ + } + fmt.Printf("%d. %s \n", i+1, genResponseRule.Name) + rc.Fail++ + } + continue + } + } + if !ruleFoundInEngineResponse { + rc.Skip++ + } + } +} From 2be347f3cd2f72d8fb7b8ed50cdab13c06265457 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 04:07:25 +0530 Subject: [PATCH 16/37] ignoring test command test cases for now Signed-off-by: NoSkillGirl --- .github/workflows/e2e.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 8bff0bcd2f..04ad6d54be 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -46,9 +46,9 @@ jobs: restore-keys: | ${{ runner.os }}-go- - - name: Test Policy - run: | - make test-cmd + # - name: Test Policy + # run: | + # make test-cmd - name: gofmt check run: | From 27d6b81273debd1436f3d4799d7ed0fb2be76376 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 04:40:05 +0530 Subject: [PATCH 17/37] small fix Signed-off-by: NoSkillGirl --- pkg/kyverno/common/common.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index a98d1af408..9c24dcdc46 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -848,7 +848,7 @@ func processGenerateEngineResponse(policy *v1.ClusterPolicy, generateResponse *r rc.Pass++ } else { if printCount < 1 { - fmt.Printf("\ngenerate resource is valid", "policy", policy.Name, "resource", resPath) + fmt.Println("\ngenerate resource is valid", "policy", policy.Name, "resource", resPath) printCount++ } fmt.Printf("%d. %s \n", i+1, genResponseRule.Name) From b90df0980a2522b2c4a28c90b7255962d743300a Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Thu, 2 Sep 2021 18:15:22 +0530 Subject: [PATCH 18/37] small fixes for test command Signed-off-by: NoSkillGirl --- .github/workflows/e2e.yaml | 6 +++--- pkg/kyverno/apply/apply_command.go | 2 +- pkg/kyverno/common/common.go | 13 +++++++------ pkg/kyverno/test/test_command.go | 12 +++++++----- 4 files changed, 18 insertions(+), 15 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 04ad6d54be..8bff0bcd2f 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -46,9 +46,9 @@ jobs: restore-keys: | ${{ runner.os }}-go- - # - name: Test Policy - # run: | - # make test-cmd + - name: Test Policy + run: | + make test-cmd - name: gofmt check run: | diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index 1083a9c7a8..94b685e4af 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -313,7 +313,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } } - info, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) + _, info, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) if err != nil { return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 9c24dcdc46..531ec5708a 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -516,7 +516,7 @@ func MutatePolices(policies []*v1.ClusterPolicy) ([]*v1.ClusterPolicy, error) { // ApplyPolicyOnResource - function to apply policy on resource func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unstructured, - mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (policyreport.Info, error) { + mutateLogPath string, mutateLogPathIsDir bool, variables map[string]string, policyReport bool, namespaceSelectorMap map[string]map[string]string, stdin bool, rc *ResultCounts) (*response.EngineResponse, policyreport.Info, error) { operationIsDelete := false @@ -541,7 +541,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst resourceNamespace := resource.GetNamespace() namespaceLabels = namespaceSelectorMap[resource.GetNamespace()] if resourceNamespace != "default" && len(namespaceLabels) < 1 { - return policyreport.Info{}, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) + return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError(fmt.Sprintf("failed to get namesapce labels for resource %s. use --values-file flag to pass the namespace labels", resource.GetName()), nil) } } @@ -581,7 +581,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst if len(mutateResponse.PolicyResponse.Rules) > 0 { yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) if err != nil { - return policyreport.Info{}, sanitizederror.NewWithError("failed to marshal", err) + return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError("failed to marshal", err) } if mutateLogPath == "" { @@ -596,7 +596,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } else { err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resource.GetName()+"-mutated") if err != nil { - return policyreport.Info{}, sanitizederror.NewWithError("failed to print mutated result", err) + return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError("failed to print mutated result", err) } fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") } @@ -620,9 +620,10 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } var info policyreport.Info + var validateResponse *response.EngineResponse if policyHasValidate { policyCtx := &engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource, JSONContext: ctx, NamespaceLabels: namespaceLabels} - validateResponse := engine.Validate(policyCtx) + validateResponse = engine.Validate(policyCtx) info = CheckValidateEngineResponse(policy, validateResponse, resPath, rc, policyReport) } @@ -648,7 +649,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst processGenerateEngineResponse(policy, generateResponse, resPath, rc) } - return info, nil + return validateResponse, info, nil } // PrintMutatedOutput - function to print output in provided file or directory diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index a31c1c5feb..6d18febed9 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -224,9 +224,9 @@ func getLocalDirTestFiles(fs billy.Filesystem, path, fileName, valuesFile string return errors } -func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResults) map[string]report.PolicyReportResult { +func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResults, infos []policyreport.Info) map[string]report.PolicyReportResult { results := make(map[string]report.PolicyReportResult) - infos := policyreport.GeneratePRsFromEngineResponse(resps, log.Log) + // infos := policyreport.GeneratePRsFromEngineResponse(resps, log.Log) now := metav1.Timestamp{Seconds: time.Now().Unix()} for _, resp := range resps { policyName := resp.PolicyResponse.Policy.Name @@ -302,6 +302,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s var dClient *client.Client values := &Test{} var variablesString string + var pvInfos []policyreport.Info store.SetMock(true) if err := json.Unmarshal(policyBytes, values); err != nil { @@ -394,14 +395,15 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s return sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) } - _, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) + validateErs, info, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) if err != nil { return sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } - // validateEngineResponses = append(validateEngineResponses, validateErs) + validateEngineResponses = append(validateEngineResponses, validateErs) + pvInfos = append(pvInfos, info) } } - resultsMap := buildPolicyResults(validateEngineResponses, values.Results) + resultsMap := buildPolicyResults(validateEngineResponses, values.Results, pvInfos) resultErr := printTestResult(resultsMap, values.Results, rc) if resultErr != nil { return sanitizederror.NewWithError("Unable to genrate result. Error:", resultErr) From fc4561cc4e829c824c438bde1db31f51adbf8895 Mon Sep 17 00:00:00 2001 From: Vyankatesh Kudtarkar Date: Thu, 2 Sep 2021 23:11:35 +0530 Subject: [PATCH 19/37] update test command --- pkg/kyverno/apply/apply_command.go | 37 +--------- pkg/kyverno/common/common.go | 34 +++++++++ pkg/kyverno/test/test_command.go | 106 +++++++++++++++-------------- 3 files changed, 91 insertions(+), 86 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index 94b685e4af..8ca0795536 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -10,7 +10,6 @@ import ( "time" "github.com/go-git/go-billy/v5/memfs" - v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" pkgCommon "github.com/kyverno/kyverno/pkg/common" client "github.com/kyverno/kyverno/pkg/dclient" "github.com/kyverno/kyverno/pkg/kyverno/common" @@ -244,7 +243,7 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } if variablesString != "" { - variables = setInStoreContext(mutatedPolicies, variables) + variables = common.SetInStoreContext(mutatedPolicies, variables) } msgPolicies := "1 policy" @@ -427,37 +426,3 @@ func createFileOrFolder(mutateLogPath string, mutateLogPathIsDir bool) error { return nil } - -func setInStoreContext(mutatedPolicies []*v1.ClusterPolicy, variables map[string]string) map[string]string { - storePolices := make([]store.Policy, 0) - for _, policy := range mutatedPolicies { - storeRules := make([]store.Rule, 0) - for _, rule := range policy.Spec.Rules { - contextVal := make(map[string]string) - if len(rule.Context) != 0 { - for _, contextVar := range rule.Context { - for k, v := range variables { - if strings.HasPrefix(k, contextVar.Name) { - contextVal[k] = v - delete(variables, k) - } - } - } - storeRules = append(storeRules, store.Rule{ - Name: rule.Name, - Values: contextVal, - }) - } - } - storePolices = append(storePolices, store.Policy{ - Name: policy.Name, - Rules: storeRules, - }) - } - - store.SetContext(store.Context{ - Policies: storePolices, - }) - - return variables -} diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 531ec5708a..5abe08b376 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -863,3 +863,37 @@ func processGenerateEngineResponse(policy *v1.ClusterPolicy, generateResponse *r } } } + +func SetInStoreContext(mutatedPolicies []*v1.ClusterPolicy, variables map[string]string) map[string]string { + storePolices := make([]store.Policy, 0) + for _, policy := range mutatedPolicies { + storeRules := make([]store.Rule, 0) + for _, rule := range policy.Spec.Rules { + contextVal := make(map[string]string) + if len(rule.Context) != 0 { + for _, contextVar := range rule.Context { + for k, v := range variables { + if strings.HasPrefix(k, contextVar.Name) { + contextVal[k] = v + delete(variables, k) + } + } + } + storeRules = append(storeRules, store.Rule{ + Name: rule.Name, + Values: contextVal, + }) + } + } + storePolices = append(storePolices, store.Policy{ + Name: policy.Name, + Rules: storeRules, + }) + } + + store.SetContext(store.Context{ + Policies: storePolices, + }) + + return variables +} diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 6d18febed9..907aa22e98 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -16,7 +16,6 @@ import ( "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/memfs" "github.com/kataras/tablewriter" - v1 "github.com/kyverno/kyverno/pkg/api/kyverno/v1" report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha2" client "github.com/kyverno/kyverno/pkg/dclient" "github.com/kyverno/kyverno/pkg/engine/response" @@ -72,12 +71,6 @@ type Test struct { Results []TestResults `json:"results"` } -type SkippedPolicy struct { - Name string `json:"name"` - Rules []v1.Rule `json:"rules"` - Variable string `json:"variable"` -} - type TestResults struct { Policy string `json:"policy"` Rule string `json:"rule"` @@ -98,7 +91,9 @@ type Resource struct { type Table struct { ID int `header:"#"` - Resource string `header:"test"` + Policy string `header:"policy"` + Rule string `header:"rule"` + Resource string `header:"resource"` Result string `header:"result"` } type Policy struct { @@ -111,15 +106,15 @@ type Values struct { } type resultCounts struct { - skip int - pass int - fail int + Skip int + Pass int + Fail int } -func testCommandExecute(dirPath []string, valuesFile string, fileName string) (rc *common.ResultCounts, err error) { +func testCommandExecute(dirPath []string, valuesFile string, fileName string) (rc *resultCounts, err error) { var errors []error fs := memfs.New() - // rc = &resultCounts{} + rc = &resultCounts{} var testYamlCount int if len(dirPath) == 0 { return rc, sanitizederror.NewWithError(fmt.Sprintf("a directory is required"), err) @@ -130,7 +125,7 @@ func testCommandExecute(dirPath []string, valuesFile string, fileName string) (r return rc, sanitizederror.NewWithError("failed to parse URL", err) } pathElems := strings.Split(gitURL.Path[1:], "/") - if len(pathElems) <= 2 { + if len(pathElems) <= 1 { err := fmt.Errorf("invalid URL path %s - expected https://github.com/:owner/:repository/:branch", gitURL.Path) fmt.Printf("Error: failed to parse URL \nCause: %s\n", err) os.Exit(1) @@ -138,6 +133,9 @@ func testCommandExecute(dirPath []string, valuesFile string, fileName string) (r gitURL.Path = strings.Join([]string{pathElems[0], pathElems[1]}, "/") repoURL := gitURL.String() branch := strings.ReplaceAll(dirPath[0], repoURL+"/", "") + if branch == "" { + branch = "main" + } _, cloneErr := clone(repoURL, fs, branch) if cloneErr != nil { fmt.Printf("Error: failed to clone repository \nCause: %s\n", cloneErr) @@ -193,7 +191,7 @@ func testCommandExecute(dirPath []string, valuesFile string, fileName string) (r return rc, nil } -func getLocalDirTestFiles(fs billy.Filesystem, path, fileName, valuesFile string, rc *common.ResultCounts) []error { +func getLocalDirTestFiles(fs billy.Filesystem, path, fileName, valuesFile string, rc *resultCounts) []error { var errors []error files, err := ioutil.ReadDir(path) if err != nil { @@ -226,7 +224,6 @@ func getLocalDirTestFiles(fs billy.Filesystem, path, fileName, valuesFile string func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResults, infos []policyreport.Info) map[string]report.PolicyReportResult { results := make(map[string]report.PolicyReportResult) - // infos := policyreport.GeneratePRsFromEngineResponse(resps, log.Log) now := metav1.Timestamp{Seconds: time.Now().Unix()} for _, resp := range resps { policyName := resp.PolicyResponse.Policy.Name @@ -262,18 +259,14 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu if rule.Type != utils.Validation.String() { continue } - ruleName := strings.ReplaceAll(rule.Name, "autogen-", "") - if strings.Contains(rule.Name, "autogen-cronjob") { - ruleName = strings.ReplaceAll(rule.Name, "autogen-cronjob-", "") - } var result report.PolicyReportResult - resultsKey := fmt.Sprintf("%s-%s-%s", info.PolicyName, ruleName, infoResult.Resource.Name) + resultsKey := fmt.Sprintf("%s-%s-%s", info.PolicyName, rule.Name, infoResult.Resource.Name) if val, ok := results[resultsKey]; ok { result = val } else { continue } - result.Rule = ruleName + result.Rule = rule.Name result.Result = report.PolicyResult(rule.Check) result.Source = policyreport.SourceValue result.Timestamp = now @@ -281,6 +274,7 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu } } } + return results } @@ -295,14 +289,14 @@ func getPolicyResourceFullPath(path []string, policyResourcePath string, isGit b return path } -func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile string, isGit bool, policyResourcePath string, rc *common.ResultCounts) (err error) { +func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile string, isGit bool, policyResourcePath string, rc *resultCounts) (err error) { openAPIController, err := openapi.NewOpenAPIController() validateEngineResponses := make([]*response.EngineResponse, 0) - skippedPolicies := make([]SkippedPolicy, 0) var dClient *client.Client values := &Test{} var variablesString string var pvInfos []policyreport.Info + var resultCounts common.ResultCounts store.SetMock(true) if err := json.Unmarshal(policyBytes, values); err != nil { @@ -311,7 +305,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s fmt.Printf("\nExecuting %s...", values.Name) - _, valuesMap, namespaceSelectorMap, err := common.GetVariable(variablesString, values.Variables, fs, isGit, policyResourcePath) + variables, valuesMap, namespaceSelectorMap, err := common.GetVariable(variablesString, values.Variables, fs, isGit, policyResourcePath) if err != nil { if !sanitizederror.IsErrorSanitized(err) { return sanitizederror.NewWithError("failed to decode yaml", err) @@ -335,6 +329,15 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s } } + for _, policy := range mutatedPolicies { + p, err := json.Marshal(policy) + if err != nil { + return sanitizederror.NewWithError("failed to marsal mutated policy", err) + } + log.Log.V(5).Info("mutated Policy:", string(p)) + + } + resources, err := common.GetResourceAccordingToResourcePath(fs, fullResourcePath, false, mutatedPolicies, dClient, "", false, isGit, policyResourcePath) if err != nil { fmt.Printf("Error: failed to load resources\nCause: %s\n", err) @@ -355,6 +358,10 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s fmt.Printf("\napplying %s to %s... \n", msgPolicies, msgResources) } + if variablesString != "" { + variables = common.SetInStoreContext(mutatedPolicies, variables) + } + for _, policy := range mutatedPolicies { err := policy2.Validate(policy, nil, true, openAPIController) if err != nil { @@ -364,38 +371,35 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s matches := common.PolicyHasVariables(*policy) variable := common.RemoveDuplicateAndObjectVariables(matches) - if len(variable) > 0 && variablesString == "" && values.Variables == "" { - skipPolicy := SkippedPolicy{ - Name: policy.GetName(), - Rules: policy.Spec.Rules, - Variable: variable, + + kindOnwhichPolicyIsApplied := make(map[string]struct{}) + for _, rule := range policy.Spec.Rules { + for _, kind := range rule.MatchResources.ResourceDescription.Kinds { + kindOnwhichPolicyIsApplied[kind] = struct{}{} + } + for _, kind := range rule.ExcludeResources.ResourceDescription.Kinds { + kindOnwhichPolicyIsApplied[kind] = struct{}{} } - skippedPolicies = append(skippedPolicies, skipPolicy) - log.Log.V(3).Info(fmt.Sprintf("skipping policy %s", policy.Name), "error", fmt.Sprintf("policy have variable - %s", variable)) - continue } + for _, resource := range resources { - var resourcePolicy string - for polName, values := range valuesMap { - for resName := range values { - if resName == resource.GetName() { - resourcePolicy = polName - } - } - } - if len(valuesMap) != 0 && resourcePolicy != policy.GetName() { - log.Log.V(3).Info(fmt.Sprintf("Skipping resource, policy names do not match %s != %s", resourcePolicy, policy.GetName())) - continue - } + thisPolicyResourceValues := make(map[string]string) if len(valuesMap[policy.GetName()]) != 0 && !reflect.DeepEqual(valuesMap[policy.GetName()][resource.GetName()], Resource{}) { thisPolicyResourceValues = valuesMap[policy.GetName()][resource.GetName()].Values } - if len(variable) > 0 && len(thisPolicyResourceValues) == 0 { - return sanitizederror.NewWithError(fmt.Sprintf("policy %s have variables. pass the values for the variables using set/values_file flag", policy.Name), err) + for k, v := range variables { + thisPolicyResourceValues[k] = v } - validateErs, info, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, nil) + // skipping the variable check for non matching kind + if _, ok := kindOnwhichPolicyIsApplied[resource.GetKind()]; ok { + if len(variable) > 0 && len(thisPolicyResourceValues) == 0 && len(store.GetContext().Policies) == 0 { + return sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) + } + } + + validateErs, info, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, &resultCounts) if err != nil { return sanitizederror.NewWithError(fmt.Errorf("failed to apply policy %v on resource %v", policy.Name, resource.GetName()).Error(), err) } @@ -411,7 +415,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s return } -func printTestResult(resps map[string]report.PolicyReportResult, testResults []TestResults, rc *common.ResultCounts) error { +func printTestResult(resps map[string]report.PolicyReportResult, testResults []TestResults, rc *resultCounts) error { printer := tableprinter.New(os.Stdout) table := []*Table{} boldGreen := color.New(color.FgGreen).Add(color.Bold) @@ -421,7 +425,9 @@ func printTestResult(resps map[string]report.PolicyReportResult, testResults []T for i, v := range testResults { res := new(Table) res.ID = i + 1 - res.Resource = boldFgCyan.Sprintf(v.Resource) + " with " + boldFgCyan.Sprintf(v.Policy) + "/" + boldFgCyan.Sprintf(v.Rule) + res.Policy = boldFgCyan.Sprintf(v.Policy) + res.Rule = boldFgCyan.Sprintf(v.Rule) + res.Resource = boldFgCyan.Sprintf(v.Resource) resultKey := fmt.Sprintf("%s-%s-%s", v.Policy, v.Rule, v.Resource) var testRes report.PolicyReportResult if val, ok := resps[resultKey]; ok { From 3de0b210241815e5c294c4e4f10ebe367c91992d Mon Sep 17 00:00:00 2001 From: Vyankatesh Kudtarkar Date: Thu, 2 Sep 2021 23:14:39 +0530 Subject: [PATCH 20/37] remove space --- pkg/kyverno/test/test_command.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 907aa22e98..85341ca1c4 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -335,9 +335,7 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s return sanitizederror.NewWithError("failed to marsal mutated policy", err) } log.Log.V(5).Info("mutated Policy:", string(p)) - } - resources, err := common.GetResourceAccordingToResourcePath(fs, fullResourcePath, false, mutatedPolicies, dClient, "", false, isGit, policyResourcePath) if err != nil { fmt.Printf("Error: failed to load resources\nCause: %s\n", err) @@ -361,7 +359,6 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s if variablesString != "" { variables = common.SetInStoreContext(mutatedPolicies, variables) } - for _, policy := range mutatedPolicies { err := policy2.Validate(policy, nil, true, openAPIController) if err != nil { From 2dc1f1dc3cffc7e6aa02ca243ee5be445aa2a1bf Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Fri, 3 Sep 2021 00:19:11 +0530 Subject: [PATCH 21/37] fixed context variable Signed-off-by: NoSkillGirl --- pkg/policy/validate.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/policy/validate.go b/pkg/policy/validate.go index 4c4f9530df..5de14db7e2 100644 --- a/pkg/policy/validate.go +++ b/pkg/policy/validate.go @@ -779,7 +779,7 @@ func validateRuleContext(rule kyverno.Rule) error { ruleBytes, _ := json.Marshal(rule) ruleString := strings.ReplaceAll(string(ruleBytes), " ", "") for _, contextName := range contextNames { - if !strings.Contains(ruleString, fmt.Sprintf("{{"+contextName)) { + if !strings.Contains(ruleString, fmt.Sprintf("{{"+contextName)) && !strings.Contains(ruleString, fmt.Sprintf("{{\\\""+contextName)) { return fmt.Errorf("context variable `%s` is not used in the policy", contextName) } } From 14d00722d8c5fc0e71e648f6504c4690b2952808 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Fri, 3 Sep 2021 00:36:42 +0530 Subject: [PATCH 22/37] fixed autogen test case Signed-off-by: NoSkillGirl --- test/cli/test/autogen/test.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/cli/test/autogen/test.yaml b/test/cli/test/autogen/test.yaml index d6bef7195f..dcf402e848 100644 --- a/test/cli/test/autogen/test.yaml +++ b/test/cli/test/autogen/test.yaml @@ -17,36 +17,36 @@ results: # TEST: Deployment with Labels Should Pass - policy: require-common-labels - rule: check-for-labels + rule: autogen-check-for-labels result: pass resource: deployment-with-labels # TEST: Deployment with Labels Should Fail - policy: require-common-labels - rule: check-for-labels + rule: autogen-check-for-labels result: fail resource: deployment-missing-labels # TEST: StatefulSet with Labels Should Pass - policy: require-common-labels - rule: check-for-labels + rule: autogen-check-for-labels result: pass resource: StatefulSet-with-labels # TEST: StatefulSet with Labels Should fail - policy: require-common-labels - rule: check-for-labels + rule: autogen-check-for-labels result: fail resource: StatefulSet-without-labels # TEST: Cronjob with Labels Should pass - policy: require-common-labels - rule: check-for-labels + rule: autogen-cronjob-check-for-labels result: pass resource: cronjob-with-labels # TEST: Cronjob without Labels Should fail - policy: require-common-labels - rule: check-for-labels + rule: autogen-cronjob-check-for-labels result: fail resource: cronjob-without-labels From e89a663689238433664338ab6f83fd09a9a9cc1d Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Fri, 3 Sep 2021 12:32:12 +0530 Subject: [PATCH 23/37] added logic for mutate policies Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/report_test.go | 4 +- pkg/kyverno/common/common.go | 99 ++++++++++++++++++++------------ 2 files changed, 63 insertions(+), 40 deletions(-) diff --git a/pkg/kyverno/apply/report_test.go b/pkg/kyverno/apply/report_test.go index 09fd06c020..594e47d28a 100644 --- a/pkg/kyverno/apply/report_test.go +++ b/pkg/kyverno/apply/report_test.go @@ -100,7 +100,7 @@ func Test_buildPolicyReports(t *testing.T) { err = json.Unmarshal(rawEngRes, &er) assert.NilError(t, err) - info := kyvCommon.CheckValidateEngineResponse(&policy, &er, "", rc, true) + info := kyvCommon.ProcessValidateEngineResponse(&policy, &er, "", rc, true) pvInfos = append(pvInfos, info) reports := buildPolicyReports(pvInfos) @@ -137,7 +137,7 @@ func Test_buildPolicyResults(t *testing.T) { err = json.Unmarshal(rawEngRes, &er) assert.NilError(t, err) - info := kyvCommon.CheckValidateEngineResponse(&policy, &er, "", rc, true) + info := kyvCommon.ProcessValidateEngineResponse(&policy, &er, "", rc, true) pvInfos = append(pvInfos, info) results := buildPolicyResults(pvInfos) diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 5abe08b376..4e10d20d6a 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -524,8 +524,6 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst operationIsDelete = true } - // responseError := false - engineResponses := make([]*response.EngineResponse, 0) namespaceLabels := make(map[string]string) policyWithNamespaceSelector := false @@ -569,38 +567,10 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst } mutateResponse := engine.Mutate(&engine.PolicyContext{Policy: *policy, NewResource: *resource, JSONContext: ctx, NamespaceLabels: namespaceLabels}) - engineResponses = append(engineResponses, mutateResponse) - - if !mutateResponse.IsSuccessful() { - fmt.Printf("Failed to apply mutate policy %s -> resource %s", policy.Name, resPath) - for i, r := range mutateResponse.PolicyResponse.Rules { - fmt.Printf("\n%d. %s", i+1, r.Message) - } - // responseError = true - } else { - if len(mutateResponse.PolicyResponse.Rules) > 0 { - yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) - if err != nil { - return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError("failed to marshal", err) - } - - if mutateLogPath == "" { - mutatedResource := string(yamlEncodedResource) + string("\n---") - if len(strings.TrimSpace(mutatedResource)) > 0 { - if !stdin { - fmt.Printf("\nmutate policy %s applied to %s:", policy.Name, resPath) - } - fmt.Printf("\n" + mutatedResource) - fmt.Printf("\n") - } - } else { - err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resource.GetName()+"-mutated") - if err != nil { - return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError("failed to print mutated result", err) - } - fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") - } - + err = processMutateEngineResponse(policy, mutateResponse, resPath, rc, mutateLogPath, stdin, mutateLogPathIsDir, resource.GetName()) + if err != nil { + if !sanitizederror.IsErrorSanitized(err) { + return &response.EngineResponse{}, policyreport.Info{}, sanitizederror.NewWithError("failed to print mutated result", err) } } @@ -624,7 +594,7 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst if policyHasValidate { policyCtx := &engine.PolicyContext{Policy: *policy, NewResource: mutateResponse.PatchedResource, JSONContext: ctx, NamespaceLabels: namespaceLabels} validateResponse = engine.Validate(policyCtx) - info = CheckValidateEngineResponse(policy, validateResponse, resPath, rc, policyReport) + info = ProcessValidateEngineResponse(policy, validateResponse, resPath, rc, policyReport) } var policyHasGenerate bool @@ -775,7 +745,7 @@ func GetResourceAccordingToResourcePath(fs billy.Filesystem, resourcePaths []str return resources, err } -func CheckValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *response.EngineResponse, resPath string, rc *ResultCounts, policyReport bool) policyreport.Info { +func ProcessValidateEngineResponse(policy *v1.ClusterPolicy, validateResponse *response.EngineResponse, resPath string, rc *ResultCounts, policyReport bool) policyreport.Info { var violatedRules []v1.ViolatedRule printCount := 0 for _, policyRule := range policy.Spec.Rules { @@ -849,10 +819,10 @@ func processGenerateEngineResponse(policy *v1.ClusterPolicy, generateResponse *r rc.Pass++ } else { if printCount < 1 { - fmt.Println("\ngenerate resource is valid", "policy", policy.Name, "resource", resPath) + fmt.Println("\ngenerate resource is not valid", "policy", policy.Name, "resource", resPath) printCount++ } - fmt.Printf("%d. %s \n", i+1, genResponseRule.Name) + fmt.Printf("%d. %s - %s\n", i+1, genResponseRule.Name, genResponseRule.Message) rc.Fail++ } continue @@ -897,3 +867,56 @@ func SetInStoreContext(mutatedPolicies []*v1.ClusterPolicy, variables map[string return variables } + +func processMutateEngineResponse(policy *v1.ClusterPolicy, mutateResponse *response.EngineResponse, resPath string, rc *ResultCounts, mutateLogPath string, stdin bool, mutateLogPathIsDir bool, resourceName string) error { + printCount := 0 + printMutatedRes := false + for _, policyRule := range policy.Spec.Rules { + ruleFoundInEngineResponse := false + for i, mutateResponseRule := range mutateResponse.PolicyResponse.Rules { + if policyRule.Name == mutateResponseRule.Name { + ruleFoundInEngineResponse = true + if mutateResponseRule.Success { + rc.Pass++ + printMutatedRes = true + } else { + if printCount < 1 { + fmt.Printf("\nFailed to apply mutate policy %s -> resource %s", policy.Name, resPath) + printCount++ + } + fmt.Printf("%d. %s - %s \n", i+1, mutateResponseRule.Name, mutateResponseRule.Message) + rc.Fail++ + } + continue + } + } + if !ruleFoundInEngineResponse { + rc.Skip++ + } + } + + if printMutatedRes { + yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) + if err != nil { + return sanitizederror.NewWithError("failed to marshal", err) + } + + if mutateLogPath == "" { + mutatedResource := string(yamlEncodedResource) + string("\n---") + if len(strings.TrimSpace(mutatedResource)) > 0 { + if !stdin { + fmt.Printf("\nmutate policy %s applied to %s:", policy.Name, resPath) + } + fmt.Printf("\n" + mutatedResource) + fmt.Printf("\n") + } + } else { + err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resourceName+"-mutated") + if err != nil { + return sanitizederror.NewWithError("failed to print mutated result", err) + } + fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") + } + } + return nil +} From 3e953ba50bf26708e384dfef56494f5f791b91b9 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Fri, 3 Sep 2021 12:41:05 +0530 Subject: [PATCH 24/37] added condition for mutate rule count Signed-off-by: NoSkillGirl --- pkg/kyverno/common/common.go | 90 ++++++++++++++++++++---------------- 1 file changed, 50 insertions(+), 40 deletions(-) diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index 4e10d20d6a..b3ba950bae 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -869,53 +869,63 @@ func SetInStoreContext(mutatedPolicies []*v1.ClusterPolicy, variables map[string } func processMutateEngineResponse(policy *v1.ClusterPolicy, mutateResponse *response.EngineResponse, resPath string, rc *ResultCounts, mutateLogPath string, stdin bool, mutateLogPathIsDir bool, resourceName string) error { - printCount := 0 - printMutatedRes := false - for _, policyRule := range policy.Spec.Rules { - ruleFoundInEngineResponse := false - for i, mutateResponseRule := range mutateResponse.PolicyResponse.Rules { - if policyRule.Name == mutateResponseRule.Name { - ruleFoundInEngineResponse = true - if mutateResponseRule.Success { - rc.Pass++ - printMutatedRes = true - } else { - if printCount < 1 { - fmt.Printf("\nFailed to apply mutate policy %s -> resource %s", policy.Name, resPath) - printCount++ - } - fmt.Printf("%d. %s - %s \n", i+1, mutateResponseRule.Name, mutateResponseRule.Message) - rc.Fail++ - } - continue - } - } - if !ruleFoundInEngineResponse { - rc.Skip++ + + var policyHasMutate bool + for _, rule := range policy.Spec.Rules { + if rule.HasMutate() { + policyHasMutate = true } } + if policyHasMutate { - if printMutatedRes { - yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) - if err != nil { - return sanitizederror.NewWithError("failed to marshal", err) + printCount := 0 + printMutatedRes := false + for _, policyRule := range policy.Spec.Rules { + ruleFoundInEngineResponse := false + for i, mutateResponseRule := range mutateResponse.PolicyResponse.Rules { + if policyRule.Name == mutateResponseRule.Name { + ruleFoundInEngineResponse = true + if mutateResponseRule.Success { + rc.Pass++ + printMutatedRes = true + } else { + if printCount < 1 { + fmt.Printf("\nFailed to apply mutate policy %s -> resource %s", policy.Name, resPath) + printCount++ + } + fmt.Printf("%d. %s - %s \n", i+1, mutateResponseRule.Name, mutateResponseRule.Message) + rc.Fail++ + } + continue + } + } + if !ruleFoundInEngineResponse { + rc.Skip++ + } } - if mutateLogPath == "" { - mutatedResource := string(yamlEncodedResource) + string("\n---") - if len(strings.TrimSpace(mutatedResource)) > 0 { - if !stdin { - fmt.Printf("\nmutate policy %s applied to %s:", policy.Name, resPath) - } - fmt.Printf("\n" + mutatedResource) - fmt.Printf("\n") - } - } else { - err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resourceName+"-mutated") + if printMutatedRes { + yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) if err != nil { - return sanitizederror.NewWithError("failed to print mutated result", err) + return sanitizederror.NewWithError("failed to marshal", err) + } + + if mutateLogPath == "" { + mutatedResource := string(yamlEncodedResource) + string("\n---") + if len(strings.TrimSpace(mutatedResource)) > 0 { + if !stdin { + fmt.Printf("\nmutate policy %s applied to %s:", policy.Name, resPath) + } + fmt.Printf("\n" + mutatedResource) + fmt.Printf("\n") + } + } else { + err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resourceName+"-mutated") + if err != nil { + return sanitizederror.NewWithError("failed to print mutated result", err) + } + fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") } - fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") } } return nil From 6650d36e0467443dab335a88a6bbfd4b1a249fe7 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Fri, 3 Sep 2021 16:41:13 +0530 Subject: [PATCH 25/37] moved some code to common Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 40 ++------- pkg/kyverno/common/common.go | 131 +++++++++++++++++++---------- pkg/kyverno/test/test_command.go | 52 +++++------- 3 files changed, 116 insertions(+), 107 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index 8ca0795536..42be26aa38 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -1,11 +1,9 @@ package apply import ( - "encoding/json" "fmt" "os" "path/filepath" - "reflect" "strings" "time" @@ -223,13 +221,9 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } } - for _, policy := range mutatedPolicies { - p, err := json.Marshal(policy) - if err != nil { - return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to marsal mutated policy", err) - } - log.Log.V(5).Info("mutated Policy:", string(p)) - + err = common.PrintMutatedPolicy(mutatedPolicies) + if err != nil { + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError("failed to marsal mutated policy", err) } resources, err = common.GetResourceAccordingToResourcePath(fs, resourcePaths, cluster, mutatedPolicies, dClient, namespace, policyReport, false, "") @@ -284,32 +278,12 @@ func applyCommandHelper(resourcePaths []string, cluster bool, policyReport bool, } } - kindOnwhichPolicyIsApplied := make(map[string]struct{}) - for _, rule := range policy.Spec.Rules { - for _, kind := range rule.MatchResources.ResourceDescription.Kinds { - kindOnwhichPolicyIsApplied[kind] = struct{}{} - } - for _, kind := range rule.ExcludeResources.ResourceDescription.Kinds { - kindOnwhichPolicyIsApplied[kind] = struct{}{} - } - } + kindOnwhichPolicyIsApplied := common.GetKindsFromPolicy(policy) for _, resource := range resources { - // get values from file for this policy resource combination - thisPolicyResourceValues := make(map[string]string) - if len(valuesMap[policy.GetName()]) != 0 && !reflect.DeepEqual(valuesMap[policy.GetName()][resource.GetName()], Resource{}) { - thisPolicyResourceValues = valuesMap[policy.GetName()][resource.GetName()].Values - } - - for k, v := range variables { - thisPolicyResourceValues[k] = v - } - - // skipping the variable check for non matching kind - if _, ok := kindOnwhichPolicyIsApplied[resource.GetKind()]; ok { - if len(variable) > 0 && len(thisPolicyResourceValues) == 0 && len(store.GetContext().Policies) == 0 { - return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) - } + thisPolicyResourceValues, err := common.CheckVariableForPolicy(valuesMap, policy.GetName(), resource.GetName(), resource.GetKind(), variables, kindOnwhichPolicyIsApplied, variable) + if err != nil { + return rc, resources, skippedPolicies, pvInfos, sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) } _, info, err := common.ApplyPolicyOnResource(policy, resource, mutateLogPath, mutateLogPathIsDir, thisPolicyResourceValues, policyReport, namespaceSelectorMap, stdin, rc) diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index b3ba950bae..e54fc15422 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -10,6 +10,7 @@ import ( "net/http" "os" "path/filepath" + "reflect" "strings" jsonpatch "github.com/evanphx/json-patch/v5" @@ -869,64 +870,108 @@ func SetInStoreContext(mutatedPolicies []*v1.ClusterPolicy, variables map[string } func processMutateEngineResponse(policy *v1.ClusterPolicy, mutateResponse *response.EngineResponse, resPath string, rc *ResultCounts, mutateLogPath string, stdin bool, mutateLogPathIsDir bool, resourceName string) error { - var policyHasMutate bool for _, rule := range policy.Spec.Rules { if rule.HasMutate() { policyHasMutate = true } } - if policyHasMutate { + if !policyHasMutate { + return nil + } - printCount := 0 - printMutatedRes := false - for _, policyRule := range policy.Spec.Rules { - ruleFoundInEngineResponse := false - for i, mutateResponseRule := range mutateResponse.PolicyResponse.Rules { - if policyRule.Name == mutateResponseRule.Name { - ruleFoundInEngineResponse = true - if mutateResponseRule.Success { - rc.Pass++ - printMutatedRes = true - } else { - if printCount < 1 { - fmt.Printf("\nFailed to apply mutate policy %s -> resource %s", policy.Name, resPath) - printCount++ - } - fmt.Printf("%d. %s - %s \n", i+1, mutateResponseRule.Name, mutateResponseRule.Message) - rc.Fail++ + printCount := 0 + printMutatedRes := false + for _, policyRule := range policy.Spec.Rules { + ruleFoundInEngineResponse := false + for i, mutateResponseRule := range mutateResponse.PolicyResponse.Rules { + if policyRule.Name == mutateResponseRule.Name { + ruleFoundInEngineResponse = true + if mutateResponseRule.Success { + rc.Pass++ + printMutatedRes = true + } else { + if printCount < 1 { + fmt.Printf("\nFailed to apply mutate policy %s -> resource %s", policy.Name, resPath) + printCount++ } - continue + fmt.Printf("%d. %s - %s \n", i+1, mutateResponseRule.Name, mutateResponseRule.Message) + rc.Fail++ } - } - if !ruleFoundInEngineResponse { - rc.Skip++ + continue } } + if !ruleFoundInEngineResponse { + rc.Skip++ + } + } - if printMutatedRes { - yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) + if printMutatedRes { + yamlEncodedResource, err := yamlv2.Marshal(mutateResponse.PatchedResource.Object) + if err != nil { + return sanitizederror.NewWithError("failed to marshal", err) + } + + if mutateLogPath == "" { + mutatedResource := string(yamlEncodedResource) + string("\n---") + if len(strings.TrimSpace(mutatedResource)) > 0 { + if !stdin { + fmt.Printf("\nmutate policy %s applied to %s:", policy.Name, resPath) + } + fmt.Printf("\n" + mutatedResource) + fmt.Printf("\n") + } + } else { + err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resourceName+"-mutated") if err != nil { - return sanitizederror.NewWithError("failed to marshal", err) - } - - if mutateLogPath == "" { - mutatedResource := string(yamlEncodedResource) + string("\n---") - if len(strings.TrimSpace(mutatedResource)) > 0 { - if !stdin { - fmt.Printf("\nmutate policy %s applied to %s:", policy.Name, resPath) - } - fmt.Printf("\n" + mutatedResource) - fmt.Printf("\n") - } - } else { - err := PrintMutatedOutput(mutateLogPath, mutateLogPathIsDir, string(yamlEncodedResource), resourceName+"-mutated") - if err != nil { - return sanitizederror.NewWithError("failed to print mutated result", err) - } - fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") + return sanitizederror.NewWithError("failed to print mutated result", err) } + fmt.Printf("\n\nMutation:\nMutation has been applied successfully. Check the files.") } } + + return nil +} + +func PrintMutatedPolicy(mutatedPolicies []*v1.ClusterPolicy) error { + for _, policy := range mutatedPolicies { + p, err := json.Marshal(policy) + if err != nil { + return sanitizederror.NewWithError("failed to marsal mutated policy", err) + } + log.Log.V(5).Info("mutated Policy:", string(p)) + } return nil } + +func CheckVariableForPolicy(valuesMap map[string]map[string]Resource, policyName string, resourceName string, resourceKind string, variables map[string]string, kindOnwhichPolicyIsApplied map[string]struct{}, variable string) (map[string]string, error) { + // get values from file for this policy resource combination + thisPolicyResourceValues := make(map[string]string) + if len(valuesMap[policyName]) != 0 && !reflect.DeepEqual(valuesMap[policyName][resourceName], Resource{}) { + thisPolicyResourceValues = valuesMap[policyName][resourceName].Values + } + for k, v := range variables { + thisPolicyResourceValues[k] = v + } + + // skipping the variable check for non matching kind + if _, ok := kindOnwhichPolicyIsApplied[resourceKind]; ok { + if len(variable) > 0 && len(thisPolicyResourceValues) == 0 && len(store.GetContext().Policies) == 0 { + return thisPolicyResourceValues, sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policyName, resourceName), nil) + } + } + return thisPolicyResourceValues, nil +} + +func GetKindsFromPolicy(policy *v1.ClusterPolicy) map[string]struct{} { + var kindOnwhichPolicyIsApplied = make(map[string]struct{}) + for _, rule := range policy.Spec.Rules { + for _, kind := range rule.MatchResources.ResourceDescription.Kinds { + kindOnwhichPolicyIsApplied[kind] = struct{}{} + } + for _, kind := range rule.ExcludeResources.ResourceDescription.Kinds { + kindOnwhichPolicyIsApplied[kind] = struct{}{} + } + } + return kindOnwhichPolicyIsApplied +} diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 85341ca1c4..57939e15f5 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -7,7 +7,6 @@ import ( "net/url" "os" "path/filepath" - "reflect" "sort" "strings" "time" @@ -116,43 +115,51 @@ func testCommandExecute(dirPath []string, valuesFile string, fileName string) (r fs := memfs.New() rc = &resultCounts{} var testYamlCount int + if len(dirPath) == 0 { return rc, sanitizederror.NewWithError(fmt.Sprintf("a directory is required"), err) } + if strings.Contains(string(dirPath[0]), "https://") { gitURL, err := url.Parse(dirPath[0]) if err != nil { return rc, sanitizederror.NewWithError("failed to parse URL", err) } + pathElems := strings.Split(gitURL.Path[1:], "/") if len(pathElems) <= 1 { err := fmt.Errorf("invalid URL path %s - expected https://github.com/:owner/:repository/:branch", gitURL.Path) fmt.Printf("Error: failed to parse URL \nCause: %s\n", err) os.Exit(1) } + gitURL.Path = strings.Join([]string{pathElems[0], pathElems[1]}, "/") repoURL := gitURL.String() branch := strings.ReplaceAll(dirPath[0], repoURL+"/", "") if branch == "" { branch = "main" } + _, cloneErr := clone(repoURL, fs, branch) if cloneErr != nil { fmt.Printf("Error: failed to clone repository \nCause: %s\n", cloneErr) log.Log.V(3).Info(fmt.Sprintf("failed to clone repository %v as it is not valid", repoURL), "error", cloneErr) os.Exit(1) } + policyYamls, err := listYAMLs(fs, "/") if err != nil { return rc, sanitizederror.NewWithError("failed to list YAMLs in repository", err) } sort.Strings(policyYamls) + for _, yamlFilePath := range policyYamls { file, err := fs.Open(yamlFilePath) if err != nil { errors = append(errors, sanitizederror.NewWithError("Error: failed to open file", err)) continue } + if strings.Contains(file.Name(), fileName) { testYamlCount++ policyresoucePath := strings.Trim(yamlFilePath, fileName) @@ -161,23 +168,28 @@ func testCommandExecute(dirPath []string, valuesFile string, fileName string) (r errors = append(errors, sanitizederror.NewWithError("Error: failed to read file", err)) continue } + policyBytes, err := yaml.ToJSON(bytes) if err != nil { errors = append(errors, sanitizederror.NewWithError("failed to convert to JSON", err)) continue } + if err := applyPoliciesFromPath(fs, policyBytes, valuesFile, true, policyresoucePath, rc); err != nil { return rc, sanitizederror.NewWithError("failed to apply test command", err) } } } + if testYamlCount == 0 { fmt.Printf("\n No test yamls available \n") } + } else { path := filepath.Clean(dirPath[0]) errors = getLocalDirTestFiles(fs, path, fileName, valuesFile, rc) } + if len(errors) > 0 && log.Log.V(1).Enabled() { fmt.Printf("ignoring errors: \n") for _, e := range errors { @@ -329,13 +341,11 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s } } - for _, policy := range mutatedPolicies { - p, err := json.Marshal(policy) - if err != nil { - return sanitizederror.NewWithError("failed to marsal mutated policy", err) - } - log.Log.V(5).Info("mutated Policy:", string(p)) + err = common.PrintMutatedPolicy(mutatedPolicies) + if err != nil { + return sanitizederror.NewWithError("failed to print mutated policy", err) } + resources, err := common.GetResourceAccordingToResourcePath(fs, fullResourcePath, false, mutatedPolicies, dClient, "", false, isGit, policyResourcePath) if err != nil { fmt.Printf("Error: failed to load resources\nCause: %s\n", err) @@ -368,32 +378,12 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s matches := common.PolicyHasVariables(*policy) variable := common.RemoveDuplicateAndObjectVariables(matches) - - kindOnwhichPolicyIsApplied := make(map[string]struct{}) - for _, rule := range policy.Spec.Rules { - for _, kind := range rule.MatchResources.ResourceDescription.Kinds { - kindOnwhichPolicyIsApplied[kind] = struct{}{} - } - for _, kind := range rule.ExcludeResources.ResourceDescription.Kinds { - kindOnwhichPolicyIsApplied[kind] = struct{}{} - } - } + kindOnwhichPolicyIsApplied := common.GetKindsFromPolicy(policy) for _, resource := range resources { - - thisPolicyResourceValues := make(map[string]string) - if len(valuesMap[policy.GetName()]) != 0 && !reflect.DeepEqual(valuesMap[policy.GetName()][resource.GetName()], Resource{}) { - thisPolicyResourceValues = valuesMap[policy.GetName()][resource.GetName()].Values - } - for k, v := range variables { - thisPolicyResourceValues[k] = v - } - - // skipping the variable check for non matching kind - if _, ok := kindOnwhichPolicyIsApplied[resource.GetKind()]; ok { - if len(variable) > 0 && len(thisPolicyResourceValues) == 0 && len(store.GetContext().Policies) == 0 { - return sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) - } + thisPolicyResourceValues, err := common.CheckVariableForPolicy(valuesMap, policy.GetName(), resource.GetName(), resource.GetKind(), variables, kindOnwhichPolicyIsApplied, variable) + if err != nil { + return sanitizederror.NewWithError(fmt.Sprintf("policy `%s` have variables. pass the values for the variables for resource `%s` using set/values_file flag", policy.Name, resource.GetName()), err) } validateErs, info, err := common.ApplyPolicyOnResource(policy, resource, "", false, thisPolicyResourceValues, true, namespaceSelectorMap, false, &resultCounts) From 39c58f661fec0b9879a4582152c9fd4bc92ea2da Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Fri, 3 Sep 2021 17:17:22 +0530 Subject: [PATCH 26/37] added exit code for policy report Signed-off-by: NoSkillGirl --- pkg/kyverno/apply/apply_command.