airship/airshipctl
Code Issues Proposed changes

Encrypt and decrypt using sops

Browse Source 
Design document: https://docs.google.com/document/d/1EjiCuXoiy8DEEXe15KxVJ4iWrwogCyG113_0LdzcWzQ/edit?usp=drive_web&ouid=102644738301620637153

Demo readme: https://hackmd.io/@WE7PUWXBRVeQJzCZkXkOLw/ryoW-aOLv

This patchset comprises of:
- package library to interact with sops
- integrate airshipctl encrypt/decrypt with sops

Change-Id: I2ca3ff3c8661d146708084728cb3f87365a4f39e
This commit is contained in:
uday.ruddarraju 2020-09-09 02:09:25 -07:00
parent 0d036ba097
commit 9a608de653
34 changed files with 1498 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cmd/secret/decrypt/decrypt.go
View File

@ -18,8 +18,8 @@ import (
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/errors"
"opendev.org/airship/airshipctl/pkg/log"
"opendev.org/airship/airshipctl/pkg/secret"
)
const (
@ -38,23 +38,29 @@ airshipctl secret decrypt \
)
// NewDecryptCommand creates a new command for decrypting encrypted secrets in the manifests
func NewDecryptCommand(_ config.Factory) *cobra.Command {
var srcPath, dstPath string
func NewDecryptCommand(cfgFactory config.Factory) *cobra.Command {
var srcPath, dstPath, kubeconfig string
decryptCmd := &cobra.Command{
Use: "decrypt",
Short: decryptShort[1:],
Example: decryptExample,
RunE: func(cmd *cobra.Command, args []string) error {
// TODO: Need to integrate with business logic to decrypt with sops
return errors.ErrNotImplemented{What: "secret encryption/decryption"}
airshipConfig, err := cfgFactory()
if err != nil {
return err
}
return secret.Decrypt(airshipConfig, kubeconfig, srcPath, dstPath)
},
}
decryptCmd.Flags().StringVar(&srcPath, "src", "",
`Path to the file or directory that has secrets in encrypted text that need to be decrypted. `+
`Defaults to the manifest location in airship config`)
decryptCmd.Flags().StringVar(&dstPath, "dst", "",
"Path to the file or directory to store decrypted secrets. Defaults to src if empty.")
decryptCmd.Flags().StringVar(&kubeconfig, "kubeconfig", "",
"Path to kubeconfig associated with cluster being managed")
err := decryptCmd.MarkFlagRequired("dst")
if err != nil {

7
cmd/secret/decrypt/testdata/TestDecryptGoldenOutput/decrypt-cmd-cmd-with-help.golden vendored
View File

@ -15,6 +15,7 @@ airshipctl secret decrypt \
Flags:
--dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
-h, --help help for decrypt
--src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config
--dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
-h, --help help for decrypt
--kubeconfig string Path to kubeconfig associated with cluster being managed
--src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config

15
cmd/secret/encrypt/encrypt.go
View File

@ -18,8 +18,8 @@ import (
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/errors"
"opendev.org/airship/airshipctl/pkg/log"
"opendev.org/airship/airshipctl/pkg/secret"
)
const (
@ -38,22 +38,29 @@ airshipctl secret encrypt \
)
// NewEncryptCommand creates a new command for encrypting plain text secrets using sops
func NewEncryptCommand(_ config.Factory) *cobra.Command {
var srcPath, dstPath string
func NewEncryptCommand(cfgFactory config.Factory) *cobra.Command {
var srcPath, dstPath, kubeconfig string
encryptCmd := &cobra.Command{
Use: "encrypt",
Short: encryptShort[1:],
Example: encryptExample,
RunE: func(cmd *cobra.Command, args []string) error {
return errors.ErrNotImplemented{What: "secret encryption/decryption"}
airshipConfig, err := cfgFactory()
if err != nil {
return err
}
return secret.Encrypt(airshipConfig, kubeconfig, srcPath, dstPath)
},
}
encryptCmd.Flags().StringVar(&srcPath, "src", "",
`Path to the file or directory that has secrets in plaintext that need to be encrypted. `+
`Defaults to the manifest location in airship config`)
encryptCmd.Flags().StringVar(&dstPath, "dst", "",
"Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.")
encryptCmd.Flags().StringVar(&kubeconfig, "kubeconfig", "",
"Path to kubeconfig associated with cluster being managed")
err := encryptCmd.MarkFlagRequired("dst")
if err != nil {

7
cmd/secret/encrypt/testdata/TestDecryptGoldenOutput/encrypt-cmd-cmd-with-help.golden vendored
View File

@ -15,6 +15,7 @@ airshipctl secret encrypt \
Flags:
--dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
-h, --help help for encrypt
--src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config
--dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
-h, --help help for encrypt
--kubeconfig string Path to kubeconfig associated with cluster being managed
--src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config

7
docs/source/cli/airshipctl_secret_decrypt.md
View File

@ -27,9 +27,10 @@ airshipctl secret decrypt \
### Options
```
--dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
-h, --help help for decrypt
--src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config
--dst string Path to the file or directory to store decrypted secrets. Defaults to src if empty.
-h, --help help for decrypt
--kubeconfig string Path to kubeconfig associated with cluster being managed
--src string Path to the file or directory that has secrets in encrypted text that need to be decrypted. Defaults to the manifest location in airship config
```
### Options inherited from parent commands

7
docs/source/cli/airshipctl_secret_encrypt.md
View File

@ -27,9 +27,10 @@ airshipctl secret encrypt \
### Options
```
--dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
-h, --help help for encrypt
--src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config
--dst string Path to the file or directory that has encrypted secrets for decryption. Defaults to src if empty.
-h, --help help for encrypt
--kubeconfig string Path to kubeconfig associated with cluster being managed
--src string Path to the file or directory that has secrets in plaintext that need to be encrypted. Defaults to the manifest location in airship config
```
### Options inherited from parent commands

7
go.mod
View File

@ -7,12 +7,10 @@ require (
github.com/Masterminds/goutils v1.1.0 // indirect
github.com/Masterminds/semver v1.5.0 // indirect
github.com/Masterminds/sprig v2.22.0+incompatible
github.com/Microsoft/go-winio v0.4.14 // indirect
github.com/chai2010/gettext-go v0.0.0-20170215093142-bf70f2a70fb1 // indirect
github.com/cheggaaa/pb/v3 v3.0.4
github.com/containerd/containerd v1.4.1 // indirect
github.com/docker/docker v1.4.2-0.20200203170920-46ec8731fbce
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c // indirect
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f // indirect
github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f // indirect
@ -25,14 +23,13 @@ require (
github.com/gopherjs/gopherjs v0.0.0-20191106031601-ce3c9ade29de // indirect
github.com/gorilla/mux v1.7.4 // indirect
github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect
github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
github.com/huandu/xstrings v1.3.1 // indirect
github.com/mitchellh/copystructure v1.0.0 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/opencontainers/image-spec v1.0.1 // indirect
github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.0.0
github.com/stretchr/testify v1.6.1
go.mozilla.org/sops/v3 v3.6.0
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
k8s.io/api v0.17.9
k8s.io/apiextensions-apiserver v0.17.9
k8s.io/apimachinery v0.17.9