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/kyverno/apply/apply_command.go b/pkg/kyverno/apply/apply_command.go index 42be26aa38..e3878e1100 100644 --- a/pkg/kyverno/apply/apply_command.go +++ b/pkg/kyverno/apply/apply_command.go @@ -346,10 +346,10 @@ func printReportOrViolation(policyReport bool, rc *common.ResultCounts, resource fmt.Printf("\npass: %d, fail: %d, warn: %d, error: %d, skip: %d \n", rc.Pass, rc.Fail, rc.Warn, rc.Error, rc.Skip) } + } - if rc.Fail > 0 || rc.Error > 0 { - os.Exit(1) - } + if rc.Fail > 0 || rc.Error > 0 { + os.Exit(1) } } From f9df03ee8153aca563b5c59f868e96abd301f665 Mon Sep 17 00:00:00 2001 From: Vyankatesh Kudtarkar Date: Fri, 3 Sep 2021 18:43:11 +0530 Subject: [PATCH 27/37] update test command for skip policies --- pkg/kyverno/common/common.go | 3 +++ pkg/kyverno/test/test_command.go | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/pkg/kyverno/common/common.go b/pkg/kyverno/common/common.go index e54fc15422..cd284c21bb 100644 --- a/pkg/kyverno/common/common.go +++ b/pkg/kyverno/common/common.go @@ -425,6 +425,9 @@ func GetVariable(variablesString, valuesFile string, fs billy.Filesystem, isGit yamlFile, err = ioutil.ReadAll(filep) } else { yamlFile, err = ioutil.ReadFile(filepath.Join(policyResourcePath, valuesFile)) + if err != nil { + fmt.Printf("\n Unable to open variable file: %s. error: %s \n", valuesFile, err) + } } if err != nil { diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 57939e15f5..50ffbf9b43 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -378,6 +378,16 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s matches := common.PolicyHasVariables(*policy) variable := common.RemoveDuplicateAndObjectVariables(matches) + + if len(variable) > 0 { + if len(variables) == 0 { + // check policy in variable file + if valuesFile == "" || valuesMap[policy.Name] == nil { + fmt.Printf("test skipped for policy %v (as required variables are not provided by the users) \n \n", policy.Name) + } + } + } + kindOnwhichPolicyIsApplied := common.GetKindsFromPolicy(policy) for _, resource := range resources { From 0d1b66213453365c19d1484a4b6ddd0fe63a7fd6 Mon Sep 17 00:00:00 2001 From: Sachin <57769917+slayer321@users.noreply.github.com> Date: Mon, 6 Sep 2021 02:52:51 -0700 Subject: [PATCH 28/37] add check for the forward slash (#2270) * add check for the forward slash Signed-off-by: slayer321 * fix errors Signed-off-by: slayer321 * fix minor errors Signed-off-by: slayer321 * fix regex Signed-off-by: slayer321 * fix error message Signed-off-by: slayer321 --- pkg/policy/validate.go | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/pkg/policy/validate.go b/pkg/policy/validate.go index 5de14db7e2..b5835da1fe 100644 --- a/pkg/policy/validate.go +++ b/pkg/policy/validate.go @@ -5,8 +5,10 @@ import ( "errors" "fmt" "reflect" + "regexp" "strings" + jsonpatch "github.com/evanphx/json-patch/v5" "github.com/jmespath/go-jmespath" c "github.com/kyverno/kyverno/pkg/common" "github.com/kyverno/kyverno/pkg/engine" @@ -21,9 +23,44 @@ import ( rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/yaml" log "sigs.k8s.io/controller-runtime/pkg/log" ) +// validateJSONPatchPathForForwardSlash checks for forward slash +func validateJSONPatchPathForForwardSlash(patch string) error { + + re, err := regexp.Compile("^/") + if err != nil { + return err + } + + jsonPatch, err := yaml.ToJSON([]byte(patch)) + if err != nil { + return err + } + + decodedPatch, err := jsonpatch.DecodePatch(jsonPatch) + if err != nil { + return err + } + + for _, operation := range decodedPatch { + path, err := operation.Path() + if err != nil { + return err + } + + val := re.MatchString(path) + + if !val { + return fmt.Errorf("%s", path) + } + + } + return nil +} + // Validate does some initial check to verify some conditions // - One operation per rule // - ResourceDescription mandatory checks @@ -51,6 +88,11 @@ func Validate(policy *kyverno.ClusterPolicy, client *dclient.Client, mock bool, } for i, rule := range p.Spec.Rules { + //check for forward slash + if err := validateJSONPatchPathForForwardSlash(rule.Mutation.PatchesJSON6902); err != nil { + return fmt.Errorf("path must begin with a forward slash: spec.rules[%d]: %s", i, err) + } + if jsonPatchOnPod(rule) { log.Log.V(1).Info("pods managed by workload controllers cannot be mutated using policies. Use the auto-gen feature or write policies that match pod controllers.") } From 0054da8cdb831c8ecdb4047931f28be44e0f9a9c Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Mon, 6 Sep 2021 18:15:52 +0530 Subject: [PATCH 29/37] issue fixed Signed-off-by: NoSkillGirl --- pkg/kyverno/common/fetch.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/kyverno/common/fetch.go b/pkg/kyverno/common/fetch.go index 627b015719..c98738ae87 100644 --- a/pkg/kyverno/common/fetch.go +++ b/pkg/kyverno/common/fetch.go @@ -33,6 +33,10 @@ func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient for _, policy := range policies { for _, rule := range policy.Spec.Rules { for _, kind := range rule.MatchResources.Kinds { + if strings.Contains(kind, "/") { + lastElement := kind[strings.LastIndex(kind, "/")+1:] + resourceTypesMap[lastElement] = true + } resourceTypesMap[kind] = true } } From 1180ba4a86133c1f8f82b4dcc422d4bc16b0aa82 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Tue, 7 Sep 2021 20:23:03 +0530 Subject: [PATCH 30/37] handling autogen Signed-off-by: NoSkillGirl --- pkg/kyverno/test/test_command.go | 45 +++++++++++++++++++++++--------- 1 file changed, 33 insertions(+), 12 deletions(-) diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index 50ffbf9b43..d669edfc0d 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -71,11 +71,12 @@ type Test struct { } type TestResults struct { - Policy string `json:"policy"` - Rule string `json:"rule"` - Result report.PolicyResult `json:"result"` - Status report.PolicyResult `json:"status"` - Resource string `json:"resource"` + Policy string `json:"policy"` + Rule string `json:"rule"` + Result report.PolicyResult `json:"result"` + Status report.PolicyResult `json:"status"` + Resource string `json:"resource"` + AutoGeneratedRule bool `json:"auto_generated_rule"` } type ReportResult struct { @@ -234,9 +235,10 @@ func getLocalDirTestFiles(fs billy.Filesystem, path, fileName, valuesFile string return errors } -func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResults, infos []policyreport.Info) map[string]report.PolicyReportResult { +func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResults, infos []policyreport.Info) (map[string]report.PolicyReportResult, []TestResults) { results := make(map[string]report.PolicyReportResult) now := metav1.Timestamp{Seconds: time.Now().Unix()} + for _, resp := range resps { policyName := resp.PolicyResponse.Policy.Name resourceName := resp.PolicyResponse.Resource.Name @@ -253,10 +255,15 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu }, }, } - for _, test := range testResults { + for i, test := range testResults { if test.Policy == policyName && test.Resource == resourceName { if !util.ContainsString(rules, test.Rule) { - result.Result = report.StatusSkip + if !util.ContainsString(rules, "autogen-"+test.Rule) { + result.Result = report.StatusSkip + } else { + testResults[i].AutoGeneratedRule = true + test.Rule = "autogen-" + test.Rule + } } resultsKey := fmt.Sprintf("%s-%s-%s", test.Policy, test.Rule, test.Resource) if _, ok := results[resultsKey]; !ok { @@ -265,9 +272,11 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu } } } + for _, info := range infos { for _, infoResult := range info.Results { for _, rule := range infoResult.Rules { + if rule.Type != utils.Validation.String() { continue } @@ -280,14 +289,16 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu } result.Rule = rule.Name result.Result = report.PolicyResult(rule.Check) + result.Source = policyreport.SourceValue result.Timestamp = now results[resultsKey] = result + } } } - return results + return results, testResults } func getPolicyResourceFullPath(path []string, policyResourcePath string, isGit bool) []string { @@ -404,8 +415,9 @@ func applyPoliciesFromPath(fs billy.Filesystem, policyBytes []byte, valuesFile s pvInfos = append(pvInfos, info) } } - resultsMap := buildPolicyResults(validateEngineResponses, values.Results, pvInfos) - resultErr := printTestResult(resultsMap, values.Results, rc) + resultsMap, testResults := buildPolicyResults(validateEngineResponses, values.Results, pvInfos) + + resultErr := printTestResult(resultsMap, testResults, rc) if resultErr != nil { return sanitizederror.NewWithError("Unable to genrate result. Error:", resultErr) } @@ -425,7 +437,16 @@ func printTestResult(resps map[string]report.PolicyReportResult, testResults []T res.Policy = boldFgCyan.Sprintf(v.Policy) res.Rule = boldFgCyan.Sprintf(v.Rule) res.Resource = boldFgCyan.Sprintf(v.Resource) - resultKey := fmt.Sprintf("%s-%s-%s", v.Policy, v.Rule, v.Resource) + + var ruleNameInResultKey string + if v.AutoGeneratedRule { + ruleNameInResultKey = fmt.Sprintf("autogen-%s", v.Rule) + } else { + ruleNameInResultKey = v.Rule + } + + resultKey := fmt.Sprintf("%s-%s-%s", v.Policy, ruleNameInResultKey, v.Resource) + var testRes report.PolicyReportResult if val, ok := resps[resultKey]; ok { testRes = val From 1b0c80b39f3c4225260b2688ace041d3ae7efed2 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Tue, 7 Sep 2021 22:27:29 +0530 Subject: [PATCH 31/37] fixed test cases Signed-off-by: NoSkillGirl --- pkg/kyverno/test/test_command.go | 23 +++++++++++++++-------- test/cli/test/autogen/test.yaml | 12 ++++++------ 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/pkg/kyverno/test/test_command.go b/pkg/kyverno/test/test_command.go index d669edfc0d..b277c2558c 100644 --- a/pkg/kyverno/test/test_command.go +++ b/pkg/kyverno/test/test_command.go @@ -76,7 +76,7 @@ type TestResults struct { Result report.PolicyResult `json:"result"` Status report.PolicyResult `json:"status"` Resource string `json:"resource"` - AutoGeneratedRule bool `json:"auto_generated_rule"` + AutoGeneratedRule string `json:"auto_generated_rule"` } type ReportResult struct { @@ -247,6 +247,7 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu for _, rule := range resp.PolicyResponse.Rules { rules = append(rules, rule.Name) } + result := report.PolicyReportResult{ Policy: policyName, Resources: []*corev1.ObjectReference{ @@ -255,16 +256,23 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu }, }, } + for i, test := range testResults { if test.Policy == policyName && test.Resource == resourceName { if !util.ContainsString(rules, test.Rule) { if !util.ContainsString(rules, "autogen-"+test.Rule) { - result.Result = report.StatusSkip + if !util.ContainsString(rules, "autogen-cronjob-"+test.Rule) { + result.Result = report.StatusSkip + } else { + testResults[i].AutoGeneratedRule = "autogen-cronjob" + test.Rule = "autogen-cronjob-" + test.Rule + } } else { - testResults[i].AutoGeneratedRule = true + testResults[i].AutoGeneratedRule = "autogen" test.Rule = "autogen-" + test.Rule } } + resultsKey := fmt.Sprintf("%s-%s-%s", test.Policy, test.Rule, test.Resource) if _, ok := results[resultsKey]; !ok { results[resultsKey] = result @@ -276,10 +284,10 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu for _, info := range infos { for _, infoResult := range info.Results { for _, rule := range infoResult.Rules { - if rule.Type != utils.Validation.String() { continue } + var result report.PolicyReportResult resultsKey := fmt.Sprintf("%s-%s-%s", info.PolicyName, rule.Name, infoResult.Resource.Name) if val, ok := results[resultsKey]; ok { @@ -287,13 +295,12 @@ func buildPolicyResults(resps []*response.EngineResponse, testResults []TestResu } else { continue } + result.Rule = rule.Name result.Result = report.PolicyResult(rule.Check) - result.Source = policyreport.SourceValue result.Timestamp = now results[resultsKey] = result - } } } @@ -439,8 +446,8 @@ func printTestResult(resps map[string]report.PolicyReportResult, testResults []T res.Resource = boldFgCyan.Sprintf(v.Resource) var ruleNameInResultKey string - if v.AutoGeneratedRule { - ruleNameInResultKey = fmt.Sprintf("autogen-%s", v.Rule) + if v.AutoGeneratedRule != "" { + ruleNameInResultKey = fmt.Sprintf("%s-%s", v.AutoGeneratedRule, v.Rule) } else { ruleNameInResultKey = v.Rule } diff --git a/test/cli/test/autogen/test.yaml b/test/cli/test/autogen/test.yaml index dcf402e848..d6bef7195f 100644 --- a/test/cli/test/autogen/test.yaml +++ b/test/cli/test/autogen/test.yaml @@ -17,36 +17,36 @@ results: # TEST: Deployment with Labels Should Pass - policy: require-common-labels - rule: autogen-check-for-labels + rule: check-for-labels result: pass resource: deployment-with-labels # TEST: Deployment with Labels Should Fail - policy: require-common-labels - rule: autogen-check-for-labels + rule: check-for-labels result: fail resource: deployment-missing-labels # TEST: StatefulSet with Labels Should Pass - policy: require-common-labels - rule: autogen-check-for-labels + rule: check-for-labels result: pass resource: StatefulSet-with-labels # TEST: StatefulSet with Labels Should fail - policy: require-common-labels - rule: autogen-check-for-labels + rule: check-for-labels result: fail resource: StatefulSet-without-labels # TEST: Cronjob with Labels Should pass - policy: require-common-labels - rule: autogen-cronjob-check-for-labels + rule: check-for-labels result: pass resource: cronjob-with-labels # TEST: Cronjob without Labels Should fail - policy: require-common-labels - rule: autogen-cronjob-check-for-labels + rule: check-for-labels result: fail resource: cronjob-without-labels From 511db4372be296e5907b74f0e6ef96faa1e730e2 Mon Sep 17 00:00:00 2001 From: Jim Bugwadia Date: Tue, 7 Sep 2021 21:29:20 -0700 Subject: [PATCH 32/37] update cosign (#2369) Signed-off-by: Jim Bugwadia --- go.mod | 7 +- go.sum | 322 +++++++++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 295 insertions(+), 34 deletions(-) diff --git a/go.mod b/go.mod index 215d557602..775715de07 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/go-git/go-billy/v5 v5.0.0 github.com/go-git/go-git/v5 v5.2.0 github.com/go-logr/logr v0.4.0 - github.com/google/go-containerregistry v0.5.1 + github.com/google/go-containerregistry v0.6.0 github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20210216200643-d81088d9983e github.com/googleapis/gnostic v0.5.4 github.com/jmespath/go-jmespath v0.4.0 @@ -30,9 +30,8 @@ require ( github.com/patrickmn/go-cache v2.1.0+incompatible github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.11.0 - github.com/sigstore/cosign v1.0.0 - github.com/sigstore/rekor v0.3.0 // indirect - github.com/sigstore/sigstore v0.0.0-20210726180807-7e34e36ecda1 + github.com/sigstore/cosign v1.1.0 + github.com/sigstore/sigstore v0.0.0-20210729211320-56a91f560f44 github.com/spf13/cobra v1.2.1 github.com/stretchr/testify v1.7.0 gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index 14f539ff95..2a82308e59 100644 --- a/go.sum +++ b/go.sum @@ -28,8 +28,9 @@ cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.88.0 h1:MZ2cf9Elnv1wqccq8ooKO2MqHQLc+ChCp/+QWObCpxg= cloud.google.com/go v0.88.0/go.mod h1:dnKwfYbP9hQhefiUvpbcAyoGSHUrOxR20JVElLiUvEY= +cloud.google.com/go v0.90.0 h1:MjvSkUq8RuAb+2JLDi5VQmmExRJPUQ3JLCWpRB6fmdw= +cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -54,6 +55,7 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.15.0/go.mod h1:mjjQMoxxyGH7Jr8K5qrx6N2O0AHsczI61sMNn03GIZI= +cloud.google.com/go/storage v1.16.0 h1:1UwAux2OZP4310YXg5ohqBEpV16Y93uZG4+qOX7K2Kg= cloud.google.com/go/storage v1.16.0/go.mod h1:ieKBmUyzcftN5tbxwnXClMKH00CfcQ+xL6NN0r5QfmE= code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= @@ -71,12 +73,12 @@ github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuE github.com/Azure/azure-amqp-common-go/v3 v3.1.0/go.mod h1:PBIGdzcO1teYoufTKMcGibdKaYZv4avS+O6LNIp8bq0= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-pipeline-go v0.2.3/go.mod h1:x841ezTBIMG6O3lAcl8ATHnsOPVl2bqk7S3ta6S6u4k= +github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v43.