162
go.sum
View File

@ -2,6 +2,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
cloud.google.com/go v0.43.0 h1:banaiRPAM8kUVYneOSkhgcDsLzEvL25FinuiSZaH/2w=
cloud.google.com/go v0.43.0/go.mod h1:BOSR3VbTLkk6FDC/TcffxP4NF/FFBGA5ku+jvKOP7pg=
cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
@ -10,20 +12,26 @@ cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA=
github.com/360EntSecGroup-Skylar/excelize v1.4.1/go.mod h1:vnax29X2usfl7HHkBrX5EvSCJcmH3dT9luvxzu8iGAE=
github.com/Azure/azure-sdk-for-go v31.2.0+incompatible h1:kZFnTLmdQYNGfakatSivKHUfUnDZhqNdchHD4oIhp5k=
github.com/Azure/azure-sdk-for-go v31.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.9.0 h1:MRvx8gncNaXJqOoLmhNjUAKh33JJF8LyxPhomEtOsjs=
github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg=
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
github.com/Azure/go-autorest/autorest v0.11.7 h1:lHnVA0bNUzUw2tYgGiwmOrlBi/VgmaTYfMbsww/7o2A=
github.com/Azure/go-autorest/autorest v0.11.7/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
github.com/Azure/go-autorest/autorest/adal v0.5.0 h1:q2gDruN08/guU9vAjuPWff0+QIrpH6ediguzdAzXAUU=
github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E=
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
github.com/Azure/go-autorest/autorest/adal v0.9.4 h1:1/DtH4Szusk4psLBrJn/gocMRIf1ji30WAz3GfyULRQ=
github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE=
github.com/Azure/go-autorest/autorest/date v0.1.0 h1:YGrhWfrgtFs84+h0o46rJrlmsZtyZRg470CqAXTZaGM=
github.com/Azure/go-autorest/autorest/azure/auth v0.1.0 h1:YgO/vSnJEc76NLw2ecIXvXa8bDWiqf1pOJzARAoZsYU=
github.com/Azure/go-autorest/autorest/azure/auth v0.1.0/go.mod h1:Gf7/i2FUpyb/sGBLIFxTBzrNzBo7aPXXE3ZVeDRwdpM=
github.com/Azure/go-autorest/autorest/azure/cli v0.1.0 h1:YTtBrcb6mhA+PoSW8WxFDoIIyjp13XqJeX80ssQtri4=
github.com/Azure/go-autorest/autorest/azure/cli v0.1.0/go.mod h1:Dk8CUAt/b/PzkfeRsWzVG9Yj3ps8mS8ECztu43rdU8U=
github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
@ -31,11 +39,14 @@ github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxB
github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/logger v0.1.0 h1:ruG4BSDXONFRrZZJ2GUXDiUyVpayPmb1GnWeHDdaNKY=
github.com/Azure/go-autorest/autorest/to v0.3.0 h1:zebkZaadz7+wIQYgC7GXaz3Wb28yKYfVkkBKwc38VF8=
github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
github.com/Azure/go-autorest/autorest/validation v0.2.0 h1:15vMO4y76dehZSq7pAaOLQxC6dZYsSrj2GQpflyM/L4=
github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI=
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
github.com/Azure/go-autorest/logger v0.2.0 h1:e4RVHVZKC5p6UANLJHkM4OfR1UKZPj8Wt8Pcx+3oqrE=
github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
github.com/Azure/go-autorest/tracing v0.5.0 h1:TRn4WjSnkcSy5AEG3pnbtFSwNtwzjr4VYyQflFE619k=
github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88=
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
@ -54,6 +65,8 @@ github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuN
github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
github.com/PuerkitoBio/goquery v1.5.0/go.mod h1:qD2PgZ9lccMbQlc7eEOjaeRlFQON7xY8kdmcsrnKqMg=
@ -64,6 +77,8 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
@ -80,11 +95,16 @@ github.com/andybalholm/cascadia v1.0.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9Pq
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/aws/aws-sdk-go v1.23.13 h1:l/NG+mgQFRGG3dsFzEj0jw9JIs/zYdtU6MXhY1WIDmM=
github.com/aws/aws-sdk-go v1.23.13/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@ -99,6 +119,9 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb
github.com/bombsimon/wsl v1.2.5/go.mod h1:43lEF/i0kpXbLCeDXL9LMT8c92HyBywXb0AsgMHYngM=
github.com/caddyserver/caddy v1.0.3/go.mod h1:G+ouvOY32gENkJC+jhgl62TyhvqEsFaDiZ4uw0RzP1E=
github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
@ -117,6 +140,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
github.com/containerd/containerd v1.4.1 h1:pASeJT3R3YyVn+94qEPk0SnU1OQ20Jd/T+SPKy9xehY=
github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/coredns/corefile-migration v1.0.10/go.mod h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI=
github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@ -145,6 +170,8 @@ github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4=
github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
@ -164,6 +191,9 @@ github.com/drone/envsubst v1.0.3-0.20200709223903-efdb65b94e5a/go.mod h1:N2jZmlM
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustmop/soup v1.1.2-0.20190516214245-38228baa104e/go.mod h1:CgNC6SGbT+Xb8wGGvzilttZL1mc5sQ/5KkcxsZttMIk=
github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f h1:8GDPb0tCY8LQ+OJ3dbHb5sA6YZWXFORQYZx5sdsTlMs=
github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
@ -177,7 +207,6 @@ github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M=
github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@ -186,6 +215,7 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM
github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
@ -193,7 +223,6 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 h1:Mn26/9ZMNWSw9C9ERFA1PUxfmGpolnw2v0bKOREu5ew=
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
@ -215,12 +244,12 @@ github.com/go-git/go-git/v5 v5.0.0 h1:k5RWPm4iJwYtfWoxIJy4wJX9ON7ihPeZZYC1fLYDnp
github.com/go-git/go-git/v5 v5.0.0/go.mod h1:oYD8y9kWsGINPFJoLdaScGCN6dlKg23blmClfZwtUVA=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-logr/zapr v0.1.0 h1:h+WVe9j6HAA01niTJPA/kKH0i7e0rLZBCwauQFcRE54=
github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk=
github.com/go-logr/zapr v0.1.1 h1:qXBXPDdNncunGs7XeEpsJt8wCjYBygluzfdLO0G5baE=
github.com/go-logr/zapr v0.1.1/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk=
@ -276,6 +305,7 @@ github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2K
github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
github.com/go-openapi/validate v0.19.8/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
github.com/go-toolsmith/astequal v0.0.0-20180903214952-dcb477bfacd6/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
@ -294,6 +324,7 @@ github.com/gobuffalo/flect v0.2.2/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20j
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
@ -312,7 +343,6 @@ github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+
github.com/golang/protobuf v1.0.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
@ -321,6 +351,9 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0=
@ -345,7 +378,6 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.4.1 h1:/exdXoGamhu5ONeUJH0deniYLWYvQwW66yvlfiiKTu0=
github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@ -363,29 +395,35 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf/go.mod h1:RpwtwJQFrIEPstU94h88MWPXP2ektJZ8cZ0YntAmXiE=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/googleapis/gnostic v0.3.1 h1:WeAefnSUHlBb0iJKwxFDZdbfGwkd7xRNuV+IpXMJhYk=
github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU=
github.com/gophercloud/gophercloud v0.1.0 h1:P/nh25+rzXouhytV2pUHBb65fnds26Ghl8/391+sT5o=
github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
github.com/gophercloud/gophercloud v0.6.0 h1:Xb2lcqZtml1XjgYZxbeayEemq7ASbeTp09m36gQFpEU=
github.com/gophercloud/gophercloud v0.6.0/go.mod h1:GICNByuaEBibcjmjvI7QvYJSZEbGkcYwAR7EZK2WMqM=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/gopherjs v0.0.0-20191106031601-ce3c9ade29de h1:F7WD09S8QB4LrkEpka0dFPLSotH11HRpCsLIbIcJ7sU=
github.com/gopherjs/gopherjs v0.0.0-20191106031601-ce3c9ade29de/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc=
github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
github.com/gotestyourself/gotestyourself v2.2.0+incompatible h1:AQwinXlbQR2HvPjQZOmDhRqsv5mZf+Jb1RnSLxcqZcI=
github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=
github.com/goware/prefixer v0.0.0-20160118172347-395022866408 h1:Y9iQJfEqnN3/Nce9cOegemcy/9Ai5k3huT6E80F3zaw=
github.com/goware/prefixer v0.0.0-20160118172347-395022866408/go.mod h1:PE1ycukgRPJ7bJ9a1fdfQ9j8i/cEcRAoLZzbxYpNB/s=
github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc h1:f8eY6cV/x1x+HLjOp4r72s/31/V2aTUtg5oKRRPf8/Q=
@ -395,15 +433,31 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmg
github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.3.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/hashicorp/go-cleanhttp v0.5.0 h1:wvCrVc9TjDls6+YGAF2hAifE1E5U1+b4tH6KdvN3Gig=
github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o=
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY=
github.com/hashicorp/go-retryablehttp v0.5.4 h1:1BZvpawXoJCWX6pNtow9+rpEj+3itIlutiqnntI6jOE=
github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
github.com/hashicorp/go-rootcerts v1.0.1 h1:DMo4fmknnz0E0evoNYnV48RjWndOsmd6OW+09R3cEP8=
github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-version v1.1.0 h1:bPIoEKD27tNdebFGGxxYwcL4nepeY4j1QP23PFRGzg0=
github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.0.0-20180201235237-0fb14efe8c47/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@ -413,7 +467,14 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
github.com/hashicorp/vault/api v1.0.4 h1:j08Or/wryXT4AcHj1oCbMd7IijXcKzYUGw59LGu9onU=
github.com/hashicorp/vault/api v1.0.4/go.mod h1:gDcqh3WGcR1cpF5AJz/B1UFheUEneMoIospckxBxk6Q=
github.com/hashicorp/vault/sdk v0.1.13 h1:mOEPeOhT7jl0J4AMl1E705+BcmeRs1VmKNb9F0sMLy8=
github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M=
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c h1:kQWxfPIHVLbgLzphqk3QUflDy9QdksZR4ygR807bpy0=
github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs=
github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@ -427,13 +488,14 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jimstudt/http-authentication v0.0.0-20140401203705-3eca13d6893a/go.mod h1:wK6yTYYcgjHE1Z1QtXACPDjcFJyBskHEdagmnq3vsP8=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jonboulle/clockwork v0.1.0 h1:VKV+ZcuP6l3yW9doeqz6ziZGgcynBVQO+obU0+0hcPo=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns=
github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@ -463,6 +525,7 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
@ -488,6 +551,7 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
@ -501,12 +565,14 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0j
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk=
github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0=
github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
@ -525,6 +591,8 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/mozilla-services/yaml v0.0.0-20191106225358-5c216288813c h1:yE1NxRAZA3wF0laDWECtOe2J0tFjSHUI6MXXbMif+QY=
github.com/mozilla-services/yaml v0.0.0-20191106225358-5c216288813c/go.mod h1:Is/Ucts/yU/mWyGR8yELRoO46mejouKsJfQLAIfTR18=
github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
@ -537,11 +605,13 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWb
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.4.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ=
@ -550,17 +620,23 @@ github.com/onsi/ginkgo v1.13.0 h1:M76yO2HkZASFjXL0HSoZJ1AYEmQxNJmY41Jx1zNUq1Y=
github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.3.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y=
github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
github.com/ory/dockertest v3.3.4+incompatible h1:VrpM6Gqg7CrPm3bL4Wm1skO+zFWLbh7/Xb5kGEbJRh8=
github.com/ory/dockertest v3.3.4+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs=
github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/paulmach/orb v0.1.3/go.mod h1:VFlX/8C+IQ1p6FTRRKzKoOPJnvEtA5G0Veuqwbu//Vk=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
@ -568,6 +644,8 @@ github.com/pelletier/go-toml v1.6.0 h1:aetoXYr0Tv7xRU/V4B4IZJ2QcbtMUFoNb3ORp7TzI
github.com/pelletier/go-toml v1.6.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I=
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@ -575,29 +653,33 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.5.1 h1:bdHYieyGlH+6OLEk2YQha8THib30KP0/yD0YH9m6xcA=
github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U=
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8=
github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
github.com/prometheus/procfs v0.0.11 h1:DhHlBtkHWPYi8O2y31JkK0TF+DGM+51OopZjH/Ia5qI=
github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
@ -605,6 +687,7 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T
github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d h1:K6eOUihrFLdZjZnA4XlRp864fmWXv9YTIk7VPLhRacA=
github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA=
github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc=
@ -614,6 +697,9 @@ github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNue
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw=
github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
@ -633,6 +719,7 @@ github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v0.0.0-20190710185942-9d28bd7c0945/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/soheilhy/cmux v0.1.3/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@ -706,7 +793,14 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mI
go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a h1:N7VD+PwpJME2ZfQT8+ejxwA4Ow10IkGbU0MGf94ll8k=
go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a/go.mod h1:YDKUvO0b//78PaaEro6CAPH6NqohCmL2Cwju5XI2HoE=
go.mozilla.org/sops/v3 v3.6.0 h1:V+RjhX96enZY9a5iVP/r60lLABq8/8Pv2Fybh10Np3g=
go.mozilla.org/sops/v3 v3.6.0/go.mod h1:X8YOCEZzMFL0p28vkqtn3gW2eFt+dDUt7HwKXGvcXvA=
go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.starlark.net v0.0.0-20190528202925-30ae18b8564f/go.mod h1:c1/X6cHgvdXj6pUlmWKMkuqRnW4K8x2vwt6JAaaircg=
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc=
@ -730,14 +824,15 @@ golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnf
golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM=
golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@ -784,13 +879,13 @@ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190812203447-cdfb69ac37fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dDLfdtbT/IVn4keq83P0=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@ -809,13 +904,16 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180117170059-2c42eef0765b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -823,6 +921,7 @@ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5h
golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -841,7 +940,6 @@ golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -852,7 +950,7 @@ golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fq
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20171227012246-e19ae1496984/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@ -863,6 +961,7 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqG
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -905,9 +1004,12 @@ gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3m
gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.7.0 h1:9sdfJOzWlkqPltHAuzT2Cp+yrBeY1KRVYgms8soxMwM=
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/api v0.9.0 h1:jbyannxz0XFD3zdjgrSUsaJbgpH4eTrkdhRChkHPfO8=
google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@ -917,18 +1019,25 @@ google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuh
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190716160619-c506a9f90610/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51 h1:Ex1mq5jaJof+kRnYi3SlYJ8KKa9Ao3NHyIT5XJ1gF6U=
google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.26.0 h1:2dTRdpdFEEhJYQD8EMLB61nnrzSCTbG38PhqdhvOltg=
@ -941,6 +1050,7 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@ -953,14 +1063,19 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/mcuadros/go-syslog.v2 v2.2.1/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/urfave/cli.v1 v1.20.0 h1:NdAVW6RYxDif9DhDHaAortIu956m2c0v+09AZBPTbE0=
gopkg.in/urfave/cli.v1 v1.20.0/go.mod h1:vuBzUtMdQeixQj8LVd+/98pzhxNGQoyuPBlsXHOQNO0=
gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
@ -969,7 +1084,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@ -980,17 +1094,16 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
k8s.io/api v0.0.0-20190918155943-95b840bb6a1f/go.mod h1:uWuOHnjmNrtQomJrvEBg0c0HRNyQ+8KTEERVsK0PW48=
k8s.io/api v0.0.0-20191214185829-ca1d04f8b0d3/go.mod h1:itOjKREfmUTvcjantxOsyYU5mbFsU7qUnyUuRfF5+5M=
k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4=
k8s.io/api v0.17.4 h1:HbwOhDapkguO8lTAE8OX3hdF2qp8GtpC9CW/MQATXXo=
k8s.io/api v0.17.4/go.mod h1:5qxx6vjmwUVG2nHQTKGlLts8Tbok8PzHl4vHtVFuZCA=
k8s.io/api v0.17.9 h1:BA/U8qtSNzx7BbmQy3lODbCxVMKGNUpBJ2fjsKt6OOY=
k8s.io/api v0.17.9/go.mod h1:avJJAA1fSV6tnbCGW2K+S+ilDFW7WpNr5BScoiZ1M1U=
@ -1003,7 +1116,6 @@ k8s.io/apimachinery v0.0.0-20191214185652-442f8fb2f03a/go.mod h1:Ng1IY8TS7sC44KJ
k8s.io/apimachinery v0.0.0-20191216025728-0ee8b4573e3a/go.mod h1:Ng1IY8TS7sC44KJxT/WUR6qFRfWwahYYYpNXyYRKOCY=
k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
k8s.io/apimachinery v0.17.4 h1:UzM+38cPUJnzqSQ+E1PY4YxMHIzQyCg29LOoGfo79Zw=
k8s.io/apimachinery v0.17.4/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g=
k8s.io/apimachinery v0.17.9 h1:knQxNgMu57Oxlm12J6DS375kmGMeuWV0VNzRRUBB2Yk=
k8s.io/apimachinery v0.17.9/go.mod h1:Lg8zZ5iC/O8UjCqW6DNhcQG2m4TdjF9kwG3891OWbbA=

22
pkg/config/config.go
View File

@ -468,6 +468,18 @@ func (c *Config) GetEncryptionConfigs() []*EncryptionConfig {
return encryptionConfigs
}
// GetEncryptionConfig returns encryption configs associated with name
// Returns error if no encryption config with name is found
func (c *Config) GetEncryptionConfig(name string) (*EncryptionConfig, error) {
encryptionConfig, exists := c.EncryptionConfigs[name]
if !exists {
return nil, ErrEncryptionConfigurationNotFound{
Name: fmt.Sprintf("Encryption Config with name '%s'", name),
}
}
return encryptionConfig, nil
}
// AddEncryptionConfig creates a new encryption config
func (c *Config) AddEncryptionConfig(options *EncryptionConfigOptions) *EncryptionConfig {
encryptionConfig := &EncryptionConfig{
@ -525,6 +537,16 @@ func (c *Config) CurrentContextManagementConfig() (*ManagementConfiguration, err
return managementCfg, nil
}
// CurrentContextEncryptionConfig returns the encryption config for the current context
func (c *Config) CurrentContextEncryptionConfig() (*EncryptionConfig, error) {
currentContext, err := c.GetCurrentContext()
if err != nil {
return nil, err
}
return c.GetEncryptionConfig(currentContext.EncryptionConfig)
}
// Purge removes the config file
func (c *Config) Purge() error {
return os.Remove(c.loadedConfigPath)

42
pkg/config/config_test.go
View File

@ -201,6 +201,23 @@ func TestCurrentContextManagementConfig(t *testing.T) {
assert.Equal(t, conf.ManagementConfiguration[defaultString], managementConfig)
}
func TestCurrentContextEncryptionConfig(t *testing.T) {
conf, cleanup := testutil.InitConfig(t)
defer cleanup(t)
defaultEncryptionConfig, err := conf.CurrentContextEncryptionConfig()
require.Error(t, err)
assert.Nil(t, defaultEncryptionConfig)
conf.CurrentContext = currentContextName
conf.Contexts[currentContextName].EncryptionConfig = defaultString
conf.EncryptionConfigs[defaultString] = defaultEncryptionConfig
currentContextEncryptionConfig, err := conf.CurrentContextEncryptionConfig()
require.NoError(t, err)
assert.Equal(t, conf.EncryptionConfigs[defaultString], currentContextEncryptionConfig)
}
func TestPurge(t *testing.T) {
conf, cleanup := testutil.InitConfig(t)
defer cleanup(t)
@ -486,6 +503,31 @@ func TestGetDefaultEncryptionConfigs(t *testing.T) {
assert.Equal(t, 0, len(encryptionConfigs))
}
func TestGetNonExistingEncryptionConfig(t *testing.T) {
conf, cleanup := testutil.InitConfig(t)
defer cleanup(t)
encryptionConfig, err := conf.GetEncryptionConfig("test")
require.Nil(t, encryptionConfig)
assert.Error(t, err)
}
func TestGetEncryptionConfig(t *testing.T) {
conf, cleanup := testutil.InitConfig(t)
defer cleanup(t)
eco := testutil.DummyEncryptionConfigOptions()
encryptionConfig := conf.AddEncryptionConfig(eco)
require.NotNil(t, encryptionConfig)
encryptionConfig, err := conf.GetEncryptionConfig(eco.Name)
assert.NoError(t, err)
assert.Equal(t, eco.DecryptionKeyPath, encryptionConfig.DecryptionKeyPath)
assert.Equal(t, eco.EncryptionKeyPath, encryptionConfig.EncryptionKeyPath)
assert.Equal(t, eco.KeySecretNamespace, encryptionConfig.KeySecretNamespace)
assert.Equal(t, eco.KeySecretName, encryptionConfig.KeySecretName)
}
func TestModifyEncryptionConfigs(t *testing.T) {
conf, cleanup := testutil.InitConfig(t)
defer cleanup(t)