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v51.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v54.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v55.7.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v55.8.0+incompatible h1:EuccMPzxu67cIE95/mrtwQivLv7ETmURi5IUgLNVug8= github.com/Azure/azure-sdk-for-go v55.8.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= @@ -87,6 +89,7 @@ github.com/Azure/go-amqp v0.13.0/go.mod h1:qj+o8xPCz9tMSbQ83Vp8boHahuRDl5mkNHyt1 github.com/Azure/go-amqp v0.13.4/go.mod h1:wbpCKA8tR5MLgRyIu+bb+S6ECdIDdYJ0NlpFE9xsBPI= github.com/Azure/go-amqp v0.13.7/go.mod h1:wbpCKA8tR5MLgRyIu+bb+S6ECdIDdYJ0NlpFE9xsBPI= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v11.7.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= @@ -106,9 +109,8 @@ github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQW github.com/Azure/go-autorest/autorest/adal v0.9.2/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.11/go.mod h1:nBKAnTomx8gDtl+3ZCJv2v0KACFHWTB2drffI1B68Pk= +github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= -github.com/Azure/go-autorest/autorest/adal v0.9.14 h1:G8hexQdV5D4khOXrWG2YuLCFKhWYmWD8bHYaXN5ophk= -github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/azure/auth v0.5.7/go.mod h1:AkzUsqkrdmNhfP2i54HqINVQopw0CLDnvHpJ88Zz1eI= github.com/Azure/go-autorest/autorest/azure/auth v0.5.8/go.mod h1:kxyKZTSfKh8OVFWPAgOgQ/frrJgeYQJPyR5fLFmXko4= github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= @@ -153,9 +155,24 @@ github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig v2.16.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= +github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= +github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= +github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= +github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= +github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= +github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= +github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg= +github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= +github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= +github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= +github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -169,6 +186,7 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/ReneKroon/ttlcache/v2 v2.7.0 h1:sZeaSwA2UN/y/h7CvkW15Kovd2Oiy76CBDORiOwHPwI= github.com/ReneKroon/ttlcache/v2 v2.7.0/go.mod h1:mBxvsNY+BT8qLLd6CuAJubbKo6r0jh3nb5et22bbfGY= +github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/sarama v1.24.1/go.mod h1:fGP8eQ6PugKEI0iUETYYtnP6d1pH/bdDMTel1X5ajsU= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= @@ -187,6 +205,7 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= @@ -221,6 +240,7 @@ github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:W github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= +github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= @@ -236,7 +256,6 @@ github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/ github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.39.6/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.40.4/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.40.7 h1:dD5+UZxedqHeE4WakJHEhTsEARYlq8kHkYEf89R1tEo= github.com/aws/aws-sdk-go v1.40.7/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= @@ -248,19 +267,28 @@ github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NR github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= +github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= +github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= +github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= +github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= +github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= +github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/bytecodealliance/wasmtime-go v0.28.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= @@ -271,7 +299,6 @@ github.com/cavaliercoder/go-rpm v0.0.0-20200122174316-8cb9fd9c31a8/go.mod h1:AZI github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -281,11 +308,16 @@ github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/cheggaaa/pb v1.0.28/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg= +github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc= +github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= +github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= @@ -301,20 +333,93 @@ github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u9 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= +github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= +github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= +github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= +github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= +github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E= +github.com/containerd/btrfs v0.0.0-20210316141732-918d888fb676/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss= +github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss= +github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI= github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko= +github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM= +github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= +github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= +github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= +github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= +github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= +github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= +github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= +github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ= +github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.4/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ= +github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU= +github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI= +github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= +github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= +github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20200709052629-daa8e1ccc0bc/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= +github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= +github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= +github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= +github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= +github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= +github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= +github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= +github.com/containerd/fifo v0.0.0-20210316144830-115abcc95a1d/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4= +github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4= +github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU= +github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk= github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= +github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= +github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g= +github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok= +github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok= +github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0= +github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA= +github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow= +github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms= +github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= +github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= +github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/stargz-snapshotter/estargz v0.0.0-20201223015020-a9a0c2d64694/go.mod h1:E9uVkkBKf0EaC39j2JVW9EzdNhYvpz6eQIjILHebruk= -github.com/containerd/stargz-snapshotter/estargz v0.4.1 h1:5e7heayhB7CcgdTkqfZqrNaNv15gABwr3Q2jBTbLlt4= github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM= +github.com/containerd/stargz-snapshotter/estargz v0.7.0 h1:1d/rydzTywc76lnjJb6qbPCiTiCwts49AzKps/Ecblw= +github.com/containerd/stargz-snapshotter/estargz v0.7.0/go.mod h1:83VWDqHnurTKliEB0YvWMiCfLDwv4Cjj1X9Vk98GJZw= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= +github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= +github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= +github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= +github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= +github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk= +github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg= +github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= +github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw= +github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y= +github.com/containerd/zfs v0.0.0-20210315114300-dde8f0fda960/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY= +github.com/containerd/zfs v0.0.0-20210324211415-d5c4544f0433/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY= +github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNRIRHsFY= +github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= +github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= +github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= +github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= +github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= +github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= +github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= +github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/coredns/coredns v1.4.0/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= @@ -325,12 +430,16 @@ github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc github.com/coreos/etcd v3.3.15+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.17+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= +github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= +github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-oidc/v3 v3.0.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.1/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -345,8 +454,14 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/cyberphone/json-canonicalization v0.0.0-20210303052042-6bc126869bf4 h1:7AjYfmq7AmviXsuZjV5DcE7PuhJ4dWMi8gLllpLVDQY= github.com/cyberphone/json-canonicalization v0.0.0-20210303052042-6bc126869bf4/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= +github.com/cyberphone/json-canonicalization v0.0.0-20210823021906-dc406ceaf94b h1:lMzA7yYThpwx7iYNpTeiQnRH6h5JSfSYMJdz+pxZOW8= +github.com/cyberphone/json-canonicalization v0.0.0-20210823021906-dc406ceaf94b/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= +github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= +github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= +github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= +github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= +github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= github.com/danieljoos/wincred v1.0.2/go.mod h1:SnuYRW9lp1oJrZX/dXJqr0cPK5gYXqx3EJbmjhLdK9U= github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= github.com/danieljoos/wincred v1.1.1/go.mod h1:gSBQmTx6G0VmLowygiA7ZD0p0E09HJ68vta8z/RT2d0= @@ -362,7 +477,9 @@ github.com/decred/dcrd/chaincfg/chainhash v1.0.2/go.mod h1:BpbrGgrPTr3YJYRN3Bm+D github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc= github.com/decred/dcrd/dcrec/secp256k1/v3 v3.0.0/go.mod h1:J70FGZSbzsjecRTiTzER+3f1KZLNaXkuv+yeFTKoxM8= github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= +github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= +github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= @@ -371,19 +488,28 @@ github.com/distribution/distribution v2.7.1+incompatible h1:aGFx4EvJWKEh//lHPLwF github.com/distribution/distribution v2.7.1+incompatible/go.mod h1:EgLm2NgWtdKgzF9NpMzUKgzmR7AMmb0VQi2B+ZzDRjc= github.com/djherbis/atime v1.0.0/go.mod h1:5W+KBIuTwVGcqjIfaTwt+KSYX1o6uep8dtevevQP/f8= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017 h1:2HQmlpI3yI9deH18Q6xiSOIjXD4sLI55Y/gfpa8/558= github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v20.10.7+incompatible h1:pv/3NqibQKphWZiAskMzdz8w0PRbtTaEB+f6NwdU7Is= +github.com/docker/cli v20.10.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= +github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v1.4.2-0.20200319182547-c7ad2b866182 h1:Caj/qGJ9KyulC1WSksyPgp7r8+DKgTGfU39lmb2C5MQ= github.com/docker/docker v1.4.2-0.20200319182547-c7ad2b866182/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.7+incompatible h1:Z6O9Nhsjv+ayUEeI1IojKbYcsGdgYSNqxe1s2MYzUhQ= +github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= +github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= +github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI= +github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -434,14 +560,17 @@ github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVB github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.4.1/go.mod h1:36zfPVQyHxymz4cH7wlDmVwDrJuljRB60qkgn7rorfQ= github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y= +github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= github.com/gabriel-vasile/mimetype v1.3.1/go.mod h1:fA8fi6KUiG7MgQQ+mEWotXoEOvmxRtOJlERCzSmRvr8= github.com/gardener/controller-manager-library v0.2.0 h1:MyxL0k10lwBf8TXkbnuN+oEOkHwCNhp3SKj+ad2w62s= github.com/gardener/controller-manager-library v0.2.0/go.mod h1:oCK7fW2VpsMhmUh5c6cOhsN8p9Tth1OM3rRtogDF11k= +github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -643,11 +772,15 @@ github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22 github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= github.com/goccy/go-json v0.4.