105
pkg/secret/decrypt.go Normal file
View File

@ -0,0 +1,105 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secret
import (
"os"
"path/filepath"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/document"
"opendev.org/airship/airshipctl/pkg/k8s/client"
kcfg "opendev.org/airship/airshipctl/pkg/k8s/kubeconfig"
"opendev.org/airship/airshipctl/pkg/phase"
"opendev.org/airship/airshipctl/pkg/secret/sops"
)
// Decrypt decrypts all encrypted files in the srcPath and writes plain text files into dstPath
func Decrypt(airconfig *config.Config, kubeconfig string,
srcPath string, dstPath string) error {
var cleanup kcfg.Cleanup
var err error
if kubeconfig == "" {
kubeConfig := kcfg.NewBuilder().Build()
kubeconfig, cleanup, err = kubeConfig.GetFile()
if err != nil {
// ignore error here and return an error later if encryption
// config refers to secrets in apiserver
}
defer cleanup()
}
kclient, err := client.DefaultClient(airconfig.LoadedConfigPath(), kubeconfig)
if err != nil {
// ignore error here and return an error later if encryption
// config refers to secrets in apiserver
}
return decrypt(airconfig, kclient, srcPath, dstPath)
}
func decrypt(airconfig *config.Config, kclient client.Interface, srcPath string, dstPath string) error {
encryptionConfig, encryptionConfigErr := airconfig.CurrentContextEncryptionConfig()
if encryptionConfigErr != nil {
return encryptionConfigErr
}
if srcPath == "" {
helper, err := phase.NewHelper(airconfig)
if err != nil {
return err
}
srcPath = helper.PhaseRoot()
}
if dstPath == "" {
dstPath = srcPath
}
options := &sops.Options{
KeySecretName: encryptionConfig.KeySecretName,
KeySecretNamespace: encryptionConfig.KeySecretNamespace,
EncryptionKeyPath: encryptionConfig.EncryptionKeyPath,
DecryptionKeyPath: encryptionConfig.DecryptionKeyPath,
}
sopsClient, err := sops.NewClient(kclient, options)
if err != nil {
return err
}
fs := document.NewDocumentFs()
if fs.IsDir(srcPath) {
absPath, _, pathErr := fs.CleanedAbs(srcPath)
if pathErr != nil {
return pathErr
}
// iterate through all files recursively and check if the directory
// contains any secret objects with encrypt annotation
err = fs.Walk(absPath.String(), func(encryptedFilePath string, info os.FileInfo, err error) error {
decryptedFilePath := filepath.Join(dstPath, filepath.Base(info.Name()))
if info.IsDir() {
return nil
}
if _, err = sopsClient.Decrypt(encryptedFilePath, decryptedFilePath); err != nil {
return err
}
return nil
})
return err
}
_, err = sopsClient.Decrypt(srcPath, dstPath)
return err
}

108
pkg/secret/decrypt_test.go Normal file
View File

@ -0,0 +1,108 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secret
import (
"io/ioutil"
"os"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/k8s/client/fake"
"opendev.org/airship/airshipctl/testutil"
)
const (
qualifiedEncryptedSecret = "testdata/secrets/decryption/qualified-encrypted-secret.yaml"
encryptionKey = "testdata/encryption.pub"
decryptionKey = "testdata/decryption.key"
currentContext = "def_ephemeral"
testEncryptionConfig = "test"
testManifest = "test"
)
func TestDecrypt(t *testing.T) {
defer deleteGpgKeys()
cfg, _ := testutil.InitConfig(t)
cfg.CurrentContext = currentContext
cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
EncryptionKeyFileSource: config.EncryptionKeyFileSource{
DecryptionKeyPath: decryptionKey,
EncryptionKeyPath: encryptionKey,
},
}
ctx, err := cfg.GetContext(currentContext)
ctx.EncryptionConfig = testEncryptionConfig
require.NoError(t, err)
tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-invalid-public-key")
require.NoError(t, err)
defer os.Remove(tmpFile.Name())
err = decrypt(cfg, fake.NewClient(), qualifiedEncryptedSecret, tmpFile.Name())
assert.NoError(t, err)
}
func TestDecryptWithContextPath(t *testing.T) {
defer deleteGpgKeys()
cfg, _ := testutil.InitConfig(t)
cfg.CurrentContext = currentContext
cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
EncryptionKeyFileSource: config.EncryptionKeyFileSource{
DecryptionKeyPath: decryptionKey,
EncryptionKeyPath: encryptionKey,
},
}
manifest := &config.Manifest{
TargetPath: "testdata/secrets/decryption/",
MetadataPath: "metadata.yaml",
Repositories: map[string]*config.Repository{"primary": testutil.DummyRepository()},
PhaseRepositoryName: "primary",
}
if cfg.Manifests == nil {
cfg.Manifests = make(map[string]*config.Manifest)
}
cfg.Manifests[testManifest] = manifest
ctx, err := cfg.GetCurrentContext()
ctx.EncryptionConfig = testEncryptionConfig
ctx.Manifest = testManifest
require.NoError(t, err)
err = decrypt(cfg, fake.NewClient(), "", "")
assert.NoError(t, err)
}
func TestDecryptInvalidPrivateKey(t *testing.T) {
defer deleteGpgKeys()
cfg, _ := testutil.InitConfig(t)
cfg.CurrentContext = currentContext
cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
EncryptionKeyFileSource: config.EncryptionKeyFileSource{
DecryptionKeyPath: "dummy",
EncryptionKeyPath: "testdata/encryption.pub",
},
}
ctx, err := cfg.GetContext(currentContext)
ctx.EncryptionConfig = testEncryptionConfig
require.NoError(t, err)
tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-invalid-public-key")
require.NoError(t, err)
defer os.Remove(tmpFile.Name())
err = decrypt(cfg, fake.NewClient(), qualifiedEncryptedSecret, tmpFile.Name())
assert.Error(t, err)
}

156
pkg/secret/encrypt.go Normal file
View File

@ -0,0 +1,156 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secret
import (
"io/ioutil"
"os"
"path/filepath"
"k8s.io/apimachinery/pkg/api/meta"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/yaml"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/document"
"opendev.org/airship/airshipctl/pkg/k8s/client"
kcfg "opendev.org/airship/airshipctl/pkg/k8s/kubeconfig"
"opendev.org/airship/airshipctl/pkg/phase"
"opendev.org/airship/airshipctl/pkg/secret/sops"
)
const (
encryptionFilterAnnotationKey = "airshipit.org/encrypt"
)
// Encrypt encrypts all plaintext files in the srcPath and writes encrypted files into dstPath
func Encrypt(airconfig *config.Config, kubeconfig string,
srcPath string, dstPath string) error {
var cleanup kcfg.Cleanup
var err error
if kubeconfig == "" {
kubeConfig := kcfg.NewBuilder().Build()
kubeconfig, cleanup, err = kubeConfig.GetFile()
if err != nil {
// ignore error here and return an error later if encryption
// config refers to secrets in apiserver
}
defer cleanup()
}
kclient, err := client.DefaultClient(airconfig.LoadedConfigPath(), kubeconfig)
if err != nil {
// ignore error here and return an error later if encryption
// config refers to secrets in apiserver
}
return encrypt(airconfig, kclient, srcPath, dstPath)
}
func encrypt(airconfig *config.Config, kclient client.Interface, srcPath string, dstPath string) error {
encryptionConfig, encryptionConfigErr := airconfig.CurrentContextEncryptionConfig()
if encryptionConfigErr != nil {
return encryptionConfigErr
}
if srcPath == "" {
helper, err := phase.NewHelper(airconfig)
if err != nil {
return err
}
srcPath = helper.PhaseRoot()
}
if dstPath == "" {
dstPath = srcPath
}
options := &sops.Options{
KeySecretName: encryptionConfig.KeySecretName,
KeySecretNamespace: encryptionConfig.KeySecretNamespace,
EncryptionKeyPath: encryptionConfig.EncryptionKeyPath,
DecryptionKeyPath: encryptionConfig.DecryptionKeyPath,
}
sopsClient, err := sops.NewClient(kclient, options)
if err != nil {
return err
}
// if from file is directory
fs := document.NewDocumentFs()
if fs.IsDir(srcPath) {
absPath, _, pathErr := fs.CleanedAbs(srcPath)
if pathErr != nil {
return pathErr
}
// iterate through all files recursively and check if the directory
// contains any secret objects with encrypt annotation
err = fs.Walk(absPath.String(), func(plainTextFilePath string, info os.FileInfo, err error) error {
if info.IsDir() {
return nil
}
// check if the file is a secret yaml
if isValidSecret(plainTextFilePath) {
encryptedFilePath := filepath.Join(dstPath, filepath.Base(info.Name()))
// check if the secret has an annotation to encrypt, if not skip
// when a directory option is passed, in place takes effect
if _, err = sopsClient.Encrypt(plainTextFilePath, encryptedFilePath); err != nil {
return err
}
}
return nil
})
return err
}
if !isValidSecret(srcPath) {
return nil
}
_, err = sopsClient.Encrypt(srcPath, dstPath)
return err
}
// checks if the file passed is a secret object that has to be encrypted or decrypted
func isValidSecret(fileName string) bool {
contents, err := ioutil.ReadFile(fileName)
if err != nil {
return false
}
jsonContents, err := yaml.ToJSON(contents)
if err != nil {
return false
}
object, err := runtime.Decode(unstructured.UnstructuredJSONScheme, jsonContents)
if err != nil {
return false
}
accessor, err := meta.Accessor(object)
if err != nil {
return false
}
if accessor.GetAnnotations() != nil {
if value, ok := accessor.GetAnnotations()[encryptionFilterAnnotationKey]; ok && value == "true" {
return true
}
}
return false
}

125
pkg/secret/encrypt_test.go Normal file
View File

@ -0,0 +1,125 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secret
import (
"io/ioutil"
"os"
"os/exec"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/k8s/client/fake"
"opendev.org/airship/airshipctl/testutil"
)
const (
qualifiedDecryptedFile = "testdata/secrets/encryption/qualified-decrypted-secret.yaml"
keyID = "681E3A89EB1DAFD36EB883120A73BB48E26694D8"
)
func TestEncrypt(t *testing.T) {
defer deleteGpgKeys()
cfg, _ := testutil.InitConfig(t)
cfg.CurrentContext = currentContext
cfg.EncryptionConfigs["test"] = &config.EncryptionConfig{
EncryptionKeyFileSource: config.EncryptionKeyFileSource{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/encryption.pub",
},
}
ctx, err := cfg.GetContext(currentContext)
require.NoError(t, err)
ctx.EncryptionConfig = testEncryptionConfig
tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt")
require.NoError(t, err)
defer os.Remove(tmpFile.Name())
err = encrypt(cfg, fake.NewClient(), qualifiedDecryptedFile, tmpFile.Name())
assert.NoError(t, err)
}
func TestEncryptWithContextPath(t *testing.T) {
defer deleteGpgKeys()
cfg, _ := testutil.InitConfig(t)
cfg.CurrentContext = currentContext
cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
EncryptionKeyFileSource: config.EncryptionKeyFileSource{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/encryption.pub",
},
}
manifest := &config.Manifest{
TargetPath: "testdata/secrets/encryption/",
MetadataPath: "metadata.yaml",
Repositories: map[string]*config.Repository{"primary": testutil.DummyRepository()},
PhaseRepositoryName: "primary",
}
if cfg.Manifests == nil {
cfg.Manifests = make(map[string]*config.Manifest)
}
cfg.Manifests[testManifest] = manifest
ctx, err := cfg.GetCurrentContext()
require.NoError(t, err)
ctx.EncryptionConfig = testEncryptionConfig
ctx.Manifest = testManifest
dir, err := ioutil.TempDir("/tmp/", "encrypt-context-path")
require.NoError(t, err)
defer os.RemoveAll(dir)
err = encrypt(cfg, fake.NewClient(), "", dir)
assert.NoError(t, err)
}
func TestEncryptInvalidPublicKey(t *testing.T) {
defer deleteGpgKeys()
cfg, _ := testutil.InitConfig(t)
cfg.CurrentContext = currentContext
cfg.EncryptionConfigs[testEncryptionConfig] = &config.EncryptionConfig{
EncryptionKeyFileSource: config.EncryptionKeyFileSource{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/decryption.key",
},
}
ctx, err := cfg.GetContext(currentContext)
require.NoError(t, err)
ctx.EncryptionConfig = testEncryptionConfig
tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-invalid-public-key")
require.NoError(t, err)
defer os.Remove(tmpFile.Name())
err = encrypt(cfg, fake.NewClient(), qualifiedDecryptedFile, tmpFile.Name())
assert.Error(t, err)
}
func deleteGpgKeys() {
gpgCmd := exec.Command("gpg", "--delete-secret-keys", "--batch", "--yes", keyID)
if err := gpgCmd.Run(); err != nil {
// best effort to delete the secret keys
return
}
gpgCmd = exec.Command("gpg", "--delete-keys", "--batch", "--yes", keyID)
if err := gpgCmd.Run(); err != nil {
// best effort to delete the secret keys
return
}
return
}

332
pkg/secret/sops/sops.go Normal file
View File

@ -0,0 +1,332 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sops
import (
"bufio"
"bytes"
"fmt"
"io/ioutil"
"os"
"os/exec"
"path/filepath"
"time"
"go.mozilla.org/sops/v3"
"go.mozilla.org/sops/v3/aes"
"go.mozilla.org/sops/v3/cmd/sops/common"
"go.mozilla.org/sops/v3/keys"
"go.mozilla.org/sops/v3/keyservice"
"go.mozilla.org/sops/v3/pgp"
"golang.org/x/crypto/openpgp"
"golang.org/x/crypto/openpgp/packet"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/yaml"
"opendev.org/airship/airshipctl/pkg/k8s/client"
)
const (
tempEncryptionKeyFile = "/tmp/encryption-key.pri"
encryptionRegexAnnotationKey = "airshipit.org/encryption-regex"
encryptionFilterAnnotationKey = "airshipit.org/encrypt"
)
// Options holds the key information used to encrypt and decrypt secrets using Sops
type Options struct {
KeySecretName string
KeySecretNamespace string
EncryptionKeyPath string
DecryptionKeyPath string
}
// Client is an interface that is used to encrypt and decrypt secrets
type Client interface {
// Encrypt reads plain text secrets from srcPath and writes encrypted secrets to dstPath
Encrypt(srcPath string, dstPath string) ([]byte, error)
// Decrypt reads encrypted secrets from srcPath and writes plain text secrets to dstPath
Decrypt(srcPath string, dstPath string) ([]byte, error)
}
// localGpg implements Client with local gpg keys for encryption and decryption
type localGpg struct {
*Options
kclient client.Interface
publicKey []byte
privateKey []byte
}
// NewClient returns a localGpg Client implementation
func NewClient(kclient client.Interface, options *Options) (Client, error) {
client := &localGpg{
kclient: kclient,
Options: options,
}
err := client.initializeKeys()
return client, err
}
func (lg *localGpg) initializeKeys() error {
var publicKey, privateKey []byte
var err error
if lg.DecryptionKeyPath == "" && lg.EncryptionKeyPath == "" {
// retrieve sops keys from the apiserver
if lg.kclient == nil {
return fmt.Errorf("kube client not initialized")
}
secret, apiErr := lg.getSecretFromAPI(lg.KeySecretName, lg.KeySecretNamespace)
if apiErr != nil {
return err
}
privateKey = secret.Data["pri_key"]
publicKey = secret.Data["pub_key"]
} else {
// load the keys from disk
if lg.DecryptionKeyPath != "" {
privateKey, err = ioutil.ReadFile(lg.DecryptionKeyPath)
if err != nil {
return err
}
}
if lg.EncryptionKeyPath != "" {
publicKey, err = ioutil.ReadFile(lg.EncryptionKeyPath)
if err != nil {
return err
}
}
}
lg.publicKey = publicKey
lg.privateKey = privateKey
if len(lg.privateKey) > 0 {
// import the key locally
if err := lg.importGpgKeyPairLocally(); err != nil {
return err
}
}
return nil
}
func (lg *localGpg) importGpgKeyPairLocally() error {
tmpPriKeyFileName := fmt.Sprintf(tempEncryptionKeyFile)
if err := writeFile(tmpPriKeyFileName, lg.privateKey); err != nil {
return err
}
defer func() {
os.Remove(tmpPriKeyFileName)
}()
gpgCmd := exec.Command("gpg", "--import", tmpPriKeyFileName)
err := gpgCmd.Run()
if err != nil {
return err
}
// gpg --export-secret-keys >~/.gnupg/secring.gpg
// make this work with gpg1 as well for linux
homeDir, err := os.UserHomeDir()
if err != nil {
return err
}
gpgSecretImportCmd := exec.Command("gpg", "--export-secret-keys")
secringBytes, err := gpgSecretImportCmd.Output()
if err != nil {
return err
}
err = ioutil.WriteFile(filepath.Join(homeDir, ".gnupg", "secring.gpg"), secringBytes, 0600)
return err
}
func (lg *localGpg) Encrypt(fromFile string, toFile string) ([]byte, error) {
groups, err := lg.getKeyGroup(lg.publicKey)
if err != nil {
return nil, err
}
store := common.DefaultStoreForPath(fromFile)
fileBytes, err := ioutil.ReadFile(fromFile)
if err != nil {
return nil, fmt.Errorf("error reading file: %s", err)
}
branches, err := store.LoadPlainFile(fileBytes)
if err != nil {
return nil, err
}
if err = lg.ensureNoMetadata(branches[0]); err != nil {
// do not return error to keep this function idempotent
// ensureNoMetadata will return an error if the file is already encrypted
return nil, nil
}
// get encryption regex
encryptionRegex, err := getEncryptionRegex(fileBytes)
if err != nil || encryptionRegex == "" {
encryptionRegex = "^data"
} else if encryptionRegex != "" {
encryptionRegex = "^data|" + encryptionRegex
}
tree := sops.Tree{
Branches: branches,
Metadata: sops.Metadata{
KeyGroups: groups,
Version: "3.6.0",
EncryptedRegex: encryptionRegex,
},
FilePath: fromFile,
}
keySvc := keyservice.NewLocalClient()
dataKey, errors := tree.GenerateDataKeyWithKeyServices([]keyservice.KeyServiceClient{keySvc})
if len(errors) > 0 {
return nil, fmt.Errorf("%s", errors)
}
if err = common.EncryptTree(common.EncryptTreeOpts{
Tree: &tree,
Cipher: aes.NewCipher(),
DataKey: dataKey,
}); err != nil {
return nil, err
}
dstStore := common.DefaultStoreForPath(toFile)
output, err := dstStore.EmitEncryptedFile(tree)
if err != nil {
return nil, err
}
if toFile != "" {
err = ioutil.WriteFile(toFile, output, 0600)
if err != nil {
return nil, err
}
}
return output, nil
}
func (lg *localGpg) Decrypt(fromFile string, toFile string) ([]byte, error) {
keySvc := keyservice.NewLocalClient()
tree, err := common.LoadEncryptedFileWithBugFixes(common.GenericDecryptOpts{
Cipher: aes.NewCipher(),
InputStore: common.DefaultStoreForPath(fromFile),
InputPath: fromFile,
KeyServices: []keyservice.KeyServiceClient{keySvc},
})
if err != nil && err.Error() == sops.MetadataNotFound.Error() {
return nil, nil
} else if err != nil {
return nil, err
}
if _, err = common.DecryptTree(common.DecryptTreeOpts{
Tree: tree,
KeyServices: []keyservice.KeyServiceClient{keySvc},
Cipher: aes.NewCipher(),
}); err != nil {
return nil, err
}
dstStore := common.DefaultStoreForPath(toFile)
output, err := dstStore.EmitPlainFile(tree.Branches)
if err != nil {
return nil, err
}
if toFile != "" {
if err = writeFile(toFile, output); err != nil {
return nil, err
}
}
return output, nil
}
// Config for generating keys.
type Config struct {
packet.Config
// Expiry is the duration that the generated key will be valid for.
Expiry time.Duration
}
// Key represents an OpenPGP key.
type Key struct {
openpgp.Entity
}
func (lg *localGpg) getSecretFromAPI(name string, namespace string) (*corev1.Secret, error) {
return lg.kclient.ClientSet().CoreV1().Secrets(namespace).Get(name, metav1.GetOptions{})
}
func (lg *localGpg) getKeyGroup(publicKeyBytes []byte) ([]sops.KeyGroup, error) {
b := bytes.NewReader(publicKeyBytes)
bufferedReader := bufio.NewReader(b)
entities, err := openpgp.ReadArmoredKeyRing(bufferedReader)
if err != nil {
return nil, err
}
fingerprint := fmt.Sprintf("%X", entities[0].PrimaryKey.Fingerprint[:])
pgpKeys := make([]keys.MasterKey, 1)
for index, k := range pgp.MasterKeysFromFingerprintString(fingerprint) {
pgpKeys[index] = k
}
var group sops.KeyGroup
group = append(group, pgpKeys...)
return []sops.KeyGroup{group}, nil
}
func (lg *localGpg) ensureNoMetadata(branch sops.TreeBranch) error {
for _, b := range branch {
if b.Key == "sops" {
return fmt.Errorf("file already encrypted")
}
}
return nil
}
func writeFile(path string, content []byte) error {
return ioutil.WriteFile(path, content, 0600)
}
func getEncryptionRegex(yamlContent []byte) (string, error) {
jsonContents, err := yaml.ToJSON(yamlContent)
if err != nil {
return "", err
}
object, err := runtime.Decode(unstructured.UnstructuredJSONScheme, jsonContents)
if err != nil {
return "", err
}
accessor, err := meta.Accessor(object)
if err != nil {
return "", err
}
if accessor.GetAnnotations() != nil &&
accessor.GetAnnotations()[encryptionFilterAnnotationKey] == "true" &&
accessor.GetAnnotations()[encryptionRegexAnnotationKey] != "" {
return accessor.GetAnnotations()[encryptionRegexAnnotationKey], nil
}
return "", nil
}