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= +github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= +github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= +github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= @@ -700,6 +833,7 @@ github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8l github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -723,8 +857,9 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-containerregistry v0.4.1-0.20210128200529-19c2b639fab1/go.mod h1:GU9FUA/X9rd2cV3ZoUNaWihp27tki6/38EsVzL2Dyzc= -github.com/google/go-containerregistry v0.5.1 h1:/+mFTs4AlwsJ/mJe8NDtKb7BxLtbZFpcn8vDsneEkwQ= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= +github.com/google/go-containerregistry v0.6.0 h1:niQ+8XD//kKgArIFwDVBXsWVWbde16LPdHMyNwSC8h4= +github.com/google/go-containerregistry v0.6.0/go.mod h1:euCCtNbZ6tKqi1E72vwDj2xZcN5ttKpZLfa/wSo5iLw= github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20210216200643-d81088d9983e h1:pp+PpkeMYPv6BntoPnK0BjPGSxDIE1wUBMpRjWL7GY8= github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20210216200643-d81088d9983e/go.mod h1:n9wRxRfKkHy6ZFyj0jJQHw11P+mGLnED4sqegwrXxDk= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= @@ -736,14 +871,15 @@ github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwG github.com/google/go-replayers/httpreplay v0.1.2/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible h1:xmapqc1AyLoB+ddYT6r04bD9lIjlOqGaREovi0SzFaE= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.2.1 h1:d8MncMlErDFTwQGBK1xhv026j9kqhvw1Qv9IbWT1VLQ= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -760,6 +896,7 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210715191844-86eeefc3e471/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= github.com/google/rpmpack v0.0.0-20210518075352-dc539ef4f2ea/go.mod h1:+y9lKiqDhR4zkLl+V9h4q0rdyrYVsWWm6LLCQP33DIk= @@ -798,9 +935,11 @@ github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1: github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/handlers v1.4.0/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= @@ -829,6 +968,7 @@ github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBt github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= +github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= @@ -846,6 +986,7 @@ github.com/hashicorp/go-immutable-radix v1.1.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjh github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= @@ -904,14 +1045,16 @@ github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.10 h1:6q5mVkdH/vYmqngx7kZQTjJ5HRsx+ImorDIEQ+beJgc= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/in-toto/in-toto-golang v0.2.1-0.20210627200632-886210ae2ab9 h1:j7klXz5kh0ydPmHkBtJ/Al27G1/au4sH7OkGhkgRJWg= github.com/in-toto/in-toto-golang v0.2.1-0.20210627200632-886210ae2ab9/go.mod h1:Skbg04kmfB7IAnEIsspKPg/ny1eiFt/TgPr9SDCHusA= github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf/go.mod h1:hyb9oH7vZsitZCiBt0ZvifOrB+qc8PS5IiilCIb87rg= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= +github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= @@ -940,6 +1083,7 @@ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/ github.com/json-iterator/go v1.1.11 h1:uVUAXhF2To8cbw/3xN3pxj6kk7TYKs98NIrTqPlMWAQ= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -965,7 +1109,12 @@ github.com/klauspost/compress v1.9.4/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0 github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.9.7/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs= +github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/cpuid v1.2.2/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= @@ -1038,6 +1187,7 @@ github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEX github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/pkger v0.17.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= +github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a h1:+J2gw7Bw77w/fbK7wnNJJDKmw1IbWft2Ul5BzrG1Qm8= github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a/go.mod h1:M1qoD/MqPgTZIk0EWKB38wE28ACRfVcn+cU08jyArI0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -1066,6 +1216,7 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -1098,6 +1249,7 @@ github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= github.com/minio/sio v0.2.0/go.mod h1:nKM5GIWSrqbOZp0uhyj6M1iA0X6xQzSGtYSaTKSCut0= github.com/minio/sio v0.2.1/go.mod h1:8b0yPp2avGThviy/+OCJBI6OMpvxoUuiLvE6F1lebhw= +github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= @@ -1115,9 +1267,14 @@ github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= +github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= +github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1133,6 +1290,7 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= +github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -1154,6 +1312,7 @@ github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxzi github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/nats-io/stan.go v0.4.5/go.mod h1:Ji7mK6gRZJSH1nc3ZJH6vi7zn/QnZhpR9Arm4iuzsUQ= github.com/ncw/directio v1.0.5/go.mod h1:rX/pKEYkOXBGOggmcyJeJGloCkleSvphPx2eV3t6ROk= +github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/nsqio/go-nsq v1.0.7/go.mod h1:XP5zaUs3pqf+Q71EqUJs3HYfBIqfK6G83WQMdNN+Ito= @@ -1166,6 +1325,7 @@ github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= +github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -1178,6 +1338,7 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108 github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.15.0 h1:1V1NfVQR87RtWAgp1lv9JZJ5Jap+XFGKPi00andXGi4= github.com/onsi/ginkgo v1.15.0/go.mod h1:hF8qUzuuC8DJGygJH3726JnCZX4MYbRB8yFfISqnKUg= +github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -1191,16 +1352,29 @@ github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDs github.com/onsi/gomega v1.11.0 h1:+CqWgvj0OZycCaqclBD1pxKHAU+tOkHmQIWvDHq2aug= github.com/onsi/gomega v1.11.0/go.mod h1:azGKhqFUon9Vuj0YmTfLSmx0FUwqXYSTl5re8lQLTUg= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/open-policy-agent/opa v0.30.2/go.mod h1:+Bv1G/E7Irxgm5zLNXiHuxYqMaqJUSKyBhIGxeneoGA= +github.com/open-policy-agent/opa v0.31.0/go.mod h1:aeLYiWaZe9ikcX67qLzmtRTOxj7psNYh6YGTbTW6V+s= +github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= +github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= +github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= +github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= @@ -1230,6 +1404,7 @@ github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/9 github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo= github.com/pelletier/go-toml v1.6.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys= github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= +github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/pelletier/go-toml v1.9.3 h1:zeC5b1GviRUyKYd6OJPvBU/mcVDVoL1OhT17FCt5dSQ= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= @@ -1255,11 +1430,13 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= +github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= @@ -1267,6 +1444,7 @@ github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -1274,15 +1452,16 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.29.0 h1:3jqPBvKT4OHAbje2Ql7KeaaSicDBCxMYwEJU1zRJceE= @@ -1292,7 +1471,10 @@ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= +github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= @@ -1321,9 +1503,11 @@ github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rubiojr/go-vhd v0.0.0-20200706105327-02e210299021/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/sassoftware/go-rpmutils v0.1.1/go.mod h1:euhXULoBpvAxqrBHEyJS4Tsu3hHxUmQWNymxoJbzgUY= @@ -1332,6 +1516,7 @@ github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74/go.mod h1:YlB8wF github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/secure-io/sio-go v0.3.0/go.mod h1:D3KmXgKETffyYxBdFRN+Hpd2WzhzqS0EQwT3XWsAcBU= github.com/secure-io/sio-go v0.3.1/go.mod h1:+xbkjDzPjwh4Axd07pRKSNriS9SCiYksWnZqdnfpQxs= github.com/segmentio/ksuid v1.0.3/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= @@ -1345,17 +1530,16 @@ github.com/shibumi/go-pathspec v1.2.0/go.mod h1:bDxCftD0fST3qXIlHoQ/fChsU4mWMVkl github.com/shirou/gopsutil v2.18.12+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= github.com/shirou/gopsutil/v3 v3.21.4/go.mod h1:ghfMypLDrFSWN2c9cDYFLHyynQ+QUht0cv/18ZqVczw= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sigstore/cosign v1.0.0 h1:jvsRP8ZfEc5jAnj2cGQo5S02VQ7h7rXwpiXYJF4n0+0= -github.com/sigstore/cosign v1.0.0/go.mod h1:XdYJiB4fkKo+OepAHtDgWU6n1MpP08eM8H2rIr5QU4U= +github.com/sigstore/cosign v1.1.0 h1:fvoQAyR3N7GmRhE/Le02eo9qBWau0784wcIk7EjLJGQ= +github.com/sigstore/cosign v1.1.0/go.mod h1:L7DOTaKaaWG+EOB9IKk6g8CZqwawrmeMVukXFJPevzs= github.com/sigstore/fulcio v0.1.1/go.mod h1:HAsi0o0xMmBIauM9QkJ4dyvmeEzK1ZGcmH33gQ6xO3c= -github.com/sigstore/rekor v0.2.1-0.20210714185543-38d532d5c0b1/go.mod h1:cL9B3+/gp3BG+/bhkSHBA3MQZMten5xM6BhJYd5b5zU= github.com/sigstore/rekor v0.3.0 h1:OBEvo/Rv8NKKtiWq0WRHgXFpVPe1fGiqz93dfBh/Myo= github.com/sigstore/rekor v0.3.0/go.mod h1:cL9B3+/gp3BG+/bhkSHBA3MQZMten5xM6BhJYd5b5zU= github.com/sigstore/sigstore v0.0.0-20210713222344-1fee53516622/go.mod h1:aOSeNrlcHsfUD8Q1hwWd8KloNqBnxEZlu4k47cFg5rg= -github.com/sigstore/sigstore v0.0.0-20210722023421-fd3b69438dba/go.mod h1:p+VFprG1w+oRcb3fgEKa9uvw3/7N9TR0srIi2JerPKo= -github.com/sigstore/sigstore v0.0.0-20210726180807-7e34e36ecda1 h1:4pct+K5MTh3G4AbiSjYpYT3MVVI5WdDdJZEr9bTkLb8= -github.com/sigstore/sigstore v0.0.0-20210726180807-7e34e36ecda1/go.mod h1:/za/jqA/1XazvjIfvvtDkIAJZWKqkbcT5VTpHR7hnfQ= +github.com/sigstore/sigstore v0.0.0-20210729211320-56a91f560f44 h1:V7tcgdv69z2dAn31YzOjc6tGuZHpjC3kcpYT+XJmw4s= +github.com/sigstore/sigstore v0.0.0-20210729211320-56a91f560f44/go.mod h1:rJpRn7XmR/YrfNGDU9jh+vy5WMeSv5YKfNDBwnFg+Qg= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= +github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= @@ -1414,11 +1598,13 @@ github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5q github.com/spf13/viper v1.8.1 h1:Kq1fyeebqsBfbjZj4EL7gj2IO0mMaiyjYUWcUsl2O44= github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= +github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= +github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= @@ -1426,6 +1612,7 @@ github.com/stretchr/objx v0.3.0 h1:NGXK3lHquSN08v5vWalVI/L8XU9hdzE/G6xsrze47As= github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -1435,12 +1622,19 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= +github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE= github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ= +github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= +github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 h1:iGnD/q9160NWqKZZ5vY4p0dMiYMRknzctfSkqA4nBDw= github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613/go.mod h1:g6AnIpDSYMcphz193otpSIzN+11Rs+AAIIC6rm1enug= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/theupdateframework/go-tuf v0.0.0-20210630170422-22a94818d17b/go.mod h1:L+uU/NRFK/7h0NYAnsmvsX9EghDB5QVCcHCIrK2h5nw= -github.com/theupdateframework/go-tuf v0.0.0-20210722233521-90e262754396 h1:j4odVZMwglHp54CYsNHd0wls+lkQzxloQU9AQjQu0W4= github.com/theupdateframework/go-tuf v0.0.0-20210722233521-90e262754396/go.mod h1:L+uU/NRFK/7h0NYAnsmvsX9EghDB5QVCcHCIrK2h5nw= +github.com/theupdateframework/go-tuf v0.0.0-20210804171843-477a5d73800a h1:jH3DSl+6QKbX+koCvBf3cP+1mLRANxk36/hUtvA6HVg= +github.com/theupdateframework/go-tuf v0.0.0-20210804171843-477a5d73800a/go.mod h1:aDPMGsrpdPQqJa0ryp7LovT6qSqZ/zKmUDTHZK+wIf4= github.com/tidwall/gjson v1.3.5/go.mod h1:P256ACg0Mn+j1RXIDXoss50DeIABTYK1PULOJHhxOls= github.com/tidwall/match v1.0.1/go.mod h1:LujAq0jyVjBy028G1WhWfIzbpQfMO8bBZ6Tyb0+pL9E= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= @@ -1476,13 +1670,22 @@ github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0o github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= github.com/vdemeester/k8s-pkg-credentialprovider v1.19.7 h1:MJ5fV2Z0OyIuPvFVs0vi6VjTjxpdK1QT8oX/aWiUjYM= github.com/vdemeester/k8s-pkg-credentialprovider v1.19.7/go.mod h1:K2nMO14cgZitdwBqdQps9tInJgcaXcU/7q5F59lpbNI= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= +github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= +github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= +github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= +github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= +github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= +github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= +github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= +github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= @@ -1492,8 +1695,10 @@ github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6 github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= @@ -1507,6 +1712,9 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= +github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= +github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= github.com/zalando/go-keyring v0.1.0/go.mod h1:RaxNwUITJaHVdQ0VC7pELPZ3tOWn13nr0gZMZEhpVU0= github.com/zalando/go-keyring v0.1.1/go.mod h1:OIC+OZ28XbmwFxU/Rp9V7eKzZjamBJwRzC8UFJH9+L8= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -1550,6 +1758,7 @@ go.mongodb.org/mongo-driver v1.4.6/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4S go.mongodb.org/mongo-driver v1.5.1/go.mod h1:gRXCHX4Jo7J0IJ1oDQyUxF7jfy19UfxniMS4xxMmUqw= go.mongodb.org/mongo-driver v1.6.0 h1:ccc26ylcoRWJQRbjU7GvqfxNzwKcoIcEL3BPuFR/pJ0= go.mongodb.org/mongo-driver v1.6.0/go.mod h1:Q4oFMbo1+MSNqICAdYMlC/zSTrwCogR4R8NzkI+yfU8= +go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= @@ -1609,6 +1818,7 @@ gocloud.dev v0.23.0/go.mod h1:zklCCIIo1N9ELkU2S2E7tW8P8eeMU7oGLeQCXdDwx9Q= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181106171534-e4dc69e5b2fd/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -1644,6 +1854,7 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= @@ -1696,6 +1907,7 @@ golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1761,9 +1973,8 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210505024714-0287a6fb4125/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210505214959-0714010a04ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210716203947-853a461950ff h1:j2EK/QoxYNBsXI4R7fQkkRUk8y6wnOBI+6hgPdP/6Ds= -golang.org/x/net v0.0.0-20210716203947-853a461950ff/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1783,8 +1994,9 @@ golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210615190721-d04028783cf1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914 h1:3B43BWw0xEBsLZ/NO1VALz6fppU3481pik+2Ksv45z8= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a h1:4Kd8OPUx1xgUwrHDaviWZO8MsgoZTZYC3g+8m16RBww= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1825,14 +2037,19 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1842,19 +2059,25 @@ golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191112214154-59a1497f0cea/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1867,17 +2090,25 