211
pkg/secret/sops/sops_test.go Normal file
View File

@ -0,0 +1,211 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sops_test
import (
"fmt"
"io/ioutil"
"os"
"os/exec"
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"opendev.org/airship/airshipctl/pkg/secret/sops"
)
const (
qualifiedEncryptedFile = "testdata/secrets/qualified-encrypted-secret.yaml"
qualifiedDecryptedFile = "testdata/secrets/qualified-decrypted-secret.yaml"
qualifiedDecryptedFileWithRegex = "testdata/secrets/qualified-decrypted-secret-with-regex.yaml"
invalidYamlDecryptedFile = "testdata/secrets/qualified-decrypted-invalid-yaml.yaml"
missingMetadataEncryptedFile = "testdata/secrets/qualified-encrypted-secret-missing-metadata.yaml"
keyID = "681E3A89EB1DAFD36EB883120A73BB48E26694D8"
)
func TestEncrypt(t *testing.T) {
defer deleteGpgKeys()
options := &sops.Options{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/encryption.pub",
}
sopsClient, err := sops.NewClient(nil, options)
assert.NoError(t, err)
tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-*.yaml")
require.NoError(t, err)
defer os.Remove(tmpFile.Name())
_, err = sopsClient.Encrypt(qualifiedDecryptedFile, tmpFile.Name())
assert.NoError(t, err)
}
func TestEncryptInvalidKey(t *testing.T) {
defer deleteGpgKeys()
options := &sops.Options{
DecryptionKeyPath: "testdata/decryption.pub",
EncryptionKeyPath: "testdata/encryption.key",
}
sopsClient, err := sops.NewClient(nil, options)
assert.Error(t, err)
tmpFile, err := ioutil.TempFile("/tmp/", "test-encrypt-invalid-key-")
require.NoError(t, err)
defer os.Remove(tmpFile.Name())
_, err = sopsClient.Encrypt(qualifiedDecryptedFile, tmpFile.Name())
assert.Error(t, err)
}
func TestEncryptInvalidSourceFile(t *testing.T) {
defer deleteGpgKeys()
options := &sops.Options{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/encryption.pub",
}
sopsClient, err := sops.NewClient(nil, options)
assert.NoError(t, err)
_, err = sopsClient.Encrypt("/invalidFile", "")
assert.Error(t, err)
}
func TestEncryptInvalidYaml(t *testing.T) {
defer deleteGpgKeys()
options := &sops.Options{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/encryption.pub",
}
sopsClient, err := sops.NewClient(nil, options)
assert.NoError(t, err)
_, err = sopsClient.Encrypt(invalidYamlDecryptedFile, "")
assert.Error(t, err)
}
func TestEncryptWithRegex(t *testing.T) {
defer deleteGpgKeys()
options := &sops.Options{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/encryption.pub",
}
sopsClient, err := sops.NewClient(nil, options)
assert.NoError(t, err)
_, err = sopsClient.Encrypt(qualifiedDecryptedFileWithRegex, "")
assert.NoError(t, err)
}
func TestDecrypt(t *testing.T) {
defer deleteGpgKeys()
options := &sops.Options{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/encryption.pub",
}
sopsClient, err := sops.NewClient(nil, options)
assert.NoError(t, err)
tmpFile, err := ioutil.TempFile("/tmp/", "test-decrypt-*.yaml")
require.NoError(t, err)
defer os.Remove(tmpFile.Name())
_, err = sopsClient.Decrypt(qualifiedEncryptedFile, tmpFile.Name())
assert.NoError(t, err)
}
func TestDecryptInvalidKey(t *testing.T) {
defer deleteGpgKeys()
options := &sops.Options{
DecryptionKeyPath: "testdata/decryption.pub",
EncryptionKeyPath: "testdata/encryption.key",
}
sopsClient, err := sops.NewClient(nil, options)
require.Error(t, err)
tmpFile, err := ioutil.TempFile("/tmp/", "test-decrypt-invalid-key-*.yaml")
require.NoError(t, err)
defer os.Remove(tmpFile.Name())
_, err = sopsClient.Decrypt(qualifiedEncryptedFile, tmpFile.Name())
assert.Error(t, err)
}
func TestDecryptInvalidSrc(t *testing.T) {
defer deleteGpgKeys()
options := &sops.Options{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/encryption.pub",
}
sopsClient, err := sops.NewClient(nil, options)
assert.NoError(t, err)
_, err = sopsClient.Decrypt("dummy", "dummy")
assert.Error(t, err)
}
func TestDecryptMissingMetadata(t *testing.T) {
defer deleteGpgKeys()
options := &sops.Options{
DecryptionKeyPath: "testdata/decryption.key",
EncryptionKeyPath: "testdata/encryption.pub",
}
sopsClient, err := sops.NewClient(nil, options)
assert.NoError(t, err)
tmpFile, err := ioutil.TempFile("/tmp/", "test-decrypt-missing-metadata-*.yaml")
require.NoError(t, err)
defer os.Remove(tmpFile.Name())
_, err = sopsClient.Decrypt(missingMetadataEncryptedFile, tmpFile.Name())
assert.Error(t, err)
}
func deleteGpgKeys() {
gpgCmd := exec.Command("gpg", "--delete-keys", "--batch", "--yes", keyID)
if _, err := gpgCmd.Output(); err != nil {
fmt.Printf("error deleting key: %s\n", err)
}
gpgCmd = exec.Command("gpg", "--delete-secret-keys", "--batch", "--yes", keyID)
if _, err := gpgCmd.Output(); err != nil {
fmt.Printf("error deleting secret key: %s\n", err)
}
homeDir, err := os.UserHomeDir()
if err != nil {
fmt.Printf("error getting home dir: %s\n", err)
return
}
secRingFile := filepath.Join(homeDir, ".gnupg", "secring.gpg")
gpgCmd = exec.Command("rm", secRingFile)
if _, err := gpgCmd.Output(); err != nil {
fmt.Printf("error deleting secring: %s\n", err)
}
return
}

BIN
pkg/secret/sops/testdata/decryption.key vendored Normal file
View File

Binary file not shown.