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200828194041-157a740278f4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1891,6 +2122,7 @@ golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210316164454-77fc1eacc6aa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2033,6 +2265,7 @@ gomodules.xyz/jsonpatch/v2 v2.1.0/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3m gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= +google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -2067,8 +2300,9 @@ google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4yl google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.49.0/go.mod h1:BECiH72wsfwUvOVn3+btPD5WHi0LzavZReBndi42L18= -google.golang.org/api v0.50.0 h1:LX7NFCFYOHzr7WHaYiRUpeipZe9o5L8T+2F4Z798VDw= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= +google.golang.org/api v0.51.0 h1:SQaA2Cx57B+iPw2MBgyjEkoeMkRK2IenSGoia0U3lCk= +google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2081,6 +2315,7 @@ google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -2091,6 +2326,7 @@ google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190513181449-d00d292a067c/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= +google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= @@ -2101,6 +2337,7 @@ google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvx google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -2149,10 +2386,13 @@ google.golang.org/genproto v0.0.0-20210617175327-b9e0b3197ced/go.mod h1:SzzZ/N+n google.golang.org/genproto v0.0.0-20210624174822-c5cf32407d0a/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210719143636-1d5a45f8e492/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210721163202-f1cecdd8b78a/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f h1:YORWxaStkWBnWgELOHTmDrqNlFXuVGEbhwbB5iK94bQ= google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67 h1:VmMSf20ssFK0+u1dscyTH9bU4/M4y+X/xNfkvD6kGtM= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -2165,6 +2405,7 @@ google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -2184,8 +2425,9 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0 h1:Klz8I9kdtkIN6EpHHUOMLCYhTn/2WAe5a0s1hcBkdTI= google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1 h1:f37vZbBVTiJ6jKG5mWz8ySOBxNqy6ViPgyhSdVnxF3E= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2206,6 +2448,7 @@ gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20141024133853-64131543e789/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -2273,6 +2516,7 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= +gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2287,6 +2531,9 @@ k8s.io/api v0.16.4/go.mod h1:AtzMnsR45tccQss5q8RnF+W8L81DH6XwXwo/joEx9u0= k8s.io/api v0.19.7/go.mod h1:KTryDUT3l6Mtv7K2J2486PNL9DBns3wOYTkGR+iz63Y= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.2/go.mod h1:d7n6Ehyzx+S+cE3VhTGfVNNqtGc/oL9DCdYYahlurV8= +k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= +k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= +k8s.io/api v0.20.7/go.mod h1:4x0yErUkcEWYG+O0S4QdrYa2+PLEeY2M7aeQe++2nmk= k8s.io/api v0.21.1/go.mod h1:FstGROTmsSHBarKc8bylzXih8BLNYTiS3TZcsoEDg2s= k8s.io/api v0.21.3 h1:cblWILbLO8ar+Fj6xdDGr603HRsf8Wu9E9rngJeprZQ= k8s.io/api v0.21.3/go.mod h1:hUgeYHUbBp23Ue4qdX9tR8/ANi/g3ehylAqDn9NWVOg= @@ -2300,6 +2547,9 @@ k8s.io/apimachinery v0.16.4/go.mod h1:llRdnznGEAqC3DcNm6yEj472xaFVfLM7hnYofMb12t k8s.io/apimachinery v0.19.7/go.mod h1:6sRbGRAVY5DOCuZwB5XkqguBqpqLU6q/kOaOdk29z6Q= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.2/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= +k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= +k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= +k8s.io/apimachinery v0.20.7/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= k8s.io/apimachinery v0.21.1/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= k8s.io/apimachinery v0.21.3 h1:3Ju4nvjCngxxMYby0BimUk+pQHPOQp3eCGChk5kfVII= k8s.io/apimachinery v0.21.3/go.mod h1:H/IM+5vH9kZRNJ4l3x/fXP/5bOPJaVP/guptnZPeCFI= @@ -2307,6 +2557,8 @@ k8s.io/apiserver v0.0.0-20190918160949-bfa5e2e684ad/go.mod h1:XPCXEwhjaFN29a8Nld k8s.io/apiserver v0.16.4/go.mod h1:kbLJOak655g6W7C+muqu1F76u9wnEycfKMqbVaXIdAc= k8s.io/apiserver v0.19.7/go.mod h1:DmWVQggNePspa+vSsVytVbS3iBSDTXdJVt0akfHacKk= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= +k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= +k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q= k8s.io/apiserver v0.21.1/go.mod h1:nLLYZvMWn35glJ4/FZRhzLG/3MPxAaZTgV4FJZdr+tY= k8s.io/cli-runtime v0.21.1 h1:Oj/iZxa7LLXrhzShaLNF4rFJEIEBTDHj0dJw4ra2vX4= k8s.io/cli-runtime v0.21.1/go.mod h1:TI9Bvl8lQWZB2KqE91QLCp9AZE4l29zNFnj/x4IX4Fw= @@ -2315,6 +2567,8 @@ k8s.io/client-go v0.16.4/go.mod h1:ZgxhFDxSnoKY0J0U2/Y1C8obKDdlhGPZwA7oHH863Ok= k8s.io/client-go v0.19.7/go.mod h1:iytGI7S3kmv6bWnn+bSQUE4VlrEi4YFssvVB7J7Hvqg= k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.20.2/go.mod h1:kH5brqWqp7HDxUFKoEgiI4v8G1xzbe9giaCenUWJzgE= +k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= +k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= k8s.io/client-go v0.21.1/go.mod h1:/kEw4RgW+3xnBGzvp9IWxKSNA+lXn3A7AuH3gdOAzLs= k8s.io/client-go v0.21.3 h1:J9nxZTOmvkInRDCzcSNQmPJbDYN/PjlxXT9Mos3HcLg= k8s.io/client-go v0.21.3/go.mod h1:+VPhCgTsaFmGILxR/7E1N0S+ryO010QBeNCv5JwRGYU= @@ -2329,8 +2583,14 @@ k8s.io/component-base v0.16.4/go.mod h1:GYQ+4hlkEwdlpAp59Ztc4gYuFhdoZqiAJD1unYDJ k8s.io/component-base v0.19.7/go.mod h1:YX8spPBgwl3I6UGcSdQiEMAqRMSUsGQOW7SEr4+Qa3U= k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= k8s.io/component-base v0.20.2/go.mod h1:pzFtCiwe/ASD0iV7ySMu8SYVJjCapNM9bjvk7ptpKh0= +k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= +k8s.io/component-base v0.20.6/go.mod h1:6f1MPBAeI+mvuts3sIdtpjljHWBQ2cIy38oBIWMYnrM= k8s.io/component-base v0.21.1 h1:iLpj2btXbR326s/xNQWmPNGu0gaYSjzn7IN/5i28nQw= k8s.io/component-base v0.21.1/go.mod h1:NgzFZ2qu4m1juby4TnrmpR8adRk6ka62YdH5DkIIyKA= +k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= +k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= +k8s.io/cri-api v0.20.4/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= +k8s.io/cri-api v0.20.6/go.mod h1:ew44AjNXwyn1s0U4xCKGodU7J1HzBeZ1MpGrpa5r8Yc= k8s.io/csi-translation-lib v0.19.7/go.mod h1:WghizPQuzuygr2WdpgN2EjcNpDD2V4EAbxFXsgHgSBk= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= @@ -2358,6 +2618,7 @@ k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAG k8s.io/kube-openapi v0.0.0-20210113233702-8566a335510f/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7 h1:vEx13qjvaZ4yfObSSXW7BrMc/KQBBT/Jyee8XtLf4x0= k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE= +k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/legacy-cloud-providers v0.19.7 h1:YJ/l/8/Hn56I9m1cudK8aNypRA/NvI/hYhg8fo/CTus= k8s.io/legacy-cloud-providers v0.19.7/go.mod h1:dsZk4gH9QIwAtHQ8CK0Ps257xlfgoXE3tMkMNhW2xDU= k8s.io/metrics v0.16.4/go.mod h1:dckkfqvaASo+NrzEmp8ST8yCc9hGt7lx9ABAILyDHx8= @@ -2393,6 +2654,7 @@ sigs.k8s.io/structured-merge-diff v1.0.1 h1:LOs1LZWMsz1xs77Phr/pkB4LFaavH7IVq/3+ sigs.k8s.io/structured-merge-diff v1.0.1/go.mod h1:IIgPezJWb76P0hotTxzDbWsMYB8APh18qZnxkomBpxA= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= +sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.0/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.2 h1:Hr/htKFmJEbtMgS/UD0N+gtgctAqz81t3nu+sPzynno= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= From 12530619ce4b74be5b3ab20712556306d146b37a Mon Sep 17 00:00:00 2001 From: Vyankatesh Kudtarkar Date: Wed, 8 Sep 2021 10:42:44 +0530 Subject: [PATCH 33/37] allowing users to skip policy validation when mutating resources (#2365) * allowing users to skip policy validation when mutating resources * fix unit test issue * fix comment --- definitions/crds/kyverno.io_clusterpolicies.yaml | 5 +++++ definitions/crds/kyverno.io_policies.yaml | 5 +++++ definitions/install.yaml | 10 ++++++++++ definitions/install_debug.yaml | 6 ++++++ pkg/api/kyverno/v1/policy_types.go | 5 +++++ pkg/openapi/validation.go | 9 ++++++--- 6 files changed, 37 insertions(+), 3 deletions(-) diff --git a/definitions/crds/kyverno.io_clusterpolicies.yaml b/definitions/crds/kyverno.io_clusterpolicies.yaml index 9790359f14..7040638865 100644 --- a/definitions/crds/kyverno.io_clusterpolicies.yaml +++ b/definitions/crds/kyverno.io_clusterpolicies.yaml @@ -1518,6 +1518,11 @@ spec: type: array type: object type: array + schemaValidation: + description: SchemaValidation skips policy validation checks. Optional. + The default value is set to "true", it must be set to "false" to + disable the validation checks. + type: boolean validationFailureAction: description: ValidationFailureAction controls if a validation policy rule failure should disallow the admission review request (enforce), diff --git a/definitions/crds/kyverno.io_policies.yaml b/definitions/crds/kyverno.io_policies.yaml index b4563b5748..a044c3881a 100644 --- a/definitions/crds/kyverno.io_policies.yaml +++ b/definitions/crds/kyverno.io_policies.yaml @@ -1519,6 +1519,11 @@ spec: type: array type: object type: array + schemaValidation: + description: SchemaValidation skips policy validation checks. Optional. + The default value is set to "true", it must be set to "false" to + disable the validation checks. + type: boolean validationFailureAction: description: ValidationFailureAction controls if a validation policy rule failure should disallow the admission review request (enforce), diff --git a/definitions/install.yaml b/definitions/install.yaml index 930047671d..02639fb6af 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -956,6 +956,11 @@ spec: type: array type: object type: array + schemaValidation: + description: SchemaValidation skips policy validation checks. Optional. + The default value is set to "true", it must be set to "false" to + disable the validation checks. + type: boolean validationFailureAction: description: ValidationFailureAction controls if a validation policy rule failure should disallow the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. The default value is "audit". type: string @@ -2705,6 +2710,11 @@ spec: type: array type: object type: array + schemaValidation: + description: SchemaValidation skips policy validation checks. Optional. + The default value is set to "true", it must be set to "false" to + disable the validation checks. + type: boolean validationFailureAction: description: ValidationFailureAction controls if a validation policy rule failure should disallow the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. The default value is "audit". type: string diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index b8ce17ad23..973e39dcdb 100755 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -943,6 +943,9 @@ spec: type: array type: object type: array + schemaValidation: + description: SchemaValidation skips policy validation checks. Optional.The default value is set to "true", it must be set to "false" to disable the validation checks. + type: boolean validationFailureAction: description: ValidationFailureAction controls if a validation policy rule failure should disallow the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. The default value is "audit". type: string @@ -2664,6 +2667,9 @@ spec: type: array type: object type: array + schemaValidation: + description: SchemaValidation skips policy validation checks. Optional.The default value is set to "true", it must be set to "false" to disable the validation checks. + type: boolean validationFailureAction: description: ValidationFailureAction controls if a validation policy rule failure should disallow the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. The default value is "audit". type: string diff --git a/pkg/api/kyverno/v1/policy_types.go b/pkg/api/kyverno/v1/policy_types.go index 9229358cf4..225e9441dc 100755 --- a/pkg/api/kyverno/v1/policy_types.go +++ b/pkg/api/kyverno/v1/policy_types.go @@ -54,6 +54,11 @@ type Spec struct { // uses variables that are only available in the admission review request (e.g. user name). // +optional Background *bool `json:"background,omitempty" yaml:"background,omitempty"` + + // SchemaValidation skips policy validation checks. + // Optional. The default value is set to "true", it must be set to "false" to disable the validation checks. + // +optional + SchemaValidation *bool `json:"schemaValidation,omitempty" yaml:"schemaValidation,omitempty"` } // Rule defines a validation, mutation, or generation control for matching resources. diff --git a/pkg/openapi/validation.go b/pkg/openapi/validation.go index abffd4a173..9e3867865f 100644 --- a/pkg/openapi/validation.go +++ b/pkg/openapi/validation.go @@ -167,10 +167,13 @@ func (o *Controller) ValidatePolicyMutation(policy v1.ClusterPolicy) error { return err } - err = o.ValidateResource(*patchedResource.DeepCopy(), "", kind) - if err != nil { - return err + if policy.Spec.SchemaValidation == nil || *policy.Spec.SchemaValidation { + err = o.ValidateResource(*patchedResource.DeepCopy(), "", kind) + if err != nil { + return err + } } + } return nil From f5887b49a7275b967fef95031186f03a4d0b7ac3 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Wed, 8 Sep 2021 12:06:14 +0530 Subject: [PATCH 34/37] added condition for all and any while getting the resource Signed-off-by: NoSkillGirl --- pkg/kyverno/common/fetch.