30
pkg/secret/sops/testdata/encryption.pub vendored Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF8/fucBCADZ8awLsST/mVY9ZsMA3bRtZD1il9ayq+ydPXIwmQ3QMdc5r8P7
KTnu2HDM+bvvowL4sHVnMWj6Obo6hfLlxuM0a5cz+zHAalW6b2H01e7TQA3DTwox
43xpiqX9wiPBwn1EM82ZQH/XSEDcSapo5uGugutN1ef/f63BRqh74SvkVKhTyHcO
Rj4/oYh7aU0DIvoXSOqpPl6oy7HKFf2ITqiKkSOE4I1lscVdkZPvp/cR++D06cbz
pXRxZSvCh16qSM+tJDGglN/oQnDCuughtssZBznn4+ZEVoBkAJxS03AJ+lxwYxoo
q3qokchhNNptg/UGT4wZh1bEZpNP/sbFcLjHABEBAAG0HURvY2tlciA8RG9ja2Vy
QGNsdXN0ZXIubG9jYWw+iQFUBBMBCAA+FiEEaB46iesdr9NuuIMSCnO7SOJmlNgF
Al8/fucCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQCnO7SOJm
lNgj/gf/VJ4oQyCdI3d+/26AUkgYWHFSXfatsh9vodJuhU2VrI30O1bCiLH9qPVW
590MoIRNwN4ZZgq66cGPVDomvaWNWfKNfwm009NqOooKa77fXMSGairLBsAppasN
CkpUFLt/bnPJAHWIqVMBePkwIKcdusDt0ehMUVoeQJyrpi2nQa2x6Le5kzfRIZBJ
9jmEuR9yRmS2hhk/wZKuGc/fbp1jYDTgS5pK3zPF0zuLWFQit2PmNJrgxyxH8TbC
pXSc6gHBlen/BzVMRz9Kbbu9U7BCSe5WLATBmaSmv1Am8QjhLIj8R8XPxBmL6bhL
VehAHKT5pcr2bUR0gYAN2AoBhrYBILkBDQRfP37nAQgAuPMF9miLLkN0/wDF8/UI
bnfihNtpA58lrYW2N0i/3p9xn/9Ife3ofXX5I13VNp0NgUMohR3PfzHqylm7do+M
5EQcRKV04dhmreQJirHDrEfUCaAesTtd9C5ds/p0wRzyJPTf/YSb3lZ2Lf7vMrfy
BSl6TcSnXjXcyyHElt7DdE+bYuXdQSiejgJwT0yxb8sb7+Ho+yBGfdb0B4dAi9qS
KctvDh5KnJMExf+fLDK4LUwwyss1lccPDHK6GiEo+2ZQ4DcgcoiiYbUu33VRcK/O
OhhTfXJ1UOB4rAKXlY/qCzYBYYhzjk4bQdlqUF0uezYXy5HvZ2S/ZFvoERo9soDd
UQARAQABiQE8BBgBCAAmFiEEaB46iesdr9NuuIMSCnO7SOJmlNgFAl8/fucCGwwF
CQPCZwAACgkQCnO7SOJmlNj4/gf/ckQaZtlO5qxIDeYp+qIXvr/aFOt4Y5ukZAbG
wjh9WIUpbmb6oOW/uKj/nl8P1VSVwTr89476Pb2F34FnGxp6sZmLq3wvksuzi1Rg
RCHEyxBcJPS/X/Ua4qklwl5F3IGYy9RRR4MlQDqAf5wm3Lw+jk1RDW2m5pt4jzSH
v52ZF2Low0tLZu8O5fm4VW5oQGZtMwZrNRL1CNDurLuALV5JU5xcb2snyj0s2PaU
rTAxcQtJDjxd/nBx+zpwr4DsEWEne8WRd011qsSSYi/83f0Tl2VwsVPVBp3EFMjm
Qnc8800GZVVHZiq+YrwmdDXO3Lk3kdKXED6bLW+nVzx4REJDnw==
=/eQ3
-----END PGP PUBLIC KEY BLOCK-----

3
pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-secret.yaml vendored Normal file
View File

@ -0,0 +1,3 @@
data:
username: bXktYXBw
password: Mzk1MjgkdmRnN0pi

3
pkg/secret/sops/testdata/secrets/qualified-decrypted-invalid-yaml.yaml vendored Normal file
View File

@ -0,0 +1,3 @@
data: hello
username: bXktYXBw
password: Mzk1MjgkdmRnN0pi

10
pkg/secret/sops/testdata/secrets/qualified-decrypted-secret-with-regex.yaml vendored Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: test-secret
annotations:
airshipit.org/encrypt: "true"
airshipit.org/encryption-regex: "^password"
data:
username: bXktYXBw
password: Mzk1MjgkdmRnN0pi

9
pkg/secret/sops/testdata/secrets/qualified-decrypted-secret.yaml vendored Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: test-secret
annotations:
airshipit.org/encrypt: "true"
data:
username: bXktYXBw
password: Mzk1MjgkdmRnN0pi

9
pkg/secret/sops/testdata/secrets/qualified-encrypted-secret-no-metadata.yaml vendored Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: test-secret
annotations:
airshipit.org/encrypt: "true"
data:
username: ENC[AES256_GCM,data:+TMyICt6MRI=,iv:7IjbAU60OSj5A6UUSSPWi4Dwq4FV3jTRM6mSVASMqIY=,tag:tv3f5brnkfUXvHBd0FdtCw==,type:str]
password: ENC[AES256_GCM,data:hZKQZaO0mFksUeuKWClR9g==,iv:dO92fSV9Kq+UhoqqP/hagjLVDmYggJRbstxM/3pl0BQ=,tag:eN/0kpPuCkqCSSwf3Qr+4A==,type:str]

34
pkg/secret/sops/testdata/secrets/qualified-encrypted-secret.yaml vendored Normal file
View File

@ -0,0 +1,34 @@
apiVersion: v1
kind: Secret
metadata:
name: test-secret
annotations:
airshipit.org/encrypt: "true"
data:
username: ENC[AES256_GCM,data:z2Sq90zr2L4=,iv:LzkahTEI1suQv6DkQ/gVfoSEoOTFDkTjP8WQZNwbB8k=,tag:atJk7aZD3B3hcQ3ByK5YzQ==,type:str]
password: ENC[AES256_GCM,data:p1q3zocDYbYTel8AdIej3g==,iv:FRB/nWJWUXkw4jEvBqxqcmGyLzc/sKAFS0zRNoPrcXs=,tag:KV/Z8QpxtXl2yAJ3RAXYoA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
lastmodified: '2020-10-05T15:38:49Z'
mac: ENC[AES256_GCM,data:/3PB4c6fhm4TA3UsG+rsdIEA6Dv35DaLM+Ln11utUhH8kZ3nGpaqH4SpqMnwq23JaB862WnFQ32NUwe5gmamqJti6od4Vc9Cw4TFqY19gUJj6CZe27k6F64R9t6dXAMcOvrdsh80Ma61OtKOE6Ww5Kt5Ptiz+/+yX9pdnllzwbU=,iv:jN8pUZDoOTlip23JXEhNSFiGHMIjFHNQ9Aw8HgGKSDU=,tag:aXlp6TqjJDBrUOe+hnVwWg==,type:str]
pgp:
- created_at: '2020-10-05T15:38:48Z'
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA0Xswh95z+O7AQgAjEZVEckXmCfZZ4k4iEAAG2Pz5IPBzi1+p7q+jDI0Plvk
nZuoMdbXuG5yyb32xEok+GDYeHRUYpOrInY2v8sFz8ebh93GWKOPBqpmfwErxMCj
Ujj50VBFObw7d/+TS6akQEdkPktMJRP+FaGGPZljzPdIz7Z6Fx3Q2dzDFIwnoCBb
9E4i8D0M+BKpegHVqkpq4MEPzyJRClaZbw1kVBCYodyyOEkw44hT9+9Dr+JbPdZZ
Rx4g/81CTVmkC7vnZ87s9dqICTlqmMCuVtRcUA5vrfHL5w/phi2vgjoXSE6OdJwp
fh2nJ/nvJ1jFdO+z+DOAtbEJBKwj8iNsy39yChIGIdJeATVdcGzXoU7NfBURoPcy
kYdYJO0iM6sykDe7pCP9d7Hnyb3Yb2iS0C6axMXmfu2k5yXFoQctzm3wPk2Uogfg
r5vcmjnfViO69MH3JVMYuRv9hjcQWghCqeir8l0nag==
=pcEY
-----END PGP MESSAGE-----
fp: 681E3A89EB1DAFD36EB883120A73BB48E26694D8
encrypted_regex: ^data
version: 3.6.0

BIN
pkg/secret/testdata/decryption.key vendored Normal file
View File

Binary file not shown.