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/pkg/kyverno/common/fetch.go b/pkg/kyverno/common/fetch.go index c98738ae87..7cea68b2bb 100644 --- a/pkg/kyverno/common/fetch.go +++ b/pkg/kyverno/common/fetch.go @@ -39,6 +39,30 @@ func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient } resourceTypesMap[kind] = true } + + if rule.MatchResources.Any != nil { + for _, resFilter := range rule.MatchResources.Any { + for _, kind := range resFilter.ResourceDescription.Kinds { + if strings.Contains(kind, "/") { + lastElement := kind[strings.LastIndex(kind, "/")+1:] + resourceTypesMap[lastElement] = true + } + resourceTypesMap[kind] = true + } + } + } + + if rule.MatchResources.All != nil { + for _, resFilter := range rule.MatchResources.All { + for _, kind := range resFilter.ResourceDescription.Kinds { + if strings.Contains(kind, "/") { + lastElement := kind[strings.LastIndex(kind, "/")+1:] + resourceTypesMap[lastElement] = true + } + resourceTypesMap[kind] = true + } + } + } } } From 973d09d0e4944d61c7905b69d5d7af53a7a0d666 Mon Sep 17 00:00:00 2001 From: NoSkillGirl Date: Wed, 8 Sep 2021 13:07:34 +0530 Subject: [PATCH 35/37] seperating the code in different function Signed-off-by: NoSkillGirl --- pkg/kyverno/common/fetch.go | 69 ++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 31 deletions(-) diff --git a/pkg/kyverno/common/fetch.go b/pkg/kyverno/common/fetch.go index 7cea68b2bb..c1368ba27d 100644 --- a/pkg/kyverno/common/fetch.go +++ b/pkg/kyverno/common/fetch.go @@ -32,37 +32,7 @@ func GetResources(policies []*v1.ClusterPolicy, resourcePaths []string, dClient for _, policy := range policies { for _, rule := range policy.Spec.Rules { - for _, kind := range rule.MatchResources.Kinds { - if strings.Contains(kind, "/") { - lastElement := kind[strings.LastIndex(kind, "/")+1:] - resourceTypesMap[lastElement] = true - } - resourceTypesMap[kind] = true - } - - if rule.MatchResources.Any != nil { - for _, resFilter := range rule.MatchResources.Any { - for _, kind := range resFilter.ResourceDescription.Kinds { - if strings.Contains(kind, "/") { - lastElement := kind[strings.LastIndex(kind, "/")+1:] - resourceTypesMap[lastElement] = true - } - resourceTypesMap[kind] = true - } - } - } - - if rule.MatchResources.All != nil { - for _, resFilter := range rule.MatchResources.All { - for _, kind := range resFilter.ResourceDescription.Kinds { - if strings.Contains(kind, "/") { - lastElement := kind[strings.LastIndex(kind, "/")+1:] - resourceTypesMap[lastElement] = true - } - resourceTypesMap[kind] = true - } - } - } + resourceTypesMap = getKindsFromPolicy(rule) } } @@ -301,3 +271,40 @@ func convertResourceToUnstructured(resourceYaml []byte) (*unstructured.Unstructu } return resource, nil } + +// getKindsFromPolicy will return the kinds from policy match block +func getKindsFromPolicy(rule v1.Rule) map[string]bool { + var resourceTypesMap = make(map[string]bool) + for _, kind := range rule.MatchResources.Kinds { + if strings.Contains(kind, "/") { + lastElement := kind[strings.LastIndex(kind, "/")+1:] + resourceTypesMap[lastElement] = true + } + resourceTypesMap[kind] = true + } + + if rule.MatchResources.Any != nil { + for _, resFilter := range rule.MatchResources.Any { + for _, kind := range resFilter.ResourceDescription.Kinds { + if strings.Contains(kind, "/") { + lastElement := kind[strings.LastIndex(kind, "/")+1:] + resourceTypesMap[lastElement] = true + } + resourceTypesMap[kind] = true + } + } + } + + if rule.MatchResources.All != nil { + for _, resFilter := range rule.MatchResources.All { + for _, kind := range resFilter.ResourceDescription.Kinds { + if strings.Contains(kind, "/") { + lastElement := kind[strings.LastIndex(kind, "/")+1:] + resourceTypesMap[lastElement] = true + } + resourceTypesMap[kind] = true + } + } + } + return resourceTypesMap +} From 2a375fa1b5bb024877604c976d9a5ea3078ef35a Mon Sep 17 00:00:00 2001 From: Max Goncharenko Date: Wed, 8 Sep 2021 22:33:41 +0300 Subject: [PATCH 36/37] Remove contains function (#2346) * remove contains function Signed-off-by: Maxim Goncharenko * added test for contains issue case Signed-off-by: Maxim Goncharenko --- pkg/engine/jmespath/functions.go | 25 ------ test/e2e/validate/config.go | 42 +++++++++- test/e2e/validate/resources.go | 70 +++++++++++++++++ test/e2e/validate/validate_test.go | 122 +++++++++++++++++++++++++---- 4 files changed, 218 insertions(+), 41 deletions(-) diff --git a/pkg/engine/jmespath/functions.go b/pkg/engine/jmespath/functions.go index 1614f34df0..1a49c96404 100644 --- a/pkg/engine/jmespath/functions.go +++ b/pkg/engine/jmespath/functions.go @@ -27,7 +27,6 @@ type ( // function names var ( compare = "compare" - contains = "contains" equalFold = "equal_fold" replace = "replace" replaceAll = "replace_all" @@ -35,7 +34,6 @@ var ( toLower = "to_lower" trim = "trim" split = "split" - equals = "equals" regexReplaceAll = "regex_replace_all" regexReplaceAllLiteral = "regex_replace_all_literal" regexMatch = "regex_match" @@ -56,14 +54,6 @@ func getFunctions() []*gojmespath.FunctionEntry { }, Handler: jpfCompare, }, - { - Name: contains, - Arguments: []ArgSpec{ - {Types: []JpType{JpString}}, - {Types: []JpType{JpString}}, - }, - Handler: jpfContains, - }, { Name: equalFold, Arguments: []ArgSpec{ @@ -175,21 +165,6 @@ func jpfCompare(arguments []interface{}) (interface{}, error) { return strings.Compare(a.String(), b.String()), nil } -func jpfContains(arguments []interface{}) (interface{}, error) { - var err error - str, err := validateArg(contains, arguments, 0, reflect.String) - if err != nil { - return nil, err - } - - substr, err := validateArg(contains, arguments, 1, reflect.String) - if err != nil { - return nil, err - } - - return strings.Contains(str.String(), substr.String()), nil -} - func jpfEqualFold(arguments []interface{}) (interface{}, error) { var err error a, err := validateArg(equalFold, arguments, 0, reflect.String) diff --git a/test/e2e/validate/config.go b/test/e2e/validate/config.go index f43d4b6f9a..5210314da6 100644 --- a/test/e2e/validate/config.go +++ b/test/e2e/validate/config.go @@ -1,7 +1,12 @@ package validate -// ValidateTests is E2E Test Config for validation -var ValidateTests = []struct { +import ( + "github.com/kyverno/kyverno/test/e2e" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// FluxValidateTests is E2E Test Config for validation +var FluxValidateTests = []struct { //TestName - Name of the Test TestName string // PolicyRaw - The Yaml file of the ClusterPolicy @@ -28,3 +33,36 @@ var ValidateTests = []struct { MustSucceed: true, }, } + +var podGVR = e2e.GetGVR("", "v1", "pods") + +var ValidateTests = []struct { + //TestDescription - Description of the Test + TestDescription string + // PolicyName - Name of the Policy + PolicyName string + // PolicyRaw - The Yaml file of the ClusterPolicy + PolicyRaw []byte + // ResourceName - Name of the Resource + ResourceName string + // ResourceNamespace - Namespace of the Resource + ResourceNamespace string + // ResourceGVR - GVR of the Resource + ResourceGVR schema.GroupVersionResource + // ResourceRaw - The Yaml file of the ClusterPolicy + ResourceRaw []byte + // MustSucceed - indicates if validation must succeed + MustSucceed bool +}{ + { + // Case for https://github.com/kyverno/kyverno/issues/2345 issue + TestDescription: "checks that contains function works properly with string list", + PolicyName: "drop-cap-net-raw", + PolicyRaw: kyverno_2345_policy, + ResourceName: "test", + ResourceNamespace: "test-validate1", + ResourceGVR: podGVR, + ResourceRaw: kyverno_2345_resource, + MustSucceed: false, + }, +} diff --git a/test/e2e/validate/resources.go b/test/e2e/validate/resources.go index b4056e2cee..861da52d4b 100644 --- a/test/e2e/validate/resources.go +++ b/test/e2e/validate/resources.go @@ -1,5 +1,7 @@ package validate +import "fmt" + // Namespace Description var namespaceYaml = []byte(` apiVersion: v1 @@ -8,6 +10,16 @@ metadata: name: test-validate `) +func newNamespaceYaml(name string) []byte { + ns := fmt.Sprintf(` + apiVersion: v1 + kind: Namespace + metadata: + name: %s + `, name) + return []byte(ns) +} + // Regression: https://github.com/kyverno/kyverno/issues/2043 // Policy: https://github.com/fluxcd/flux2-multi-tenancy/blob/main/infrastructure/kyverno-policies/flux-multi-tenancy.yaml var kyverno_2043_policy = []byte(` @@ -561,3 +573,61 @@ spec: prune: true validation: client `) + +var kyverno_2345_policy = []byte(` +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: drop-cap-net-raw +spec: + validationFailureAction: enforce + background: false + rules: + - name: drop-cap-net-raw + match: + resources: + kinds: + - Pod + validate: + deny: + conditions: + any: + - key: "{{ request.object.spec.containers[].securityContext.capabilities.drop[] | contains(@, 'NET_RAW') }}" + operator: Equals + value: false +`) + +var kyverno_2345_resource = []byte(` +apiVersion: v1 +kind: Pod +metadata: + name: test + namespace: test-validate1 +spec: + initContainers: + - name: jimmy + image: defdasdabian:923 + command: ["/bin/sh", "-c", "sleep infinity"] + securityContext: + capabilities: + drop: + - XXXNET_RAWYYY + - SETUID + containers: + - name: test + image: defdasdabian:923 + command: ["/bin/sh", "-c", "sleep infinity"] + securityContext: + capabilities: + drop: + - XXXNET_RAWYYY + - SETUID + - CAP_FOO_BAR + - name: asdf + image: defdasdabian:923 + command: ["/bin/sh", "-c", "sleep infinity"] + securityContext: + capabilities: + drop: + - CAP_SOMETHING +`) diff --git a/test/e2e/validate/validate_test.go b/test/e2e/validate/validate_test.go index 424d335fa2..52bffe3f30 100644 --- a/test/e2e/validate/validate_test.go +++ b/test/e2e/validate/validate_test.go @@ -8,22 +8,24 @@ import ( "time" "github.com/kyverno/kyverno/test/e2e" + commonE2E "github.com/kyverno/kyverno/test/e2e/common" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + k8sErrors "k8s.io/apimachinery/pkg/api/errors" ) var ( // Cluster Polict GVR - clPolGVR = e2e.GetGVR("kyverno.io", "v1", "clusterpolicies") + policyGVR = e2e.GetGVR("kyverno.io", "v1", "clusterpolicies") // Namespace GVR - nsGVR = e2e.GetGVR("", "v1", "namespaces") + namespaceGVR = e2e.GetGVR("", "v1", "namespaces") // ConfigMap GVR cmGVR = e2e.GetGVR("", "v1", "configmaps") crdGVR = e2e.GetGVR("apiextensions.k8s.io", "v1", "customresourcedefinitions") // ClusterPolicy Namespace - clPolNS = "" + policyNamespace = "" // Namespace Name // Hardcoded in YAML Definition nspace = "test-validate" @@ -31,7 +33,7 @@ var ( crdName = "kustomizations.kustomize.toolkit.fluxcd.io" ) -func Test_Validate_Sets(t *testing.T) { +func Test_Validate_Flux_Sets(t *testing.T) { RegisterTestingT(t) if os.Getenv("E2E") == "" { t.Skip("Skipping E2E Test") @@ -41,21 +43,21 @@ func Test_Validate_Sets(t *testing.T) { e2eClient, err := e2e.NewE2EClient() Expect(err).To(BeNil()) - for _, test := range ValidateTests { + for _, test := range FluxValidateTests { By(fmt.Sprintf("Test to validate objects: \"%s\"", test.TestName)) // Clean up Resources By(fmt.Sprintf("Cleaning Cluster Policies")) - e2eClient.CleanClusterPolicies(clPolGVR) + e2eClient.CleanClusterPolicies(policyGVR) // Clear Namespace By(fmt.Sprintf("Deleting Namespace: \"%s\"", nspace)) - e2eClient.DeleteClusteredResource(nsGVR, nspace) + e2eClient.DeleteClusteredResource(namespaceGVR, nspace) //CleanUp CRDs e2eClient.DeleteClusteredResource(crdGVR, crdName) // Wait Till Deletion of Namespace e2e.GetWithRetry(time.Duration(1*time.Second), 15, func() error { - _, err := e2eClient.GetClusteredResource(nsGVR, nspace) + _, err := e2eClient.GetClusteredResource(namespaceGVR, nspace) if err != nil { return nil } @@ -64,12 +66,12 @@ func Test_Validate_Sets(t *testing.T) { // Create Namespace By(fmt.Sprintf("Creating namespace \"%s\"", nspace)) - _, err = e2eClient.CreateClusteredResourceYaml(nsGVR, namespaceYaml) + _, err = e2eClient.CreateClusteredResourceYaml(namespaceGVR, namespaceYaml) Expect(err).NotTo(HaveOccurred()) // Create policy - By(fmt.Sprintf("Creating policy in \"%s\"", clPolNS)) - _, err = e2eClient.CreateNamespacedResourceYaml(clPolGVR, clPolNS, test.PolicyRaw) + By(fmt.Sprintf("Creating policy in \"%s\"", policyNamespace)) + _, err = e2eClient.CreateNamespacedResourceYaml(policyGVR, policyNamespace, test.PolicyRaw) Expect(err).NotTo(HaveOccurred()) // Create Flux CRD @@ -101,16 +103,16 @@ func Test_Validate_Sets(t *testing.T) { } //CleanUp Resources - e2eClient.CleanClusterPolicies(clPolGVR) + e2eClient.CleanClusterPolicies(policyGVR) //CleanUp CRDs e2eClient.DeleteClusteredResource(crdGVR, crdName) // Clear Namespace - e2eClient.DeleteClusteredResource(nsGVR, nspace) + e2eClient.DeleteClusteredResource(namespaceGVR, nspace) // Wait Till Deletion of Namespace e2e.GetWithRetry(time.Duration(1*time.Second), 15, func() error { - _, err := e2eClient.GetClusteredResource(nsGVR, nspace) + _, err := e2eClient.GetClusteredResource(namespaceGVR, nspace) if err != nil { return nil } @@ -120,3 +122,95 @@ func Test_Validate_Sets(t *testing.T) { By(fmt.Sprintf("Test %s Completed \n\n\n", test.TestName)) } } + +func TestValidate(t *testing.T) { + RegisterTestingT(t) + if os.Getenv("E2E") == "" { + t.Skip("Skipping E2E Test") + } + + e2eClient, err := e2e.NewE2EClient() + Expect(err).To(BeNil()) + + for _, test := range ValidateTests { + By(fmt.Sprintf("Mutation Test: %s", test.TestDescription)) + + By("Deleting Cluster Policies...") + _ = e2eClient.CleanClusterPolicies(policyGVR) + + By("Deleting Resource...") + _ = e2eClient.DeleteNamespacedResource(test.ResourceGVR, test.ResourceNamespace, test.ResourceName) + + By("Deleting Namespace...") + By(fmt.Sprintf("Deleting Namespace: %s...", test.ResourceNamespace)) + _ = e2eClient.DeleteClusteredResource(namespaceGVR, test.ResourceNamespace) + + By("Wait Till Deletion of Namespace...") + err = e2e.GetWithRetry(1*time.Second, 15, func() error { + _, err := e2eClient.GetClusteredResource(namespaceGVR, test.ResourceNamespace) + if err != nil { + return nil + } + return fmt.Errorf("failed to delete namespace: %v", err) + }) + Expect(err).NotTo(HaveOccurred()) + + By(fmt.Sprintf("Creating Namespace: %s...", policyNamespace)) + _, err = e2eClient.CreateClusteredResourceYaml(namespaceGVR, newNamespaceYaml(test.ResourceNamespace)) + Expect(err).NotTo(HaveOccurred()) + + By("Wait Till Creation of Namespace...") + err = e2e.GetWithRetry(1*time.Second, 15, func() error { + _, err := e2eClient.GetClusteredResource(namespaceGVR, test.ResourceNamespace) + if err != nil { + return err + } + + return nil + }) + Expect(err).NotTo(HaveOccurred()) + + By("Creating Policy...") + _, err = e2eClient.CreateNamespacedResourceYaml(policyGVR, policyNamespace, test.PolicyRaw) + Expect(err).NotTo(HaveOccurred()) + + err = commonE2E.PolicyCreated(test.PolicyName) + Expect(err).NotTo(HaveOccurred()) + + By("Creating Resource...") + _, err = e2eClient.CreateNamespacedResourceYaml(test.ResourceGVR, test.ResourceNamespace, test.ResourceRaw) + + statusErr, ok := err.(*k8sErrors.StatusError) + validationError := (ok && statusErr.ErrStatus.Code == 400) // Validation error is always Bad Request + + if test.MustSucceed || !validationError { + Expect(err).NotTo(HaveOccurred()) + } else { + Expect(err).To(HaveOccurred()) + } + + By("Deleting Cluster Policies...") + err = e2eClient.CleanClusterPolicies(policyGVR) + Expect(err).NotTo(HaveOccurred()) + + By("Deleting Resource...") // if it is present, so ignore an error + e2eClient.DeleteNamespacedResource(test.ResourceGVR, test.ResourceNamespace, test.ResourceName) + + By("Deleting Namespace...") + err = e2eClient.DeleteClusteredResource(namespaceGVR, test.ResourceNamespace) + Expect(err).NotTo(HaveOccurred()) + + By("Wait Till Creation of Namespace...") + e2e.GetWithRetry(1*time.Second, 15, func() error { + _, err := e2eClient.GetClusteredResource(namespaceGVR, test.ResourceNamespace) + if err != nil { + return nil + } + return fmt.Errorf("failed to delete namespace: %v", err) + }) + + // Do not fail if waiting fails. Sometimes namespace needs time to be deleted. + + By("Done") + } +} From dfd9a8d604c34da3d4bf67ff4c7dc746265e3442 Mon Sep 17 00:00:00 2001 From: Naman Lakhwani Date: Thu, 9 Sep 2021 06:51:56 +0530 Subject: [PATCH 37/37] networkPolicy customization (#2334) * networkpolicy customization Signed-off-by: Namanl2001 * allow configuring matchLabels, added metrics-port Signed-off-by: Namanl2001 * check metricsService.create Signed-off-by: Namanl2001 --- charts/kyverno/templates/networkpolicy.yaml | 21 +++++++++++++++++++++ charts/kyverno/values.yaml | 4 ++++ 2 files changed, 25 insertions(+) diff --git a/charts/kyverno/templates/networkpolicy.yaml b/charts/kyverno/templates/networkpolicy.yaml index fc06011409..71c8e15cec 100644 --- a/charts/kyverno/templates/networkpolicy.yaml +++ b/charts/kyverno/templates/networkpolicy.yaml @@ -14,7 +14,28 @@ spec: - Ingress ingress: - from: + {{- with .Values.networkPolicy }} + namespaceSelector: + matchExpressions: + {{- toYaml .namespaceExpressions | nindent 8 }} + matchLabels: + {{- range $key, $value := .namespaceLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + podSelector: + matchExpressions: + {{- toYaml .podExpressions | nindent 8 }} + matchLabels: + {{- range $key, $value := .podLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} ports: - protocol: TCP port: 9443 # webhook access + # Allow prometheus scrapes for metrics + {{- if .Values.metricsService.create }} + - ports: + - port: {{ .Values.metricsService.port }} + {{- end }} {{- end }} diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index cf3cd40e07..1a6d8cf46d 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -218,3 +218,7 @@ createSelfSignedCert: false # policies in a default-deny setup. networkPolicy: enabled: false + namespaceExpressions: [{}] + namespaceLabels: {} + podExpressions: [{}] + podLabels: {}