30
pkg/secret/testdata/encryption.pub vendored Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF8/fucBCADZ8awLsST/mVY9ZsMA3bRtZD1il9ayq+ydPXIwmQ3QMdc5r8P7
KTnu2HDM+bvvowL4sHVnMWj6Obo6hfLlxuM0a5cz+zHAalW6b2H01e7TQA3DTwox
43xpiqX9wiPBwn1EM82ZQH/XSEDcSapo5uGugutN1ef/f63BRqh74SvkVKhTyHcO
Rj4/oYh7aU0DIvoXSOqpPl6oy7HKFf2ITqiKkSOE4I1lscVdkZPvp/cR++D06cbz
pXRxZSvCh16qSM+tJDGglN/oQnDCuughtssZBznn4+ZEVoBkAJxS03AJ+lxwYxoo
q3qokchhNNptg/UGT4wZh1bEZpNP/sbFcLjHABEBAAG0HURvY2tlciA8RG9ja2Vy
QGNsdXN0ZXIubG9jYWw+iQFUBBMBCAA+FiEEaB46iesdr9NuuIMSCnO7SOJmlNgF
Al8/fucCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQCnO7SOJm
lNgj/gf/VJ4oQyCdI3d+/26AUkgYWHFSXfatsh9vodJuhU2VrI30O1bCiLH9qPVW
590MoIRNwN4ZZgq66cGPVDomvaWNWfKNfwm009NqOooKa77fXMSGairLBsAppasN
CkpUFLt/bnPJAHWIqVMBePkwIKcdusDt0ehMUVoeQJyrpi2nQa2x6Le5kzfRIZBJ
9jmEuR9yRmS2hhk/wZKuGc/fbp1jYDTgS5pK3zPF0zuLWFQit2PmNJrgxyxH8TbC
pXSc6gHBlen/BzVMRz9Kbbu9U7BCSe5WLATBmaSmv1Am8QjhLIj8R8XPxBmL6bhL
VehAHKT5pcr2bUR0gYAN2AoBhrYBILkBDQRfP37nAQgAuPMF9miLLkN0/wDF8/UI
bnfihNtpA58lrYW2N0i/3p9xn/9Ife3ofXX5I13VNp0NgUMohR3PfzHqylm7do+M
5EQcRKV04dhmreQJirHDrEfUCaAesTtd9C5ds/p0wRzyJPTf/YSb3lZ2Lf7vMrfy
BSl6TcSnXjXcyyHElt7DdE+bYuXdQSiejgJwT0yxb8sb7+Ho+yBGfdb0B4dAi9qS
KctvDh5KnJMExf+fLDK4LUwwyss1lccPDHK6GiEo+2ZQ4DcgcoiiYbUu33VRcK/O
OhhTfXJ1UOB4rAKXlY/qCzYBYYhzjk4bQdlqUF0uezYXy5HvZ2S/ZFvoERo9soDd
UQARAQABiQE8BBgBCAAmFiEEaB46iesdr9NuuIMSCnO7SOJmlNgFAl8/fucCGwwF
CQPCZwAACgkQCnO7SOJmlNj4/gf/ckQaZtlO5qxIDeYp+qIXvr/aFOt4Y5ukZAbG
wjh9WIUpbmb6oOW/uKj/nl8P1VSVwTr89476Pb2F34FnGxp6sZmLq3wvksuzi1Rg
RCHEyxBcJPS/X/Ua4qklwl5F3IGYy9RRR4MlQDqAf5wm3Lw+jk1RDW2m5pt4jzSH
v52ZF2Low0tLZu8O5fm4VW5oQGZtMwZrNRL1CNDurLuALV5JU5xcb2snyj0s2PaU
rTAxcQtJDjxd/nBx+zpwr4DsEWEne8WRd011qsSSYi/83f0Tl2VwsVPVBp3EFMjm
Qnc8800GZVVHZiq+YrwmdDXO3Lk3kdKXED6bLW+nVzx4REJDnw==
=/eQ3
-----END PGP PUBLIC KEY BLOCK-----

2
pkg/secret/testdata/secrets/decryption/manifests/metadata.yaml vendored Normal file
View File

@ -0,0 +1,2 @@
phase:
path: ""

9
pkg/secret/testdata/secrets/decryption/qualified-decrypted-secret.yaml vendored Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: test-secret
annotations:
airshipit.org/encrypt: "true"
data:
username: bXktYXBw
password: Mzk1MjgkdmRnN0pi

9
pkg/secret/testdata/secrets/decryption/qualified-encrypted-secret.yaml vendored Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: test-secret
annotations:
airshipit.org/encrypt: "true"
data:
username: bXktYXBw
password: Mzk1MjgkdmRnN0pi

2
pkg/secret/testdata/secrets/encryption/manifests/metadata.yaml vendored Normal file
View File

@ -0,0 +1,2 @@
phase:
path: ""

9
pkg/secret/testdata/secrets/encryption/qualified-decrypted-secret.yaml vendored Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: test-secret
annotations:
airshipit.org/encrypt: "true"
data:
username: bXktYXBw
password: Mzk1MjgkdmRnN0pi

34
pkg/secret/testdata/secrets/encryption/qualified-encrypted-secret.yaml vendored Normal file
View File

@ -0,0 +1,34 @@
apiVersion: v1
kind: Secret
metadata:
name: test-secret
annotations:
airshipit.org/encrypt: "true"
data:
username: ENC[AES256_GCM,data:mGzbHwXK7eg=,iv:HaGzz1M4qvUDc7L/Lzdb//bSBRd/BfC2O1tA6kqCU8c=,tag:QTkCtqN6duiGOnV06ieubQ==,type:str]
password: ENC[AES256_GCM,data:eiQt1Hp7wZCXMupCrMvwsQ==,iv:qo4TtuwJJAj5KV/fFpcvxIGmaX5hWCNPu7i6lo3QnqE=,tag:w/LB8kfRKQrDc5N8eBZhaA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
lastmodified: '2020-10-02T16:53:07Z'
mac: ENC[AES256_GCM,data:EX5USe77E2GGHs3osFmtHAIJqOFFMONpRg5k8qG92SVStBszCY/X3mnh1Eabc1jViUdxfH2v1Ki0nDozMGyZM/VOLbU4h1HI3z7a3k9SyslaJyTiy7k7HVhbQxadc+djGxnh6AXYyluh3cmfEQ3Eo/PU8w7gnwsnC4IMjpeahcY=,iv:HZGDl8hyAQwx3b2V27vhhHH9W6sNVYwhR0HfA6NcJQI=,tag:6WQ/RnTNGKRgYrYA566+vw==,type:str]
pgp:
- created_at: '2020-10-02T16:53:06Z'
enc: |
-----BEGIN PGP MESSAGE-----
hQEMA0Xswh95z+O7AQf6AwKVezvk53aboUjXfYXaeY9z2BuWtlmZrmJTm/UuTbTC
jS5aWboKyUj3iOzbdOXXtuKhF5SgqfKQcNDz/98p5KU+ZYKPgT883a1/UqH+trpo
ntYpzYC/CCXeIEZypIXgLqDbnaz4tB1+15ZESLBGIxIRSqjX4ofyRpnZaf77vO7y
0C3RFYAlo2sjoQDaH1gotPBdBbCgaOui4v4imYCU/NIhGX+HP2oAhOq7A0LcAGiF
6UpTVuyo5sm2jE8IYXUsizTdj8DPMy50Dl1sR7EhkGmg4nxGresRPBZPAoGBYfk4
am7UYyQDbKbSwjUwgVcwYZtA6HanZ3ABP1SbqwJvVdJeAYNIB9LzsVE2/2mGTJRU
b578RurdBvccttDOg4bIsSIVpFSwK6x9UWxo+dRpgzgw/zWFV3KTit0CBmjVGuq4
/VHwBz6R4acvNl3AqkM88lTemGEDxv17D+DyCuWORg==
=GYMw
-----END PGP MESSAGE-----
fp: 681E3A89EB1DAFD36EB883120A73BB48E26694D8
encrypted_regex: ^data
version: 3.6.0

6
testdata/k8s/config.yaml vendored
View File

@ -16,3 +16,9 @@ manifests:
tag: ""
url: https://opendev.org/airship/treasuremap
targetPath: /tmp/default
encryptionConfigs:
dummy_encryption_config:
decryptionKeyPath: /tmp/decryption.pub
encryptionKeyPath: /tmp/encryption.key
keySecretName: dummySecret
keySecretNamespace: dummyNamespace

42
testutil/testconfig.go
View File

@ -139,27 +139,6 @@ func DummyContextOptions() *config.ContextOptions {
return co
}
// DummyEncryptionConfig creates EncryptionConfigOptions object
// for unit testing
func DummyEncryptionConfig() *config.EncryptionConfig {
return &config.EncryptionConfig{
EncryptionKeyFileSource: config.EncryptionKeyFileSource{
EncryptionKeyPath: "/tmp/encryption.key",
DecryptionKeyPath: "/tmp/decryption.pub",
},
}
}
// DummyEncryptionConfigOptions creates ManifestOptions config object
// for unit testing
func DummyEncryptionConfigOptions() *config.EncryptionConfigOptions {
return &config.EncryptionConfigOptions{
Name: "dummy_encryption_config",
EncryptionKeyPath: "/tmp/encryption.key",
DecryptionKeyPath: "/tmp/decryption.pub",
}
}
// DummyManagementConfiguration creates a management configuration for unit testing
func DummyManagementConfiguration() *config.ManagementConfiguration {
return &config.ManagementConfiguration{
@ -184,6 +163,27 @@ func DummyManifestOptions() *config.ManifestOptions {
}
}
// DummyEncryptionConfig creates EncryptionConfigOptions object
// for unit testing
func DummyEncryptionConfig() *config.EncryptionConfig {
return &config.EncryptionConfig{
EncryptionKeyFileSource: config.EncryptionKeyFileSource{
EncryptionKeyPath: "/tmp/encryption.key",
DecryptionKeyPath: "/tmp/decryption.pub",
},
}
}
// DummyEncryptionConfigOptions creates ManifestOptions config object
// for unit testing
func DummyEncryptionConfigOptions() *config.EncryptionConfigOptions {
return &config.EncryptionConfigOptions{
Name: "dummy_encryption_config",
EncryptionKeyPath: "/tmp/encryption.key",
DecryptionKeyPath: "/tmp/decryption.pub",
}
}
const (
testConfigYAML = `apiVersion: airshipit.org/v1alpha1
contexts: